Recent US Govt (solarwinds) breach: A warning of the perils to critical infrastructures

The recent supply chain breach on SolarWinds discovered in mid-December 2020 is changing cybersecurity as we know it. The incident involved the SolarWinds Orion IT monitoring software being compromised by a Trojan malware program. The significance of this supply chain attack is that the malware program was leveraged to compromise client networks and exponentially increase the resulting damage or impact. This is different from traditional attacks that usually target individual companies, institutions, or assets where the attack’s impact or damage is contained.

Many U.S. government institutions and other businesses affected by the SolarWinds breach have undergone and are still undergoing the relentless, most potentially devastating cyber breach thus far. The attack is still being investigated and evaluated but it will take time to fully know the real extent. Preliminary assessment and research on this breach suggest that future attacks are poised to be massive and will affect every industry, and in particular critical infrastructures are at a greater risk.

Download this case study to know more about the supply chain breach on SolarWinds.

Author

Dr.Juan Pimentel

Juan Pimentel - Principal Cyber Security Consultant • Omnex Inc. Juan Pimentel, Omnex principal Cyber Security consultant. He is a member of the US technical Advisory Group for ISO 21448 and writer of the standard. He has extensive Engineering, Safety and Cybersecurity experience. He is also the author of many papers on the safety and security of automotive systems ranging from drive-by-wire systems to ADAS to automated vehicles. He has developed and conducted professional training courses on safeguarding process control systems, safety instrumented systems (SIS), protecting industrial systems including relevant standards (IEC 61508, IEC 61511, and ISO 26262)