Why Security Experts Were Blindsided by the SolarWinds Attack
The massive cyberattack on U.S. government agencies and corporations took advantage of the fact that the public and private sectors can’t easily share threat information
By Mark Sullivan
The SolarWinds cyberattack on U.S. government agencies and private organizations was and is frightening in its scale and success. It proved no match for the government agencies charged with defending against such things, and brought into sharp focus the fact that the government’s current model for responding to cyberthreats is lacking.
The Senate Intelligence Committee hosted some of the main players in the SolarWinds saga Tuesday for some soul-searching on how the government and private tech companies should work together to stop future attacks. Some of the main themes discussed in the hearing are likely to end up in new cybersecurity legislation this year, a Congressional source told me.
SolarWinds is the name of the Texas-based company whose IT management software is used by many government agencies and large corporations. Back in March 2020, the attackers — widely thought to be employed by Russia’s Foreign Intelligence Service — first planted malware in the…
