While I won’t pretend to understand all of the technical details of this event, it is fundamentally a “supply chain” attack. The malware infected the SolarWinds Orion business software. Thousands of public and private entities use this software, and they introduced the malware into their own systems as they downloaded routine updates. The malware installs “backdoors” into the infected systems, and voila, the bad guys are in.
The sophistication of the attack indicates a nation-state actor. Frankly, if it is true that the attack started in the spring of this year, we’re fortunate that it was discovered so soon.
The natural progression for these types of events is for organizations to initially claim they are fine, only to find out (or admit) later that they are infected. Active, aggressive monitoring and threat hunting should be the new normal for most organizations.
So what should FSOs and facility owners do about this event?
First, share this blog with the attached links with whoever manages cyber security at your facility, including any outside vendors. You should already have these folks on your speed dial. If not, it is time to learn their names and team up on security.
Second, ask to be kept informed on the progress of any response actions your company takes. Insist that any systems with particular importance to your FSP be included in the detection, response, and recovery actions. This might include security cameras, Terminal Operating Systems, electronic gate access systems, sensors, alarms, and more.
Third, ensure your cyber security colleagues are aware of the Coast Guard requirement to report cyber related breaches of security and suspicious activity to the National Response Center. Information sharing is vital to securing our nation against these attacks.
Finally, I’ll remind you that early this year the Coast Guard published NVIC 01-20, Guidelines for Addressing Cyber Risks at MTSA Regulated Facilities. If you are not already working on a cyber security annex to your FSP, give S&A a call and we’ll help you understand how to meet this requirement.
Coast Guard Marine Safety Bulletin https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2020/MSIB-20-20-Solar-Wind.pdf?ver=J4I_zECX5EQecQ2ex6LeNw%3D%3D
Cybersecurity and Infrastructure Security Agency (CISA)
MAD Security (Seebald & Associates cyber security partner) https://madsecurity.com/