Supply Chain Cybersecurity includes a complex of everyday operating issues affected by a network of known and unknown connections, services and components. This paper provides a strategic overview of the supply chain cyber issues from the perspective of vendor operational security.
We examine the accelerating escalation of supply chain risks, leading to 2021 executive orders and vendor cyber certification requirements. Concise recommendations and links to frameworks and self-assessment resources provide a starting point for the journey to healthier supply chain
There are many entities throughout the world that use third-party software as part of their business. When they do this, the service they receive form part of the supply chain of the company. SolarWinds is a key vendor with 33,000+ of the world’s companies and government entities use their software. The 22-year-old US-Based company, supply system management tools that are used by the IT professions within these organizations. The tools are responsible for a number of important services including software management, application monitoring, network configuration, etc. The Orion suite in particular, is SolarWinds most widely deployed network management system. It is used to manage and monitor the network infrastructure of the host company. To do its job effectively, the Orion suit needs absolute visibility of the company’s diverse set of network technologies. For this reason, it is common practice for network administrators to configure SolarWinds Orion with extensive privileges consequently, making it the perfect target for threat actors. On December 13th, 2020, it was discovered that the Orion software suit was infected with the malicious software called Sunburst.