Full Title: SolarWinds and Related Supply Chain Compromise: Lessons for the North American Electricity Industry
Author(s): Federal Energy Regulatory Commission (FERC), Electricity Information and Analysis Sharing Center (E-ISAC)
Publisher(s): Federal Energy Regulatory Commission (FERC), Electricity Information and Analysis Sharing Center (E-ISAC)
Publication Date: July 7, 2021
Full Text: Download Resource
This white paper, prepared jointly by Federal Energy Regulatory Commission (FERC) staff and the EISAC, emphasizes the need for continued vigilance by the electricity industry related to supply chain compromises and incidents and recommends specific cybersecurity mitigation actions to better ensure the security of the bulk-power system (BPS). While focusing primarily on the ongoing cyber event related to the SolarWinds Orion platform and related Microsoft’s 365/Azure Cloud compromise, it also addresses related compromises in products such as Pulse Connect Secure. Two additional examples of compromises, Microsoft’s on-premise Exchange servers and F5’s BIG-IP are discussed to illustrate continued adversary interest and exploitation of ubiquitous software systems.
Because of SolarWinds’ wide use and the adversarial tactics used, even entities that did not install SolarWinds on their networks could still be impacted. For example, the indicators of compromise (IOCs) have been found on networks without SolarWinds. In addition, although SolarWinds may not have been used by entities, their key suppliers may use the product. Should the suppliers be compromised, the supplier in turn could compromise their customers, including those without SolarWinds. In fact, there is evidence technology firms were targeted for this reason.