The SolarWinds Cyberattack and Its Effect on Manufacturing
By now, you’ve probably heard about the sophisticated SolarWinds cyberattacks carried out by suspected Russian hackers back in early 2020. The attacks — dubbed SUNBURST AND SUPERNOVA — are, without hyperbole, the most devastating cyberattacks ever executed against the United States. They affect not only nearly every Fortune 500 company using SolarWinds’ software, they also compromise the U.S. Treasury Department, U.S. Department of Commerce’s National Telecommunications and Information Administration, and the U.S. Department of Homeland Security.
The reason this attack is so devastating is twofold. First, the sheer sophistication of the attack is unprecedented. In simplest terms, the attack was perpetrated at the root level — meaning, hackers infiltrated SolarWinds at an administrative level and injected their virus into a legitimate software update, which was subsequently issued by the company and accepted by vendors. The attack occurred through legitimate channels.
Second, the software affected is almost ubiquitous among larger companies, government agencies, and high-profile manufacturers. SolarWinds’ Security Advisory lists 18 known products affected by the attack, of which their ACM, SCM, and NPM are broadly used by domestic companies. More than 18,000 companies are reportedly affected.
Manufacturing on high alert
Although they weren’t necessarily the target of this large-scale cyberattack, manufacturers are on high alert as the scope of the damage continues to become apparent. Many manufacturers have contracts with the U.S. government or work in partnership with companies affected by the breach. Many major manufacturers were, themselves, directly affected as well.
According to CyberScoop, manufacturers have another reason to be concerned. “The affected software is widely used in the electricity, oil and gas, and manufacturing sectors, and the process of assessing some organizations’ exposure to the bug has only just started.” This means manufacturers may not discover the full extent of their vulnerability for weeks or months to come. In that time, any proprietary data or mission-critical systems must be considered compromised.
From bad to worse
While the severity of the cyberattack is significant on its own, the access it provides cybercriminals and foreign entities is tantamount to spilling company secrets. The hack gives clandestine access to user environments at the network level, meaning cybercriminals can snoop on government workers and steal data without anyone suspecting malicious activity.
Officials are asking companies to disconnect their SolarWinds Orion products immediately and discontinue use until the situation is remedied. To help mitigate any further potential harm, the Cybersecurity and Infrastructure Security Agency has issued an emergency directive (21-01), offering instructions for what to do if you’re a SolarWinds product user.
A lesson in cybersecurity
It’s unlikely we’ll know the true significance of the SolarWinds cyberattack for many months to come — especially as the full scope of the attack comes to light. This is, nonetheless, a wake-up call for all manufacturers as to the importance of cybersecurity. It’s critical to have systems in place to monitor for potential breaches and to prioritize good cybersecurity at the organizational level. The SolarWinds cyberattack shows the true capabilities of cybercriminals and the level of infiltration possible from the right vector.