Bloomberg reports speculation that Russian intelligence services may have been especially interested in what they could glean from tech and cybersecurity firms over the course of the SolarWinds supply chain compromise. Insight into defenses and cyber tools would have been particularly valuable.
IT and cyber firms didn’t, however, comprise the entire list of private sector targets. Infosecurity Magazine notes that the Sunburst vulnerability has been determined to affect a number of manufacturing companies. Kaspersky CERT found that targeting broke down as follows: “32.4% of all victims were industrial organizations, with manufacturing (18.11% of all victims) by far the most affected." Utilities (3.24%), construction (3.03%), transportation and logistics (2.97%), and oil and gas (1.35%) also figured in the list.
Solorigate has provoked Congressional interest in an earlier incident, a 2015 breach of Juniper Networks’ servers in which the attackers made small changes to code for the Dual_EC_DRBG encryption algorithm. NIST had promulgated the NSA-developed algorithm as a standard for encryption in 2006. Bloomberg Law reports that two Senators and eight Representatives have signed a letter asking NSA to explain whether it had backdoored the encryption in ways that enabled hostile intelligence services to compromise the software supply chain.
The Cyberspace Solarium Commission has produced a Transition Book for the new US Administration. They recommend three steps for immediate action:
- “Establish the Office of the National Cyber Director,
- “Develop and promulgate a National Cyber Strategy, and
- “Improve the coherence and impact of existing government cybersecurity efforts and further strengthen partnerships with the private sector.”