Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
USA: CISA and federal agencies create Cyber Unified Coordination Group in response to SolarWinds' Orion hack
The Cybersecurity and Infrastructure Security Agency ('CISA') issued, on 5 January 2021, together with the Federal Bureau of Investigation ('FBI'), the Office of the Director of National Intelligence ('ODNI') and the National Security Agency ('NSA'), a statement on the creation of a task force construct known as the Cyber Unified Coordination Group ('UCG') to coordinate the investigation and remediation of the SolarWinds cyber incident involving federal government networks. In addition, CISA noted that the UCG is still working to understand the scope of the incident. Specifically, CISA highlighted that this work indicates that an Advanced Persistent Threat ('APT') actor is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. In addition, CISA noted that they are taking all the necessary steps to understand the full scope of this campaign and respond accordingly.
Moreover, CISA highlighted that the UCG believes that, of the approximately 18,000 affected public and private sector customers of SolarWinds' Orion product, a smaller number have been compromised by follow-on activity on their systems. In addition, the CISA outlined that as the lead agency for threat response, the FBI's investigation is presently focused on identifying victims, collecting evidence, analysing the evidence to determine further attribution, as well as sharing results with the government and private sector partners to inform operations, the intelligence picture, and network defense. Furthermore, CISA highlighted that as the lead for asset response, it is focused on sharing information quickly with the government and private sector partners. Finally, CISA has also created a free tool for detecting unusual and potentially malicious activity related to this incident.
You can read the press release here.