The Department of Homeland Security (DHS) is investigating a ransomware attack on government contractor Johnson Controls International (JCI). The company holds contracts with clients in education, healthcare, the naval and transportation sectors, and with government agencies like the DHS and the Department of Defense.

The DHS intends to determine whether sensitive physical security information, such as floor plans, was compromised in the attack on JCI. Reportedly, the initial breach occurred at JCI’s Asia offices.

According to a public 8-K filing, JCI experienced “disruptions in portions of its internal information technology infrastructure and applications.” The company has reportedly been investigating the cybersecurity incident with assistance from leading external cybersecurity experts. JCI says most of its operations are unaffected. While the company plans for mitigation and workarounds, the incident is expected to continue to cause disruption to parts of its business operations.

The DHS is still trying to confirm whether or not personally identifiable information of DHS officials was leaked during the attack on JCI. Though there has been some online speculation, neither the DHS nor JCI have yet named a group responsible for the attacks.

During President Biden's term, his administration has called for tighter cybersecurity standards for government contractors like JCI. The Biden administration recently called for a standardized set of cybersecurity procurement requirements that work with unclassified federal information systems. As it stands, requirements are set by each individual agency.

SDM contacted Johnson Controls International, but the company did not provide any additional information besides what it had already provided.