Tag Archives: SolarWinds

U.S. Spy Agencies Review Software Supplier Ties to Russia Following SolarWinds Hack

John Demers

John Demers, assistant attorney general for national security at the Department of Justice, said the FBI and other intelligence agencies launched a review of vulnerabilities originating from software suppliers that have ties with Russia to determine if there is "back-end software design and coding" that makes intrusions into U.S. companies possible.

Read More »

Bob Kolasky: CISA Gains Insight Into 2020’s SolarWinds Cyber Attack

Bob Kolasky

Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency's (CISA) National Risk Management Center (NRMC), said his team has studied the software risks associated with last year's SolarWinds hack. SolarWinds was a Russian malware attack that affected Orion software in multiple federal agencies. Kolasky said NRMC assessed SolarWinds-related software risks over a span of four months.

Read More »

CISA, NIST Post Document on Securing Software Supply Chain

Defending Against

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) have released Defending Against Software Supply Chain Attacks, a document containing information on software supply chain risks and providing guidance on the application of frameworks from NIST for cyber supply chain risk management and secure software development.

Read More »

FBI, DHS Provide Information on Russian Intell Agency’s Cyber Exploitation Techniques

NSA-CISA-FBI-UK NCSC

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory to provide information on cyber tools and techniques used by Russian Foreign Intelligence Service actors to compromise government networks, information technology companies and think tanks. FBI also observed that SVR actors have transitioned from using malware to homing in on cloud-based platforms. 

Read More »

Anne Neuberger Offers Update on Government’s Response to Recent Cyber Incidents

Anne Neuberger

Anne Neuberger, deputy national security adviser for Cyber and Emerging Technology and a 2021 Wash100 Award winner, said that due to an increase in patching efforts, the Biden administration is “standing down” the two unified coordination groups that were established in response to cyber breaches involving SolarWinds and Microsoft Exchange.

Read More »

DHS Seeks Comments on Cyber Vulnerability Information Collection Effort

TIC 3.0 Use Case Guide

The Department of Homeland Security (DHS) is looking for input on its plans to collect cyber risk information and recommendations from agencies, companies and individuals in the wake of the SolarWinds attack. In addition, the form is intended to help researchers develop concepts for identifying such vulnerabilities, according to DHS. Comments on the information collection request are due on May 18th.

Read More »

House Lawmakers Ask Agencies to Provide More Details on SolarWinds Hack

Ransomware Attack

A group of bipartisan House lawmakers sent letters to heads of federal agencies requesting more information related to the SolarWinds cyberattack. Lawmakers also want to know how agencies evaluate vendors for cybersecurity risks and whether they have a specific plan in place to reduce the risks of future supply chain attacks.

Read More »

ODNI, Intel Senior Leaders on US Supply Chain Security, Semiconductor Manufacturing Needs

Semiconductor

Joyce Corell, an official at the Office of the Director of National Intelligence (ODNI), said the U.S. must execute risk-based supply chain security management strategies following the SolarWinds cyber attacks. Under the Structured Array Hardware for Automatically Realized Applications (SAHARA) partnership, DARPA and Intel will work with academic entities to optimize the semiconductor's use.

Read More »

Gen. Paul Nakasone on CYBERCOM’s Response to SolarWinds Breach, ‘Defend Forward’ Concept

Gen. Paul Nakasone

Gen. Paul Nakasone, commander of U.S. Cyber Command (CYBERCOM) and a 2021 Wash100 Award recipient, said CYBERCOM continues to play a “key role” in the U.S. government’s ongoing response to the SolarWinds hack. He also mentioned in his speech the cyber threats posed by Russia, China, Iran and North Korea and the importance of partnerships with the U.S. private sector and foreign allies.

Read More »

Anne Neuberger: White House Working on Industrial Control System Security Plan

Anne Neuberger

Anne Neuberger, deputy national security adviser for cyber and emerging technology and a 2021 Wash100 Award winner, said the White House is working with the Environmental Protection Agency (EPA), Securities and Exchange Commission (SEC), energy sector and other organizations on a plan to protect industrial control systems from cyber threats

Read More »