SolarWinds CEO Says Hack Shows Need for Information-Sharing Between Industry and Government

February 23, 2021 – The data breach suffered by SolarWinds in December illustrates the need for better communications between industry and government, according to the CEO of the information tech company. CEO Sudhakar Ramakrishna said Monday that it is important that the industry shares information

SolarWinds CEO Says Hack Shows Need for Information-Sharing Between Industry and Government
Photo of SolarWinds CEO Sudhakar Ramakrishna from Health iPASS

February 23, 2021 – The data breach suffered by SolarWinds in December illustrates the need for better communications between industry and government, according to the CEO of the information tech company.

CEO Sudhakar Ramakrishna said Monday that it is important that the industry shares information because cyberattacks cannot be dealt with alone.

Ramakrishna and Suzanne Spaulding from the Center for Strategic & International Studies talked Monday about what SolarWinds and the industry had learned in the two months since the malicious attack.

“I see this as an organizational commitment to the community,” Ramakrishna said. “Why would a victim of a hack be out there talking about it? It is our obligation to do so,” he added.

Improving information sharing

Ramakrishna said there are three aspects of cyberwarfare that the community can improve on.

First, there needs to be more public and private partnerships between companies and governments to resolve these issues, which should also include protection and possible incentives for hacked victims to come forward publicly.

Second, the community needs to set better standards for itself, to reach for excellence instead of just compliance. We should do more than just check off the necessary boxes to meet requirements, he said.

Third, there needs to be better communication methods with government agencies, he noted. Ramakrishna lamented that dealing with different agencies slowed down their ability to find solutions and led to an “asymmetry of information” between the company and the government. He suggested there could be one government “clearinghouse” that communicates with companies and then disseminates the information to the necessary agencies.

The SolarWinds cyberattack, which many believe was Russian in origin, breached several prominent entities, including federal agencies, through a supply-chain software update in early 2020. Although SolarWinds initially thought up to 18,000 of its customers may have been affected, they’re learning that that number is actually much less than that, Ramakrishna said.

Neither he nor Spaulding could definitively say what the perpetrators wanted from the attack, but speculated that they had many objectives, including a few likely “prized assets,” according to Ramakrishna, and gathering details about the environments that they hacked.

They probably wanted more than just to look around—it was more than just a reconnaissance mission, Spaulding said.

Ramakrishna stepped into the CEO position at SolarWinds on January 4, and said he wasn’t expecting a malicious cyberattack to be the first priority of his new tenure, but said that he was prepared for circumstances like this from his previous experience.

He, as well as former SolarWinds CEO Kevin Thompson, will now testify in front of the U.S. House Oversight and Homeland Security Committees on Friday about the attack. to be held on Friday.