Federal and state investigations continue into one of the most substantial cyber attacks to hit the U.S. government.
The breach was first noticed on December 13th, affecting at least the U.S. Treasury Dept., the Dept. of Homeland Security, the State Dept., Dept. of Defense and the Dept. of Commerce.
North Dakota’s Chief Information Officer Shawn Riley says SolarWinds Orion, a network management software, was hacked. The company estimates that 18,000 of its 300,000 customers may be affected and those are just the private businesses.
“It’s pervasive across all of federal government, state governments, schools use it, cities, counties,” Riley explained.
At this time, it’s unknown the extent but he says there are likely more agencies compromised than we even know about.
Here in North Dakota, Riley says the NDIT Dept. can confirm a couple dozen vulnerable instances within state government. He says the Solar Winds software is great in improving the state’s IT strategy, but unfortunately, it means exposure was widespread.
Riley tells us, wherever there was an instance, IT has been in touch and systems have been shut down.
“The hard part with this attack is that it really goes at the heart of the technology that runs all of our environments,” he elaborated.
“So this goes toward our data centers, so theoretically if they were to exploit us, the exposure could be pretty comprehensive.”
When asked if this includes social security numbers, medical data and more, Riley responded, “Basically anything that the state holds could have been at risk, yes.”
The good news this has not happened. IT is not aware of any actual breaches in the state, just vulnerabilities. Although, Riley says in some cases the rebuilding process could be strenuous.
He says right now, it’s unclear how long ago this attack happened but it has been at least several months.
A joint statement from the FBI and the Cybersecurity and Infrastructure Security Agency, among others, says the attack is likely Russian in origin but the investigation is still ongoing.