The sophistication and technological attributes of the recent SUNBURST supply chain attack against SolarWinds is of great concern to us and to our customers, and we hope to the entire technology industry. The very nature of this attack has led experts to conclude a foreign government was likely responsible. SolarWinds customers in both the private and public sectors also were victims of this SUNBURST attack, and there have been media reports that other software companies may have been targeted as well. We are currently the most visible victim of this attack, but we are likely not alone.
In response to this attack, we are supporting our customers, hardening our products and systems, working with industry-leading third-party cybersecurity experts, and collaborating with our partners, vendors, law enforcement, and intelligence agencies around the world.
All of us in the technology industry face this threat. As stated in the Cyberspace Solarium Commission Executive Report from March 2020, “The United States now operates in a cyber landscape that requires a level of data security, resilience, and trustworthiness that neither the U.S. government nor the private sector alone is currently equipped to provide.”
As the severity, complexity, and scale of these hacks become more apparent, companies that have been targeted or could be future targets need to join together for an industry-wide approach in partnership with government, not only to assess what happened here, but to help better prepare the industry for the future.
We believe the extraordinary nature of this attack demonstrates a need within the industry for a formal set of procedures and a commitment to knowledge-sharing about potential cybersecurity threats in real time and aligned with the principles of responsible disclosure.
We must break down the silos that have traditionally prevented the prompt and proactive exchange of intelligence about potential and urgent threats. Our industry must also look to our partners in government for their considerable expertise and broad resources in addressing the cybersecurity threat faced by U.S.-based firms and government agencies.
SolarWinds supports the urgent effort to adopt industry-wide standards of collaboration across a diverse set of organizations. We believe that by working together, in close coordination with the federal government, the technology industry will be able to more effectively defend our companies, our customers, and our national infrastructure against brazen, significant, and sophisticated attacks.
We only empower our adversaries when we blindfold each other. SolarWinds is committed to protecting the interests of our customers and will continue to collaborate with private enterprises and government authorities to seek to make the world a safer place.