Columbus uses SolarWinds, victimof cyberattack
COLUMBUS — The city of Columbus uses SolarWinds, the software firm that the U.S. Cybersecurity and Infrastructure Security Agency says was potentially used by Russia to hack critical systems nationwide, but the versions of the software the city employs aren’t yet implicated, the city’s technology director said.
Nevertheless, the city is examining the situation closely, said SamOrth, director of the city’s Department of Technology.
“The targeted version is a very special version of SolarWinds,” Orth said. “It’s not the version we’re using.”
The U. S. Cybersecurity and Infrastructure Security Agency, CISA, saidWednesday that the hack affected not only key federal agencies but also state and local governments.
SolarWinds allows customers to have an operational monitor system of critical infrastructure networks, and is one of the leading platforms available for such functions, Orth said.
“That’s why it’s troubling, because (SolarWinds) is inside our network, not outside,” Orth said.
The attack appears to allow an outside actor to literally take over systems through a back door, while hiding its communications and activity within the software’s legitimate code, according to CISA alerts on the breach posted online. Among other things, the hack can compromise the “Security AssertionMarkup Language,” or SAML, which is used to allow a person to log into different systems with one set of credentials, such as a single login and password.
“Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources tomaintain covert presence,” CISA warned in a recent alert.
CISA first warned SolarWinds users on Dec. 13 of the attack, saying that the hack “permits an attacker to gain access to network traffic management systems,” and that “disconnecting affected devices ... is the only knownmitigationmeasure currently available.”
The agency instructed users to attempt to analyze whether their networks had been compromised and lock out all traffic “to and from hosts, external to the enterprise,” anywhere a version of SolarWinds Orion software had been installed.
“SolarWinds is cooperating with the Federal Bureau of Investigation, the U. S. intelligencecommunity, and other government agencies in investigations related to this incident,” the firm said Dec. 14 in a filing with the Securities and Exchange Commission. The filing said that the company had over 300,000 customers, but only 33,000 were “active maintenance customers” during the period of the attack earlier this year, and it those infected to “be fewer than 18,000.”
Franklin County believes currently that it isn’t affected bytheattack, as it isunaware of any of its agencies using SolarWinds products, said Tyler Lowry, a spokesman for the countyBoardofCommissioners. However, Lowry directed further questions to the county auditor’s office, which runs the county’sdata center, for confirmation. Those officials could not be reached due to the holiday.