The SolarWinds cyberattack two years ago demonstrated a new level of hacking sophistication, underscoring the need for the government and private sector to collaborate to strengthen the country's online resilience, according to CISA, America's leading cyber defense organization.
The Cybersecurity and Infrastructure Security Agency (CISA) is the federal agency in charge of safeguarding the country against cyber attacks.
CISA Director Jen Easterly stated in a panel discussion at the RSA conference that the incident, which allowed Russian hackers to inject malicious code into U.S. IT, was identified by the private sector cybersecurity firm FireEye, not the government.
"We certainly can't do it alone," Easterly said. "Quite frankly, given that most infrastructure is owned by the private sector ... technology companies will see threats before the government does."
The SolarWinds attack, which U.S. intelligence officials believe was launched by Russia, was found near the end of 2020 but is believed to have begun as early as March of that year. Hackers broke into SolarWinds' computers and installed malicious malware within an update to the company's popular Orion products.
Thousands of SolarWinds customers then installed the infected update, allowing hackers access to their systems. Federal agencies, big technology businesses, and hospitals were among the entities targeted, while SolarWinds claims that only a few of those affected were truly harmed. The Russian government has explicitly denied any involvement in the attack.
The intrusion served as a stark reminder of the expertise of the Russian government's cyberespionage efforts, as well as the interrelated nature of the software supply chain damaged.
Sudhakar Ramakrishna, who was named CEO before the hack but didn't start until afterward, said the company's response to the "incredibly sophisticated and incredibly novel" attack was uncommon because it stressed transparency.
It got directly to work, collaborating with investigators and the government on a regular basis and interacting with customers and staff.
He said that there are no silver bullets for dealing with this type of attack, but it did present an opportunity to learn how to strengthen security and respond better if something like this happens again.
Easterly believes the most important lesson of SolarWinds is that cybersecurity must be made a national priority, something she has seen from the Biden administration.
"We also have to be able to communicate it in a way that people understand what they need to do to keep themselves safe," she said, adding that sometimes the tech industry isn't very good at the communication part.
