As the SolarWinds cyber exploitation continues to unfold, it has become apparent that organizations are in the midst of an unprecedented cyber intrusion and it will take months before the extent of this adversary’s access and intent is ultimately known. Organizations will experience different impacts to their mission and operations depending on the value of that mission data to the adversary. Since this intrusion is highly sophisticated, stealthy, and extensive, there is much discussion of rebuilding compromised assets to eradicate this adversary. The initial intrusion occurred through a software supply chain compromise of the SolarWinds Orion product line, and due to the pervasive nature of that cyber tool on networks, the scale of the compromise of data and systems is not yet known - but the potential impact could be consequential to your organization. It is important to note, that given the widespread use of this product your organization is most likely impacted in some way.
As a leader, you will need to clearly understand the risks your organization may face in the months ahead and the actions you should consider taking. Below we have outlined two high level actions to consider, with the first action identifying possible impact, while next laying the necessary groundwork for successfully rebuilding a robust and cyber resilient environment. It is important to note that simply replicating legacy architectures and approaches will only recreate the risk that has been exploited, so this approach considers both recovery and rebuild.
Regardless of whether your organization has been impacted by this exploit, this is an opportunity to assess whether current practices are adequately protecting the data and systems most valuable to your mission, business, and operations. If exploited though, rebuilding should be strongly considered. When doing so it is paramount that the approach is well thought through to manage the investment being made to protect those valuable assets and data.
This is not simply an IT or security challenge, but will require a broad set of stakeholders, including:
Beyond the aforementioned actions, ensure you are aware of the latest information, reference the Alert and Current Activity websites.
Your organization can also participate in the appropriate industry Information Sharing and Analysis Center (ISAC).