NoteTube

Seyfarth Webinar: Responding with Strength to the SolarWinds Attack
1:07:48

Seyfarth Webinar: Responding with Strength to the SolarWinds Attack

Seyfarth Shaw LLP

8 chapters8 takeaways12 key terms5 questions

Overview

This webinar features cybersecurity experts discussing the SolarWinds attack and its implications for businesses and government. The discussion covers the nature of the attack, the government's response, the role of corporate boards in cybersecurity oversight, and the importance of information sharing and vendor risk management. Experts also analyze the Biden administration's executive order on cybersecurity, emphasizing the need for a more robust and unified approach to national security in the face of increasingly sophisticated cyber threats. The overarching theme is the urgent need for improved preparedness and collaboration between the public and private sectors to address systemic cyber risks.

How was this?

Save this permanently with flashcards, quizzes, and AI chat

Chapters

  • The SolarWinds attack was a sophisticated cyberattack that compromised a widely used network management software, impacting numerous government agencies and Fortune 500 companies.
  • The attack likely originated from a Russian-based threat actor who infiltrated SolarWinds' systems through an Office 365 vector, embedding malicious code into software updates.
  • This compromised update was then distributed to approximately 18,000 SolarWinds customers, creating a widespread vulnerability.
  • The incident highlights the critical importance and difficulty of third-party vendor oversight and supply chain security.
Understanding the mechanics of the SolarWinds attack is crucial for recognizing the pervasive threat of supply chain compromises and the need for rigorous vendor security assessments.
A malicious update for SolarWinds' Orion software was pushed to thousands of customers, allowing attackers to gain access to their networks.
  • The U.S. government's response to cyber threats has evolved significantly, with a historical ambiguity in roles between the NSA, FBI, and DHS.
  • DHS has increasingly taken on responsibility for federal civilian cybersecurity, with enhanced authorities and funding, especially after incidents like the OPM hack.
  • The Biden administration has introduced a more centralized approach with a deputy director at the National Security Council and a congressionally mandated cyber coordinator.
  • The recent executive order aims to clarify roles, mandate information sharing, and improve federal cybersecurity practices.
The government's evolving structure and responsibilities are key to understanding how national cybersecurity efforts are coordinated and how agencies are being empowered to respond to threats.
DHS's development of programs like Continuous Diagnostics and Mitigation (CDM) and Einstein III Accelerated aimed to improve network visibility and threat detection across federal agencies.
  • Corporate boards often lack a clear understanding or effective structure for overseeing cybersecurity risk.
  • SolarWinds' governance structure, where the nominating and governance committee (not the audit committee) oversaw cybersecurity, was atypical and potentially insufficient.
  • The skills and time commitment of board members, particularly those from private equity ownership, raised questions about their ability to provide adequate oversight.
  • Post-breach, SolarWinds established a dedicated tech and cybersecurity committee, indicating an admission of prior governance shortcomings.
Effective board-level oversight is a critical control point for cybersecurity, and understanding governance failures can help other companies strengthen their own risk management practices.
SolarWinds' board had limited members with deep cybersecurity expertise, and their oversight responsibility was assigned to a committee not typically focused on such technical risks.
  • Sophisticated attackers can remain undetected on a network for extended periods, moving 'low and slow' to avoid detection.
  • The SolarWinds malware was designed to lie dormant for two weeks before establishing communication and downloading further tools.
  • Attackers compromised credentials and disguised malicious activity as normal network traffic, making detection extremely difficult.
  • A multi-faceted, defense-in-depth approach, including proactive threat hunting, is necessary to uncover such stealthy intrusions.
Recognizing that attackers can operate undetected for months is essential for implementing proactive security measures beyond traditional perimeter defenses.
The malware embedded in the SolarWinds update was designed to remain hidden and mimic legitimate network traffic to evade detection for an extended period.
  • SolarWinds' initial response, including blaming an intern, was poorly received by the media and public.
  • The attack has led to shareholder lawsuits, with SolarWinds' stock price remaining significantly depressed post-disclosure.
  • The incident underscores the concept of systemic risk, where a vulnerability in one critical entity can impact a broader ecosystem.
  • Regulators are increasingly scrutinizing cloud platforms and other critical technology providers for their potential systemic impact.
Understanding how breaches affect stock prices, lead to litigation, and are viewed through the lens of systemic risk is vital for corporate preparedness and investor confidence.
SolarWinds' stock dropped significantly after the attack and has not fully recovered, suggesting the market views the software compromise as a fundamental blow to the company's value proposition.
  • The executive order aims to establish a unified cybersecurity framework, building on best practices and bipartisan consensus.
  • Key provisions include modernizing federal government contracting, updating legacy systems with technologies like Zero Trust architecture, and enhancing supply chain security.
  • It proposes creating an NTSB-like incident review board for major cyber events and improving information sharing between public and private sectors.
  • The order mandates specific actions for various government agencies, with phased implementation and evolving requirements.
This executive order represents a significant governmental push to elevate national cybersecurity standards, particularly for federal contractors and critical infrastructure.
The executive order mandates that software vendors selling to the federal government meet certain cybersecurity standards, potentially through a certification process.
  • Information sharing between public and private sectors is crucial for attribution, imposing costs on adversaries, and rapidly disseminating threat intelligence (Indicators of Compromise and TTPs).
  • Despite legal and reputational risks, companies must be encouraged or mandated to share information to improve collective defense.
  • Robust third-party vendor risk management programs are essential due to the difficulty of detecting supply chain attacks.
  • Implementing such programs requires strong governance, clear policies, thorough vetting of vendors, and ongoing diligence.
Effective information sharing and comprehensive vendor risk management are critical components of a proactive cybersecurity strategy, enabling faster response and better prevention.
The FBI and DHS share Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) with private sector organizations to help them detect and defend against ongoing threats.
  • Experts largely agree that the U.S. is not adequately prepared for the next sophisticated nation-state attack, with networks remaining complex and basic security practices often neglected.
  • Boards of directors are rated as only about a '2' on a scale of 10 for preparedness, highlighting a significant gap in understanding systemic risk.
  • Companies are also unprepared for less sophisticated attacks, as demonstrated by the confusion and disruption caused by the Colonial Pipeline ransomware incident.
  • The government faces challenges due to dependencies on the private sector, which holds 85% of critical infrastructure and is often hesitant to share information.
The consensus among experts points to a critical need for immediate and substantial improvements in cybersecurity preparedness across both government and private sectors.
The Colonial Pipeline ransomware attack, which was not a sophisticated nation-state attack, caused significant disruption due to the company's confusion on how to respond, indicating a lack of basic preparedness.

Key takeaways

  1. 1Supply chain attacks, like SolarWinds, exploit trust in third-party software and require rigorous vendor risk management.
  2. 2Effective cybersecurity requires strong board-level governance and understanding of systemic risk, not just compliance checklists.
  3. 3Information sharing between the public and private sectors is vital for threat attribution, intelligence dissemination, and collective defense.
  4. 4The U.S. government is actively working to improve its cybersecurity posture through executive orders, but execution and private sector collaboration remain key challenges.
  5. 5Zero Trust architecture and multi-factor authentication are essential components of modern cybersecurity strategies to reduce attack surfaces.
  6. 6Companies must prioritize and risk-rank their assets to allocate cybersecurity resources effectively, focusing on their most critical functions and data.
  7. 7The increasing sophistication and stealth of cyber adversaries necessitate proactive threat hunting and defense-in-depth strategies.
  8. 8Despite advancements, both government and private sectors remain significantly underprepared for sophisticated nation-state attacks and even basic ransomware incidents.

Key terms

SolarWinds AttackSupply Chain AttackThird-Party Risk ManagementSystemic RiskZero Trust ArchitectureInformation SharingExecutive Order on CybersecurityCritical InfrastructureNation-State AttackIndicators of Compromise (IoCs)Tactics, Techniques, and Procedures (TTPs)Multi-Factor Authentication (MFA)

Test your understanding

  1. 1What is a supply chain attack, and how did it manifest in the SolarWinds incident?
  2. 2Why is board-level oversight of cybersecurity considered a critical control point, and what are common governance failures?
  3. 3How does the Biden administration's executive order aim to improve federal cybersecurity, and what are its key components?
  4. 4What are the primary benefits of information sharing between the public and private sectors in cybersecurity?
  5. 5Explain the concept of 'Zero Trust Architecture' and why it is relevant in modern cybersecurity strategies.

Turn any lecture into study material

Paste a YouTube URL, PDF, or article. Get flashcards, quizzes, summaries, and AI chat — in seconds.

Summarize Your Own VideoSign up free

No credit card required