SolarWinds hack Targeted SCADA systems

SolarWinds hack remains as the worst cyber-attack in American history. The attackers gained access to government vital systems as well as private entities system. The worst thing is even attacked entities including government entities were not aware of being under attack. SolarWinds provides Software as a Service to government and private entities around the world. The attack is estimated to have affected more than 18,000 customers of SolarWinds who use Orion Platform (Jibilian, 2021). But, the U.S. government press brief of February 17, 2021 claimed only 9 federal agencies and around 100 private entities were affected (White House, 2021).

The Russian funded cyber attackers injected an update patch to Orion Platform. When the SolarWinds clients saw a popup demanding them to update their system, they thought it was just a regular update to fix bugs and enhance system efficiency. But, it was an entry point of hackers! Once installed, the hackers were able to gain entry into other networked systems remotely where they could steal data or compromise them. Government agencies like the Pentagon, the DHS, the State Department, the Department of Energy, the National Nuclear Security Administration, the Treasury, the California Department of State Hospitals and Kent State University and private entities like Microsoft, Cisco, Intel and Deloitte were among of entities that were attacked (Jibilian, 2021).

SolarWinds hack targeted SCADA systems used in government offices and in corporate premises. The attacker for example was able to access data on Microsoft platforms like emails. The attack could have caused massive disruption of services in the affected entities. For example, what if the data on DHS systems was compromised? That could put the homeland security at risk. Think of DHS without data. Think of the mix up of hospital data. Think of compromise of student information. The attack also exposed Americans data to people and entities that can use it to their disadvantage (Suderman, 2021).

If the SolarWinds hack was not detected and systems secured, the American people could have woken one day to find government services unavailable. But, if the government cannot secure its properties, does it really secure Americans? SolarWinds hack raises more questions about the strength of the government not just about cyber threats. Imagine going to a government hospital you are used to only to find your medical records are not accessible? What if the visit was an emergency? SolarWinds could have put lives of citizens at risk (Zinga, 2021).

The physical threat facing America today is interdependency of critical infrastructure. The cyber interdependence of systems makes them to be vulnerable. For example, the power grids depend on SCADA systems to operate. If these systems are affected by natural or human made disasters like storms or cyber-attacks, they will affect other critical infrastructures. For instance, power outages will make industries to halt operations. Communication systems will go off affecting even security systems. Healthcare facilities will not offer some critical services. Therefore, resilience of these systems is paramount. The time taken to restore these systems to normal functioning after an attack or disruption should be minimal.