Cyber agency says SolarWinds hack could have been deterred

The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place, a top government official acknowledged earlier this month.

In a June 3 letter to Sen. Ron Wyden (D-Ore.) provided to The Hill on Monday, Cybersecurity and Infrastructure Security Agency (CISA) acting Director Brandon Wales agreed with Wyden’s question over whether firewalls placed in victim agency systems could have helped block the malware virus used in the SolarWinds attack.

“CISA agrees that a firewall blocking all outgoing connections to the internet would have neutralized the malware,” Wales wrote.

He stressed, however, that while the agency “did observe victim networks with this configuration that successfully blocked connection attempts and had no follow-on exploitation, the effectiveness of this preventative measure is not applicable to all types of intrusions and may not be feasible given operational requirements for some agencies.”

The response comes six months after the SolarWinds hack was discovered in December after it was ongoing for most of last year. The hack, which U.S. intelligence agencies assessed earlier this year was likely backed by the Russian government, led to the compromise of nine federal agencies and around 100 private sector organizations.