Joe Nocera is the leader of PwC’s Cyber and Privacy Innovation Institute.
Casey Herman is the leader of the firm’s U.S. Power and Utilities Industries Practice.
In mid-December, the U.S. government acknowledged it was hit hard by numerous cyberattacks via third party vendor software called SolarWinds. The attack was broad, and it wasn't just the government that was victimized, there was a range of companies, including firms supposed to protect them.
The hack was made on the SolarWinds Orion platform, by what are being called by the experts as sophisticated actors. The supply chain being secured via executive order is what PUF talked about with PwC's Casey Herman, U.S Power and Utilities Leader, and Joe Nocera, PwC's Cyber & Privacy Innovation Institute Leader, in December's issue, decidedly prescient.
Here, we turn again to these cybersecurity experts to unpack what happened. You will learn how this novel, nefarious attack got into numerous systems, whether it is still a problem, and how to protect against it going forward. This is a must read.
PUF's Steve Mitnick: There's been some concerning news about Orion and SolarWinds. Talk about that, and does that affect the utilities industry?
Joe Nocera: I can't talk about specific products or clients but when I think about the scenario, this threat, and the threat of an advanced actor attacking the software supply chain, this is a unique attack. It's something we've never seen before, as it relates to the sophistication of the attack, and the difficulty in detecting the attack.