How Unprotected Encryption Keys Enabled the SolarWinds Attack
Brad Beutlich of Entrust Discusses Misinformation Surrounding Encryption and Quantum ComputingThe Senate Intelligence Committee hearing on the SolarWinds supply chain attack exposed the crucial flaw that allowed attackers, likely Russian, to gain entry into the company's system. Brad Beutlich of Entrust discusses how SolarWinds did not protect its encryption keys, which allowed them to be stolen and used by the malicious actor.
"Everyone talks about the fact that code was inserted into the system, but they don't talk about how code got there. And that is critical - that the crypto keys for authentication were stolen," Beutlich says.
In a video interview with Information Security Media Group, Beutlich discusses:
- Why it was so easy for the attackers to find and take SolarWinds' encryption keys;
- The proper way to store keys so an attacker cannot easily find them;
- The role quantum computers are currently playing and will play in the future regarding encryption.
Beutlich is vice president of western U.S. and LATAM sales at Entrust. For the last 13 years, he has worked for Entrust, providing security solutions that protect customer data, financial transactions and IoT device manufacturing. Beutlich has worked with numerous U.S.-based companies over the past 20 years, providing security solutions ranging from endpoint to data security.