The Department of Commerce was one of many agencies and companies attacked worldwide by Russia’s APT 29 via SolarWinds Orion servers. Today’s special columnist, Kelvin Coleman of the NCSA, offers some analysis and practical advice for security pros. Tim Evanson Creative Commons Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)

Although the true scope of the SolarWinds attack has not been fully uncovered, there’s no doubting the level of sophistication required to carry these attacks on numerous government agencies, including the US Treasury, Commerce Department and the Department of Homeland Security.

Considering how long its discovery remained dormant, the amount of coverage we’re seeing in the mainstream media and the levels of concern out of the intelligence community are no surprise. As details emerge – almost in real-time – we’ll continue to have better clarity as to the logistics, tactics and motivations behind the incident. In the meantime, we can only speculate.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.