SolarWinds - An epic hack exposed our national cybersecurity vulnerabilities
By Scott Tilley, ASCF Senior Felow
In my January 2021 “Technical Power” column, I discussed three topics of interest that could affect our national security more than any other year so far: cybersecurity, supply chains, and biomedical engineering. At the start of the COVID-19 pandemic, we experienced severe supply chain issues for items such as personal protective equipment (PPE). Several countries are still struggling with vaccine supply chains. More recently, many industry sectors (e.g., automotive) have been negatively affected by supply chain shortages related to semiconductors.
Unfortunately, we’ve already experienced the deleterious consequences of cybersecurity shortcomings on a grand scale. Ironically, this breach also involved supply chains – but the “supplies” are software products. I’m talking about the epic hack of SolarWinds.
SolarWinds is an Austin, Texas-based company that makes software products to help large-scale enterprises manage their computer networks. One of their products is called Orion, which the SolarWinds website describes as “a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environments.” Orion is reportedly used by over 18,000 customers, including numerous U.S. federal government agencies such as the Department of Justice, the State Department, the Treasury, and Homeland Security.
The Orion platform was hacked in March 2020. The hack was discovered by a leading cybersecurity firm called FireEye, which was investigating a breach of their own systems. They used Orion too. FireEye notified SolarWinds and the authorities, which led experts from Carnegie Mellon University’s Software Engineering Institute to become involved through their Community Emergency Response Team (CERT) and other cybersecurity divisions.
The hack was only discovered in December, which means the culprits behind the hack had access to Orion’s internal data for nearly ten months. In fact, the damage caused by the hack continues to this day, almost a year later. But it’s the scale of the attack that’s breathtaking: SolarWinds was hacked, but all 18,000 of their customers were made vulnerable.
This hack was a combination of a malware attack and a remote access trojan (RAT) attack. A malware attack is where malicious code is inserted into a program. A trojan is like a software version of the old Trojan Horse, where hackers can enter a computer network from anywhere on the globe. SolarWinds is also an advanced persistent threat (APT) attack, in which intruders illicitly gain access to a network and maintain a long-term presence undetected. CBS called SolarWinds “the most sophisticated cybersecurity attack in American history.”
The attack falls under the broad category of supply chain attacks because the hackers targeted one company to gain access to other companies that use the compromised company’s prod