Kevin Mandia on the Solar Winds Hack

Mandia at the WSJ Cybersecurity Executive Forum

Free Content on Jobs in Cybersecurity | Sign up for the Email List

Kevin Mandia participated in an interview at the WSJ Cybersecurity Executive Forum on Wednesday. I was especially interested to hear what he had to say about the SolarWinds Hack, a topic I’ve written about a fair bit in prior posts.

One of the first things Mandia pointed out is the ongoing attempt to define what is and is not considered cyberwar and grounds for retaliation by the US government. He commented that “apparently supply chain attacks are fair game.” Hence, we need to prepare for them accordingly. Various US government agencies and executive orders have stepped up requirements around vendors and vendor products per articles published in my cybersecurity news blog.

In terms of how novel this attack was and who might be responsible, Mandia said this is the same thing he saw in the US Air Force. He called it “nothing more than a campaign in a multi-decade campaign” by the same foreign adversaries that have been attacking victims for years in the United States.

One interesting tidbit I read in a separate article is that Mandia got a postcard at his home shortly after the breach questioning this attribution of the attack to Russia.