- Reuters first reported on Tuesday that the department’s National Finance Center, which runs a payroll system serving over 600,000 federal employees across 160 agencies, was penetrated by suspected Chinese hackers exploiting a flaw in SolarWinds’ software.
- “In compliance with CISA’s emergency directive and to protect USDA systems, USDA notified customers in December that it had removed SolarWinds Orion products from its networks due to the SolarWinds compromise,” a USDA spokesperson said. “While we continue to look into it, we have no evidence of a data breach of the USDA National Finance Center.”
- A USDA spokesperson initially acknowledged a breach of their systems in the Reuters article, which has since been updated to reflect USDA’s denial of the incident.
- “Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” Ron Ross, NIST fellow and chief architect of information security standards for the federal government, said. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
- NIST said the enhanced security requirements should be implemented in addition to those in SP 800-171, since that publication is not designed to address advanced persistent threats. The enhanced requirements call for “dual authorization” under access control, for example, while the basic requirements say to “limit system access to authorized users.”
– Mariam Bakh | February 3, 2021