- The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on Sunday over the compromised security of SolarWinds Orion products.
- SolarWinds Orion is a popular portal for managing large enterprise networks.
- SolarWinds clients include the US Army, Air Force, Marine Corps, Census Bureau, and other critical government entities.
- CISA is advising network engineers to forensically audit systems to determine if an intrusion has occurred.
CISA Issues Emergency Directive 21-01
CISA emergency directives are very rare, with only five issued since 2015. When the agency declares one, it’s only for the most severe cyber-attacks and network intrusions. Last night, CISA issued an urgent emergency directive to mitigate known intrusions with SolarWinds Orion network management tools.
SolarWinds Orion is a popular platform for managing networks. It allows network engineers to efficiently manage virtually all aspects of a network using a singular integrated portal. Deployed throughout the world, the product is remarkably popular. Numerous government agencies use SolarWinds Orion, including the military and US Department of Treasury.
Details as to how adversaries penetrate SolarWinds Orion network management products remain unclear. SolarWinds contends that this was a limited, supply-chain attack waged by a nation state. They maintain that the attack was manual and restrained, not of the scope that CISA seems to indicate. The problem is that if the attack was carried out once, it can likely be replicated. With such a massive install base, the vulnerability compromises security for numerous organizations.
CISA provides specific steps to remidiate the intrusion, which necessitate shutting down SolarWinds Orion completely. Although the Austin-based company is working on a patch, CISA advises all affected parties to keep the product disconnected until further notice.
Needless to say, a compromised network management tool presents headaches for system administrators. These portals are so central to network management, after they’re disconnected, admins must accomplish routine tasks manually. Typically, these automated network management systems result in reduced network support staff. These organizations will likely be stretched thin, as network engineers work to remediate the security issue and maintain their networks manually.
What You Should Do if Your Organization Uses SolarWinds Orion
SolarWinds Orion is a popular network management tool. Used by corporate, government and non-profit organizations world-wide, its compromization will ripple across the globe.
If your organization uses SolarWinds Orion, it’s imparative that you act immediately to remediate security issues. Essentially, this requires disconnecting servers and workstations from the popular network management product. CISA provides detailed instructions on how to disconnect from SolarWinds Orion. The government agency also presents information on how to detect if your network is compromised.
SolarWinds’ website urges users to install the latest patch to fix this issue. CISA, however, claims that the latest version of Orion is still vulnerable to intrusion. SolarWinds own information seems to indicate the vulnerability still exists in its latest patch. The company downplays the attack as being limited, manual and initiated by a nation state. Systems connected to the popular network management tool remain vulnerable, however.
SolarWinds Orion Has No Impact on the 2020 Election
The Internet is rife with conspiracy theories, and security flaws with SolarWinds Orion quickly escalated into new, cockamaimie notions of election tampering. SolarWinds Orion was never used on any Dominion Voting Systems machines. Even if this was the case, a vulnerability in a network management tool doesn’t necessarily allow the attacker to own every device on the network.
Countless audits and recounts have been performed with the 2020 election. It’s considered one of the most secure elections in US history. Recent revelations with SolarWinds Orion do not alter this fact. The 2020 election was secure and fair, as proven by numerous verification methods and outside observers.