The SolarWinds breach is still big news. Everyday, it seems more details come out about the breach, how it might have happened and who might have been breached.
Initially thought to just have targeted US fortune 500 companies and the US government, it seems other entities around the world are also feeling the effects. "While roughly 80 percent of these customers are located in the United States, this work so far has also identified victims in seven additional countries," says Microsoft president Brad Smith in a blog post. Smith said the victims were also found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Smith also said that the attack, “represents an act of recklessness that created a serious technological vulnerability for the United States and the world."
So how do we collectively recover from a breach so large? Bruce Schneier, a prominent security expert and Harvard fellow, says the only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” as reported in AP News. Schneier likens the network to a mansion you live in, and you know a serial killer has been there: “You don’t know if he’s gone. How do you get work done? You kind of just hope for the best.”
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to power down the breached software. Getting everything up and running as normal is where the bigger challenge lays. "This threat poses a grave risk," CISA said in a statement Thursday, adding that it "expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations." Indeed, rebuilding from scratch may be the only option for some organizations. For many in the US government, the threat of cyberespionage has many American officials wary of putting anything sensitive on government networks.
So, other than “burning it down’ and starting from scratch, is there anything else organizations and governments should be doing to prevent these breaches in the future? Microsoft president Brad Smith said in an interview, "This is really a moment of reckoning. It highlights weaknesses in the nation's defenses. It shows us where we need to strengthen our laws. It indicates where we need strong collaboration with America's allies to hold these kinds of nation-state attackers accountable." Similarly, Jack Mannino, CEO at security firm nVisium, says, "The US should devote additional time, money, and energy into shoring up defenses across the software supply chain rather than waging online wars," Mannino said. "Clearly, deterrents aren't working, and our software and systems are as porous as they've ever been. Defense and open information sharing for indicators of compromise will ultimately prove more effective long-term than engaging in cyber playground fights."