As a society, so much of everything we do these days revolves around trusted and safe technology designed to make our lives easier and more efficient.
The attacks against SolarWinds and numerous other companies in recent months have revealed malicious cyber actors increasingly look to take advantage of our digital dependencies. We believe these events make clear that a successful defense against attacks by a determined, persistent, and sophisticated threat actor with the resources and capabilities of a nation-state will require substantially enhanced levels of public-private collaboration. We have been—and remain—committed to partnering with government and industry partners to present a united front against criminals and foreign cyberactors.
At SolarWinds, our top priority has been to work diligently to support our customers and to assist in securing the safety of their environments. We’ve looked to achieve this by collaborating with U.S. government agencies to understand what happened and by being transparent about what we have learned to help our customers, government agencies, and industry partners alike to be safe.
We recognize the importance of the industry embracing a collective defense approach, a “community vigil,” so to speak—as we can no longer treat cybersecurity as an “everyone for themselves” job. We believe the Executive Order on Federal Cybersecurity
and the recent nominations for critical cybersecurity leadership positions are important steps towards achieving a collective defense posture.
We’ve discovered coordinated disclosure of incidents and transparent, prompt information-sharing only helps protect us all. As the developer of the software and services upon which our customers rely, we’re committed to being forward-leaning and clear on the steps we’re taking to help ensure the safety and security of our products. The Executive Order sets forth a roadmap for government vendors to do just that, and through our Secure by Design
initiative, SolarWinds has already taken significant steps to improve our own security protocols in line with the Executive Order. We stand ready to support our customers to meet the recommendations and requirements we expect to follow this Executive Order in the days and weeks to come.
We appreciate the efforts of this Administration, Congress, and other government authorities to elevate the importance of this issue by taking concrete steps to address and deter these threats moving forward. We continue our work to support efforts designed to help protect the security of our industry and our customers’ critical networks and IT infrastructure. We understand the power a strong, collective response can provide against threats of this kind.
As an organization, we intend to learn everything possible from this experience, and continue learning, so SolarWinds can become an industry leader in secure software development as we serve our customers. We’ve appreciated the opportunity to work with many outstanding organizations during our investigation and remediation efforts.