Is the Solarwinds Compromise a Global Cyber Pandemic?
Shouldn’t the discovery of the Solarwinds Orion 2019 compromise be treated with the same sense of global urgency as the pandemic?
A former engineering colleague of mine in a Central European country once told me his Ministry of Defense knew the type of cars diplomats mostly drove, so they just bugged (listening devices) all of those models as they arrived in the country so they didn’t need to figure which specific one a diplomat bought and then bug it. They just enabled the pre-installed bug when the car was purchased.
Isn’t this the same situation?
Solarwinds is a global and widely used infrastructure product. Their customers are across all industries and market sectors private and public. The ubiquitous network monitoring tool all network managers use. It’s likely that most Solarwind customers will not be effected. The question is which ones will be and how?
Has Solarwinds tracked and audited how many of their customers actually downloaded the corrupted version? Do they have the ability to remove all traces of this version and replace it with a tested clean version in a non-disruptive update?
Given the interconnection of networks, how likely is it the code self-propagated itself across networks that were not running Solarwinds and is now substantially embedded in a considerable percentage of global networks?
Recent discoveries have revealed it has propagated thru resellers of enterprise application products. This is a good time to remember that the cloud is a concentration of servers and networks. And while the cloud applications are not interoperable between cloud providers, the servers and connected devices use multiple cloud providers.
I have to believe that the scope and depth of the issue is still being discovered. And more importantly the target is more than likely unknown. If the majority of networks have been comprised by virtue of commercial distribution, the actual intention will be significantly more difficult to uncover.
I am hoping that the tech community is working closely together to find and either remove or disable the major aspects of this. This is a time for collaboration not competition. We need out of the box thinking to develop a new generation of detection and analytic tools looking at anomalies and behavioral changes in applications and networking. Similar to Covid research and the vaccine development, how is the code behaving and how can it be countered. What parts of the full infrastructure does it attach to and what changes does it make.
COVID has impacted everyone on the planet in some form. Is it possible the Orion compromise will have a similar impact? Have we just seen a Global Cyber Pandemic?
Gary Olson
GT Digital Ltd.
