Cloud Security , Incident & Breach Response , Security Operations

SolarWinds Breach Reports: 'Just the Tip of the Iceberg'

Philip Reitinger of Global Cyber Alliance on Responding to Supply Chain Breach
Philip Reitinger, president and CEO, Global Cyber Alliance

Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He’s seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the “tip of the iceberg” in terms of government and business entities that have been compromised.

On Monday, SolarWinds disclosed that 18,000 customers are believed to have been using the version of its Orion network monitoring software that is vulnerable to the attack the company disclosed Sunday. Already we know that at least five U.S. federal agencies – as well as cybersecurity vendor FireEye – have been compromised by the breach. But Reitinger, now president and CEO of the Global Cyber Alliance, believes the victim list is considerably longer.

See Also: From CNAPP to CDR: The Cybersecurity Road Ahead

“I do think this is the tip of the iceberg,” Reitinger says. “A compromise to widely used and valuable IT management software like SolarWinds is a unique and powerful way into the networks of lots of players, including highly defended ones. It’s also extremely difficult to defend against.”

In this video interview with Information Security Media Group, Reitinger discusses:

  • The evolution of supply chain attacks;
  • The value of information sharing to contain the breach damage;
  • The cybersecurity defense challenge awaiting the Biden administration.

Reitinger is president and CEO of the Global Cyber Alliance, a nonprofit organization focused on eradicating systemic cybersecurity risks. He also serves on the advisory boards of several companies, mentors startups and is a senior associate (nonresident) at the Center for Strategic and International Studies. Formerly, he filled senior cybersecurity roles at VisionSpear LLC, Sony and Microsoft. In addition, Reitinger in 2009 was appointed as the deputy undersecretary for the national protection and programs directorate at the Department of Homeland Security. He also served as the first executive director of the Department of Defense's cybercrime center and as deputy chief of the computer crime and intellectual property section at the Department of Justice.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.