SolarWinds hack remains as the most sophisticated cyber-attack in United States history. The government at all levels spend a lot of money for security purposes, but the case of SolarWinds went unnoticed by all the government agencies. The SolarWinds attack is a kind of cyber-attack aimed at disrupting a supply chain. The attack affected both government agencies and corporate entities. If this attack was not contained it could have led to massive exploitation of Americans data in government and businesses databases. It could also have caused denial of critical services to the American people, as well as destroying the critical infrastructure (Republican Policy Committee, 2021).
Following the SolarWinds attack, the federal government response included modernizing federal IT system. Most of the government digital systems were developed or purchased when cybersecurity was not an issue of concern. That is, most of the government computer systems run on legacy platforms which is not secure. This makes these systems and other connected devices to be vulnerable to cyber threats. This is because they were designed without documentation, codes were poorly written and not used nowadays and the development teams are no longer available. This calls for the government and even historical corporate organizations to phase out their old systems (Manteiga, 2019).
All computer system connected to the internet is likely to be attacked. That should not scare the Americans. The benefits that come with the Internet of Things cannot make Americans avoid use of cloud based systems despite the attacks. Having modern devices, firewalls and other security measures in place is not a guarantee that a computer system is secure. What need to be in place is mechanisms to detect threats, prevent them before they cause harm, provide timely response and recovery of affected systems. A critical infrastructure attack can only be worse if restoring it to normalcy is a big deal. If the attack occurs and is handled within a short time the better (Raston, 2021).
When government agencies work together with the private entities great things do happen. The SolarWinds attack was first discovered by a private entity. When the information was shared it was found that not only a single organization was under attack but also several government agencies were affected. This shows the importance of collaboration and timely sharing of information. Private entities need to be encouraged to be active users of Fusion Centers. It is in this state owned centers that private sector can benefit with security updates and also be able to share security threats they encounter in their daily operations (DHS, 2019).
Testing software’s for vulnerability before it is integrated in an existing network should be mandatory. In most occasion, especially with Software as a Service security issues is left with the vendor. But, the vendors can also be under attack as was the case of SolarWinds. Therefore, software buyers should be able to test bought or leased software’s for vulnerability before integrating it with other systems. Failure to test the applications introduced to the existing platform exposes an entity to an attack (Gittlen, 2021).
In conclusion, cyber threats are dynamic. Therefore, the government and private sector must work together to develop response mechanism. The state of cyber threat need to be reviewed regular. Also, cyber security companies and educational institutions need to invest more in research and in developing secure applications that can counter cyber-attacks.
