Flag of Ukraine on a computer binary codes falling from the top and fading away. (Getty images)
WASHINGTON — Foreign governments top the list of major cybersecurity concerns among federal, state, local, and education agency IT professionals, according to the newest results of software firm SolarWinds‘ annual cybersecurity survey.
Since 2014, SolarWinds has surveyed officials about their biggest cybersecurity concerns, revealing ever-rising anxiety about nation-state attacks. 60 percent of respondents named “foreign governments” as one of the greatest threats in 2023, up sharply from 41 percent in 2021. (There was no survey in 2022 because SolarWinds shifted from doing the annual poll at the end of the year to the beginning). That edged out “careless/untrained insiders,” a top concern for 58 percent of respondents; the survey distinguishes breaches caused by insider ineptitude from those caused by “malicious insiders” actively seeking to do harm, which was identified as a top concern by only 28 percent of those surveyed.
Among federal respondents specifically, 63 percent considered foreign governments one of the greatest threats, up from 59 percent in 2021 and nearly double the 34 percent figure from the first year of the survey in 2014 — incidentally the year Russia first invaded Ukraine.
RELATED: Cyber lessons from Ukraine: Prepare for prolonged conflict, not a knockout blow
What’s driving this anxiety? “Over the past decade, there’s been a shift from the physical battleground to the digital battleground as more and more nation states use the cyber landscape to execute aggressive espionage campaigns, as well as other cyber attacks like ransomware and spyware,” said SolarWinds VP Brandon Shopp in an email with Breaking Defense. “The conflict in Russia and Ukraine has only heightened tensions and expedited such efforts.
“Data shows that these nation state-sponsored attacks are increasing,” he added, “and our SolarWinds Public Sector Cybersecurity Survey findings are evidence that it is also increasingly top of mind for public sector IT professionals.”
SolarWinds should know about the risks of government-led attacks. The company was famously hacked in 2020 when a routine update to its Orion network management software was turned into a Trojan horse to deliver malware to about 18,000 customers, compromising “about 100 companies and about a dozen government agencies,” according to NPR, including the Homeland Security Department’s own Cybersecurity and Infrastructure Security Agency. The US government publicly pinned the attack on the SVR, the Russian agency that inherited the foreign-intelligence operations of the Soviet KGB.
The cyberattack, codenamed SUNBURST, “illuminated the increasingly sophisticated threats made by outside nation-states to the supply chains and infrastructure on which we all rely,” Shopp acknowledged in his email. “[But] SolarWinds and the software industry have evolved dramatically since SUNBURST.”
In particular, the company changed how it puts together software, creating a Next Generation Build System that develops duplicate versions of each update and relentlessly cross-checks them against each other to insure no one has inserted unauthorized code. SolarWinds has also shared its new techniques and lessons-learned across the industry, Shopp said. “it is our belief that transparency and cooperation are the best tools to prevent and protect against future attack,” he told Breaking Defense.
SOURCE: SolarWinds Cyber Survey 2023
A major overhaul is coming in software for missile warning
Space Systems Command’s FORGE program is the first, major missile-warning software modernization effort in 20 years.
Norway’s top officer on his ‘biggest challenge,’ next frigate and new NATO neighbors
Gen. Eirik Kristoffersen, Norway’s Chief of Defense, talks to Breaking Defense about his plans for spending on new frigates and subs, the challenges of upgrading Norway’s “digital backbone” and refilling the military’s stocks.
