US CISA Systems Breached: Cybersecurity Measures Under Review

March 9, 2024

In an unsettling development, two vital systems of the US Cybersecurity and Infrastructure Security Agency (CISA) were compromised earlier this year. The breach, which occurred in February, was first disclosed by Recorded Future News. As a result of the incident, the agency was compelled to shut down two of its key systems, according to a spokesperson for CISA and US officials privy to the situation, as reported by CNN.

One of the breached systems plays a pivotal role in enabling the exchange of cyber and physical security assessment tools among federal, state, and local officials. The other system contained data pertaining to the security assessment of chemical facilities. The compromised systems, as reported by Recorded Future News citing an informed source, were the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT). The CSAT harbors sensitive industrial data, including the Top Screen tool for high-risk chemical facilities, Site Security Plans, and the Security Vulnerability Assessments.

A representative from CISA, while speaking to Recorded Future News, revealed that the initial probe conducted by government experts pointed towards the exploitation of vulnerabilities in Ivanti products used by the agency. The spokesperson was quoted saying, “The impact was limited to two systems, which we immediately took offline. We continue to upgrade and modernize our systems, and there is no operational impact at this time,” further adding, “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

Interestingly, CISA had earlier issued warnings to US organizations about attacks exploiting vulnerabilities in Ivanti software. On February 1st, CISA directed federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. This marked the first such directive since its inception. Towards the end of February, CISA once again alerted organizations that threat actors were exploiting multiple vulnerabilities (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) in Ivanti Connect Secure and Policy Secure Gateways. However, the agency refrained from sharing specifics about the attack or attributing it to a particular threat actor. A CISA spokesperson, in conversation with CNN, assured that the security breach did not disrupt the agency's operations.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.