Skip main navigation

Lessons learnt from cyber attacks

Reflection on the lessons learnt by Solar Winds and Colonial Pipeline and the efforts they have taken to strengthen their security
Poeple walking through corporate office foyer

To assess the current state of cyber security, let’s revisit the SolarWinds cyber attack, which provided insight into the effects of a sophisticated supply chain cyber attack.

This case study highlighted how attackers can “take over” third-party management software and stealthily penetrate the users using the software, thereby creating a cumulative danger to the economy and, in some cases, the country’s security.

In the following article (Brown, 2022), SolarWinds has briefly explained how they aim to set new standards in software development with a new software build system called Next-Generation Build System. The article describes four key central tenets of this system. These tenets are:

Base icon 1. Base: Base the system on ephemeral operations that leave no long-lived environments available for attackers to compromise.
Produce icon 2. Produce: Produce deterministic artefacts / reproducibility checks on software products to ensure security.
Build icon 3. Build: Build in parallel – utilise three logical environments – standard, validation and security.
Verify icon 4. Verify: Verify every build step before software is released.

Read

Read this article to examine how, as a result of the cyber attack experienced and lessons learnt, SolarWinds has strengthened its approach to building secure products and systems with the Next-Generation Build System:

Reflect

When you have read the ‘SolarWinds Aims to Set New Standard in Software Development with Next-Generation Build System’ article, take the time to identify and reflect on the following:

  1. Identify how SolarWinds proactively and preventatively mitigate online threats by anticipating, detecting, and eliminating possible loopholes in the process of software design and development.
  2. Identify the presence/absence of consideration given to Confidentiality, Integrity and Availability in these central tenets. For example, it states, “cryptographically signed statements of fact are produced for each task executed in the pipelines” (Brown, 2022). This strengthens the confidentiality attached to the software build process as attackers find it difficult to penetrate cryptographically signed items (software module).
  3. What further steps can be taken to use the CIA central tenets as the basis to develop Security by Design culture, leadership, and organisation practices?

Share your thoughts in the comments.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now