Computer spies targeted control systems made by General Electric Co. and Siemens AG for water and energy companies since at least 2011, the Department of Homeland Security announced Wednesday.

The disclosure underscores the inherent risk of connecting public utilities to the Internet to make them more efficient. The software allows customers to use computers to control industrial machinery. Like anything online, if there is a way for the good guys to access it, the bad guys probably can as well.

DHS didn’t offer evidence of who is behind the hacking or their location.

There aren’t many reasons for why hackers would want to target industrial control systems, security researchers say. Since there isn’t much money to be made from stolen data, U.S. officials assume foreign spies are exploring the systems to see what damage could be done in the event of an international conflict. U.S. officials have acknowledged that American spies hack into foreign systems as well.

But the government memo mentions reports this month from private security companies that have tracked a suspected pro-Russian hacking group of using the same spy tool against the same GE and Siemens software at utility companies.