That SolarWinds cyber attack about two years ago represented a new level of hacking sophistication and illustrated the need for the government and the private sector to work together to bolster the country’s online resilience, America’s top cyber defense official said Wednesday.
In a panel discussion at the RSA conference, CISA Director Jen Easterly referred to the attack that allowed Russian hackers Injecting malicious code throughout US IT was discovered by the private sector cybersecurity firm then known as FireEye, not the government. CISA is Cyber Security and Infrastructure security Agency, the federal agency responsible for protecting the country from cyber threats.
“We certainly can’t do it alone,” Easterly said. “Honestly, given that most of the infrastructure is owned by the private sector… Tech companies will see threats before the government does.”
The SolarWinds attack, which US intelligence agencies say likely originated in Russia, was Discovered in late 2020 but it is believed to have started at least as early as March of this year. Hackers broke into systems at IT software provider SolarWinds and injected malicious software into an update to the company’s popular Orion products.
Thousands of SolarWinds customers then installed the corrupted update, allowing the hackers to gain access to their systems. Federal agencies, big tech companies, and hospitals were among the targeted organizations, although SolarWinds claims few of those affected actually suffered harm. The Russian government has denied any involvement in the attack.
Sudhakar Ramakrishna, who was appointed CEO before the hack was discovered but only took on the role afterwards, said the company’s response to the “incredibly sophisticated and incredibly novel” attack was unusual because the company valued transparency. It was instantly on the ground, constantly collaborating with investigators and the government, and communicating with its customers and employees.
He added that there are no silver bullets for these types of attacks, but it’s an opportunity to learn how to improve security and respond better if something like this ever happens again.
Easterly said she thinks SolarWinds’ greatest lesson is that cybersecurity needs to be made a national priority, which she says.
“We also need to be able to communicate it in a way that people understand what they need to do to protect themselves,” she said, adding that sometimes the tech industry isn’t very good at the communication part.
SolarWinds Hack Shows Government, Private Sector Need to Collaborate on Security, CISA Head Says Source link SolarWinds Hack Shows Government, Private Sector Need to Collaborate on Security, CISA Head Says