Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency's (CISA) National Risk Management Center (NRMC), said his team has studied the software risks associated with last year's SolarWinds hack, Fedscoop reported Wednesday.
SolarWinds was a Russian malware attack that affected Orion software in multiple federal agencies. Kolasky said NRMC assessed SolarWinds-related software risks over a span of four months.
Attacks like SolarWinds, according to Kolasky, should be addressed by bolstered supply chain security. He said users must gain a better understanding of their critical information technology processes, as well as the software and hardware involved.
“That actually means differentiating between the hardware and software you rely upon to do critical processes and doing your own survey of what your critical processes are,” he stated.
NRMC serves as a collaborative medium where parties from different sectors may jointly study and manage infrastructure risks.