The Cybersecurity and Infrastructure Security Agency ordered all government departments to shut off instances of SolarWinds Orion software running or connected to any government system.
“Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed” (Washington Post)
2: Alert (AA20-352A)
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations issued by CISA
“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”
And update was added Dec 18th: “CISA has evidence of initial access vectors other than the SolarWinds Orion platform. We are investigating incidents in which activity indicating abuse of SAML tokens is present, yet where impacted SolarWinds instances have not been identified.” [read that last part again, possible other systems that don’t have infected/compromised SolarWinds have been compromised]
And issued Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
Rockwell and Siemens are two of the largest manufacturers of SCADA, (supervisory control and data acquisition) devices that control almost every automated system, like opening and closing valves etc.
They both use the SolarWinds software!
So they control how water is processed to make drinkable water. Image the process being revered, dirty water being shunted into the domestic water supply (just cleaning the pipes out would take weeks).
Image power being shunted where it wasn’t wanted/needed in a massive surge and then….nothing. What wasn’t fried in round 1 wouldn’t have any power for round 2.
Just imagine no traffic lights or any traffic control (that’s just a minor inconvenience!), no banks, no ATM’s, no credit card transaction, no lights, no power to make coffee! If you don’t yet understand the picture, look at the interconnects just for power.
Still don’t get it?
Then watch the fourth Die Hard film, Live Free or Die Hard. Remember that movie was shot 2007 !!! Think where we are now with technology controlled communications and systems.
“FIRE SALE – BECAUSE EVERYTHING MUST GO”
Shutting down all transportation systems; such as traffic lights, railroad lines, subway system and airport systems.
Disable the financial systems; including Wall Street, banks and financial records.
Turning off public utility systems, such as electricity, gas lines, telecommunications and satellite systems.
Can it really be done?
I don’t know, I’m not that up all the techie stuff like that. However, I have friends that are and they are VERY concerned. Much of the Fed government used SolarWinds. While its been reveled that a a couple of agencies have issues it is far wider than is being let on. After all they aren’t going to tell you that every major agency has been compromised. However, it has been reported that the State Dept., Treasury (IRS), Homeland Security, Commerce and Dept. of Energy (nuclear stuff!), Centers for Disease Control and Prevention (CDC), Justice Department (they also run the WITSEC witness protection program) and parts of the Pentagon have been compromised. Microsoft has also been mentioned in some reports. Oh and guess what, Dominion, yes the voting machines!
We are at PREP-CON 2
If you aren’t you’d better be! Because this is now a “no notice” event.
What is PREP-CON 2 (see mind map)
What should you do?
Depends where you are with your preparedness. Read through some of the articles on this site under planning, communications, food etc. for a start.
I’m working on some videos this week and hope to get some posted in the next day or so.