SolarWinds Breach Reports: 'Just the Tip of the Iceberg'Philip Reitinger of Global Cyber Alliance on Responding to Supply Chain Breach
Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He’s seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the “tip of the iceberg” in terms of government and business entities that have been compromised.
On Monday, SolarWinds disclosed that 18,000 customers are believed to have been using the version of its Orion network monitoring software that is vulnerable to the attack the company disclosed Sunday. Already we know that at least five U.S. federal agencies – as well as cybersecurity vendor FireEye – have been compromised by the breach. But Reitinger, now president and CEO of the Global Cyber Alliance, believes the victim list is considerably longer.
“I do think this is the tip of the iceberg,” Reitinger says. “A compromise to widely used and valuable IT management software like SolarWinds is a unique and powerful way into the networks of lots of players, including highly defended ones. It’s also extremely difficult to defend against.”
In this video interview with Information Security Media Group, Reitinger discusses:
- The evolution of supply chain attacks;
- The value of information sharing to contain the breach damage;
- The cybersecurity defense challenge awaiting the Biden administration.
Reitinger is president and CEO of the Global Cyber Alliance, a nonprofit organization focused on eradicating systemic cybersecurity risks. He also serves on the advisory boards of several companies, mentors startups and is a senior associate (nonresident) at the Center for Strategic and International Studies. Formerly, he filled senior cybersecurity roles at VisionSpear LLC, Sony and Microsoft. In addition, Reitinger in 2009 was appointed as the deputy undersecretary for the national protection and programs directorate at the Department of Homeland Security. He also served as the first executive director of the Department of Defense's cybercrime center and as deputy chief of the computer crime and intellectual property section at the Department of Justice.