Perspectives on the SolarWinds Incident

Autor: Terry Benzel, Atul Prakash, Jelena Mirkovic, James Bret Michael, Carl E. Landwehr, Hamed Okhravi, Fabio Massacci, Bruce Schneier, Mohammad Mannan, Sean Peisert
Přispěvatelé: Naval Postgraduate School (U.S.)
Rok vydání: 2021
Předmět:
Zdroj: IEEE Security and Privacy, vol 19, iss 2
Peisert, S, Schneier, B, Okhravi, H, Massacci, F, Benzel, T, Landwehr, C, Mannan, M, Mirkovic, J, Prakash, A & Michael, J B 2021, ' Perspectives on the SolarWinds Incident ', IEEE Security and Privacy, vol. 19, no. 2, 9382367, pp. 7-13 . https://doi.org/10.1109/MSEC.2021.3051235
IEEE Security & Privacy, vol 19, iss 2
DOI: 10.1109/MSEC.2021.3051235
Popis: A significant cybersecurity event has recently been discovered in which malicious actors gained access to the source code for the Orion monitoring and management software made by the company SolarWinds and inserted malware into that source code. This article describes brief perspectives from a few experts regarding that incident and probable solutions. The attackers inserted malware into that source code so that, when the software was distributed to and deployed by SolarWinds customers as part of an update, the malicious software could be used to surveil customers who unknowingly installed the malware and gain potentially arbitrary control over the systems managed by Orion. One of the solutions is to improve government software procurement. Software is critical to national security. Any system of procuring that software needs to evaluate the security of the software and the security practices of the company, in detail, to ensure that they are sufficient to meet the security needs of the network they are being installed in. If these evaluations are made public, along with the list of companies that meet them, all network buyers can benefit from them.
Databáze: OpenAIRE
Externí odkaz: