In the wake of a riot and invasion of the U.S. Capitol, a panel of cybersecurity experts sat down to discuss another unprecedented incident facing the nation: the SolarWinds cyberattack that has impacted networks across all levels of government and the private sector.
The Thursday discussion, which was moderated by John Carlin, chair of the Cybersecurity and Technology program at The Aspen Institute, aimed to answer three questions: How did the cybersecurity defenses fail so severely, the long-term risks and what to do now?
To answer these questions, The Aspen Institute turned to Sen. Mark Warner, D-Va.; Kevin Mandia, the CEO of cybersecurity firm FireEye; and Katie Moussouris, the founder and CEO of Luta Security.
The alleged Russian cyberattack, which initially took place in the spring of 2020, was first discovered by FireEye on Dec. 9. After extensive research into the specifics of the attack, Mandia and his team alerted government officials.
“In this particular case, we noticed that someone was accessing our network with a registered device associated with one of our employees,” he said. “We asked the employee if they recently registered the device, to which they replied no, and it was then that we realized that someone was bypassing our two-factor authentication process to appear as someone within our company.”
Through this process, hackers were able to open a backdoor that allowed them to access information from the company and countless others.
Since then, the government and companies like FireEye, Microsoft and other cybersecurity firms have been working together to determine how many compa ..