“Today, the House Committee on Science, Space, and Technology’s Subcommittees on Investigations & Oversight and Research & Technology are holding a hearing titled, “SolarWinds and Beyond: Improving the Cybersecurity of Software Supply Chains.”Chairman of the Subcommittee on Investigations and Oversight, Rep. Bill Foster’s (D-IL), opening statement for the record is below.
We’re focusing on the software supply chain today. And cybersecurity attacks through the software supply chain are a special kind of insidious. Supply chain attacks are harder to detect, to prevent, and to remediate than traditional malware. And once an adversary is in the system, they can deploy multiple types of attacks to maintain access and steal data. They might run amok on your system for a long time once they’re in, because their access came through a trusted partner. In the case of SolarWinds, the Russian intelligence service embedded a backdoor in the company’s Orion software in the fall of 2019. Customers were downloading the infected software by the spring. 18,000 organizations did this over the course of 2020. And not one of them realized that they had company on their networks until FireEye detected the breach on their own systems and sounded the alarm in December…”