In response to a known compromise with SolarWinds Orion products, the US Agency for Cybersecurity and Infrastructure Security (CISA) issued the Emergency Policy ‘21-01 ‘, which is currently being exploited by malicious actors. This Emergency Policy calls on all civil federal agencies to review their networks for signs of compromise and to immediately disconnect or turn off SolarWinds Orion products.
“The compromise of SolarWinds’ Orion Network Management products poses unacceptable risks to federal network security,” said Brandon Wales, acting director of CISA. “Today’s policy aims to mitigate potential compromises within federal civil networks. We urge all our partners in the public and private sector to assess their exposure to this compromise and to protect their networks from any kind of exploitation.”
This is the fifth emergency policy issued by CISA under the authorities given by Congress in the Cybersecurity Act of 2015. All agencies using SolarWinds products should submit a final report to CISA by 12:00 noon (EST) on Monday, December 14, 2020.
It was revealed that officials from CISA and the FBI were investigating violations of two of the largest federal agencies, the Commerce and Finance departments, related to a bug in the SolarWinds Orion software. Early reports suggest that hackers working for the Russian government were involved in the compromises.
In the emergency policy - the fifth to date in the agency’s history - CISA officials require federal agencies to identify instances of the SolarWinds software in their systems and immediately disconnect or shut down the SolarWinds Orion products. The directive only applies to civilian agencies as CISA has no powers over the Ministry of Defense or intelligence agencies.
Approach of the authorities
IT managers should proactively block all inbound traffic, CISA said. Security teams should also look for and remove suspicious users and accounts.
SolarWinds - Orion
The SolarWinds Orion product is used to monitor and optimize IT infrastructure in large environments, as is the case with most federal agencies. The tools examine which devices and processes are using the most resources and either ensure that those resources are available or help IT managers resolve potential risks.
The company claims on its website that it has many federal and defense customers, including the Census Bureau, the Departments of Justice, Finance and Veterans Affairs, the Oak Ridge and Sandia National Laboratories, the Pentagon, the Army, the Air Force, the Navy and the Marine Corps and United States Intelligence Community.