CISA Warns Agencies of SolarWinds Orion Compromise via Emergency Directive

The Cybersecurity and Infrastructure Security Agency has released an emergency directive directing all federal civilian agencies to mitigate a compromise that threat actors are exploiting in SolarWinds' (NYSE: SWI) Orion Network Management products.

CISA Acting Director Brandon Wales said in a statement published Sunday the vulnerability “poses unacceptable risks to the security of federal networks.”

“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation,” Wales added.

According to the directive, an attacker uses the vulnerability to get access to network traffic management systems and agencies should immediately disconnect from their networks SolarWinds Orion products versions 2019.4 to 2020.2.1 HF1.

Agencies using SolarWinds products were advised to submit completion reports to CISA by Dec. 14, Monday.

“The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response,” Alexei Woltornist, assistant secretary for public affairs at DHS, said in a statement Monday.

Sponsor

×

Stay ahead in GovCon

Join thousands of government contractors who rely on GovCon Wire for the latest updates in federal spending, bid opportunities, and compliance changes.

Whether you’re new to the space or scaling up, our brief keeps you informed and ready to act.

Email Address *

First Name *

Last Name

Position

Company

Related Articles

FTC Requires Divestitures to Clear Boeing’s Spirit Acquisition

The Federal Trade Commission has proposed that Boeing divest Spirit AeroSystems assets to resolve antitrust concerns over the companies’ planned…

Northrop Grumman Secures $200M Army Contract for XM1211 High Explosive Proximity Rounds

Northrop Grumman has secured a contract valued at more than $200 million from the U.S. Army for the procurement of XM1211…

Axonius Federal’s Brian Meyer on Cybersecurity Asset Management

Brian Meyer, federal field chief technology officer at Axonius Federal, said cybersecurity asset management could help government agencies make dozens…

Red River Expands Cyber Capabilities Through Invictus Acquisition

“Technology transformation company Red River has acquired Invictus International Consulting to expand its cybersecurity and enterprise modernization capabilities to support…

War Department Details Drone Dominance Program in New RFI

The Department of War has issued a request for information to gather industry feedback on its plan to produce small…

Synergy ECP Expands Defense & Intelligence Capabilities With NetServices Acquisition

Synergy ECP, a software engineering, cybersecurity and systems engineering services provider, has acquired NetServices, a company offering secure, mission-focused technology services. The…

CACI Awarded $145M Task Order to Support Portsmouth Naval Shipyard Engineering Work

CACI International has secured a potential five-year, $145 million task order to continue providing engineering services to the U.S. Navy’s…

Securing the Convergence Era: Why Cyber, AI, and Critical Infrastructure Are Now Interdependent Risks

By Chuck Brooks, president of Brooks Consulting International Federal agencies and their industry counterparts are moving at a breakneck pace…

When People, Suppliers & Threats Converge, Only a Risk Intelligence Platform Works

By Benji Hutchinson, CEO of Babel Street Modern adversaries don’t attack in one dimension. They exploit global supply chains, digital…

Precision Aerospace & Defense Group to Merge With FACT II Acquisition in $320M Transaction

Precision Aerospace & Defense Group and FACT II Acquisition, a special purpose acquisition company, have signed a definitive business combination agreement to…

BAE Systems Inc. Promotes Anjali Chaturvedi to Chief Ethics Officer

The U.S. subsidiary of BAE Systems has appointed Anjali Chaturvedi, a more than three-decade legal professional, as vice president and…

LMI Acquires IP to Launch SPECTR Sensor Mesh Platform

LMI has announced the acquisition of intellectual property and advanced capabilities to broaden its in-transit visibility and asset tracking services for…

You’ve already read all related articles.

Executive Interviews