U.S. Spy Agencies Review Software Supplier Ties to Russia Following SolarWinds Hack

U.S. Spy Agencies Review Software Supplier Ties to Russia Following SolarWinds Hack
John Demers Asst. Attorney General Department of Justice

John Demers, assistant attorney general for national security at the Department of Justice, said the FBI and other intelligence agencies launched a review of vulnerabilities originating from software suppliers that have ties with Russia to determine if there is "back-end software design and coding" that makes intrusions into U.S. companies possible, CyberScoop reported Thursday.

They will review supply chain risks, taking into account an alleged Russian hacking campaign that spied on U.S. federal agencies by exploiting SolarWinds software.

The Department of Commerce will be informed about review findings, according to Demers.

“If there’s back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” he said.

Demers said Commerce will have to decide if suspected vendors should be banned from U.S. supply chains.

You may also be interested in...

Federal Cybersecurity

Senate Committee Releases Federal Cybersecurity Report

The Senate Homeland Security and Governmental Affairs Committee has issued a 47-page report outlining a list of recommendations to improve the cybersecurity posture of federal agencies. The Senate panel’s Federal Cybersecurity report recommends that the Office of Management and Budget (OMB) direct agencies to adopt a risk-based budgeting framework for information technology investments.