SolarWinds puts national cybersecurity strategy on display

SolarWinds is an IT software management company based in Austin, Texas. The cyber attack against the company began in 2019 when threat actors gained access to the company’s Orion platform, which includes IT management products widely used The threat actors installed “backdoors,” enabling access to computer systems that After coming to light in 2020, it was discovered that the breach affected thousands of organizations, although its full impact is still unknown. The attack is considered a supply chain attack because the infiltration of one company led to thousands of organizations being affected.

Biden identified Russia as the nation-state responsible for the SolarWinds attack. The economic sanctions against Russia, which were imposed for election interference as well as the SolarWinds attack, include sanctioning six technology companies that support Russian intelligence services as well as halting U.S. financial institutions from purchasing Russian bonds from the country’s central bank, national wealth fund and finance ministry. Russia has expelled U.S. diplomats in response to the sanctions, furthering strains between the two countries.

Kyle Hanslovan, founder and CEO of security platform provider Huntress and a former NSA cyber operator, said the restrictions on how Russia operates in the global financial markets will have strong impacts.

“When you choose to go after the financial infrastructure of a country, or its ability to operate on a global stage, that is a pretty strong signal that we’re not playing,” Hanslovan said.

Kelvin Coleman, executive director of the National Cyber Security Alliance, called the sanctions “significant” due to both the Biden administration officially blaming Russia for its role in the SolarWinds attack, but also rendering consequences where it hurts: Russia’s pocketbook. 

“If you’re Russia, you’d rather go through today’s global economy without sanctions coming from, still, what is the most powerful economy in the world,” he said. 

Coleman said the economic sanctions are but a first of many steps he expects to see the Biden administration take against Russia. 

“The national cybersecurity team is still coming together, which is why I say this is just the first step,” he said. “I think there could potentially be more action coming this year.”

ExtraHop’s Mukerji also said the sanctions were an “extraordinary step.”

However, he said, they won’t hamper Russia’s cybercapabilities. And, while the sanctions send a strong message that the U.S. won’t ignore malicious cyberactivities, what’s more effective than reactive sanctions are the proactive actions Biden has taken in conjunction with the sanctions, he added. 

For example, the U.S. Department of Energy launched a 100-day plan on April 20 to address cybersecurity risks to critical U.S. electricity infrastructure. The initiative, a collaboration with the electrical power industry and the Cybersecurity and Infrastructure Security Agency (CISA), aims to better secure the energy sector “The initiative underscores the heightened concerns that arose for the supply chain and infrastructure after SolarWinds,” Mukerji said. “Based in part on tactics used in that attack, the energy department is encouraging power plants and utilities providers to improve their network detection capabilities.”

Another step Biden has taken is creating and filling national cybersecurity positions with experienced cybersecurity leaders — including appointing former National Security Agency (NSA) cybersecurity director Anne Neuberger to the role of deputy national security adviser for cyber and emerging technology on the National Security Council. Neuberger is responsible for coordinating cybersecurity efforts for the federal government, including the recent response to SolarWinds.