Innovative cybersecurity measures play a crucial role in safeguarding digital assets and critical infrastructure in an increasingly interconnected world. At SolarWinds, we’re passionate about understanding evolving cyber risks and committed to the public-private partnerships needed to combat threats. To learn more, we hosted SolarWinds Day: A Trusted Vision for Government IT in Washington, D.C., on March 19, 2024. The event featured a panel discussion with U.S. Congressman Raja Krishnamoorthi (D-IL-8); Christopher D. Roberti, Senior Vice President for Cyber, Space, and National Security Policy at the U.S. Chamber of Commerce; Chip Daniels, SolarWinds Vice President of Government Affairs; and SolarWinds President and CEO, Sudhakar Ramakrishna.
New Strides: The SolarWinds Response to Federal Mandates
To kick off the event, Chip Daniels discussed how SolarWinds responded proactively to President Biden's Executive Order on Improving the Nation’s Cybersecurity (EO 14028), issued in May 2021. The executive order mandates federal agencies to use software only from vendors that can attest that their products are developed in accordance with the National Institute of Standards and Technology’s (NIST®) Secure Software Development Framework (SSDF). Daniels explained that over the last 18 months, multiple functions across SolarWinds have been carefully reviewing our processes and controls to ensure that we can self-attest our compliance. Daniels announced that Sudhakar Ramakrishna had just the day prior signed the Secure Software Development Attestation form, released by the Cybersecurity and Infrastructure Security Agency (CISA) and Office of Management and Budget (OMB) in response to the EO 14028. In submitting its form to the Repository for Software Attestation and Artifacts (RSAA), SolarWinds became the first software provider to formally attest that our products are in alignment with the EO 14028 requirements and secure for federal agencies to use. This swift compliance underscores our continued commitment to upholding government cybersecurity standards, now and in the future.
Public-Private Partnership in a Heightened Threat Landscape
Daniels’ opening remarks were followed by a panel discussion, during which Ramakrishna emphasized the ongoing need to “synthesize, disseminate, and leverage information” between private and public sector entities. He cautioned that, despite increased activity, tangible improvements in safety are still lacking. Citing ongoing breaches experienced by other Fortune 500® companies, Ramakrishna stressed that “intellectual transparency is the fastest and the best way to fight these attacks." Following on from these comments, Christopher D. Roberti insisted that “no company, no matter how big or sophisticated, has a chance against a nation-state adversary, and therefore the U.S. government needs to use its authorities and capabilities—together with the knowledge and resources of the private sector—to tackle the threat.”
The panelists spoke at length about the cybersecurity threat from hostile nation-states, particularly China. Congressman Krishnamoorthi broke down the threat from the Chinese Communist Party into “three areas: the technological risks, the national security risks, and the economic risks associated with the competition with the CCP.” Krishnamoorthi outlined concerns about the fusion of Chinese-based companies with the government and military. Ramakrishna highlighted the evolving nature of cyber threats, noting a troubling shift from intellectual property theft and disruption of the private sector to targeting critical infrastructure.
Cultivating Cross-Sector Transparency
When asked what private sector companies should prioritize in relation to security in 2024, Ramakrishna reaffirmed Secure by Design principles. He also called for private and public bodies to be more consistent in their collaboration against threats. Speaking of the entire tech industry, he said: “(There is) an internal obligation that we all have to take, but we also have an external obligation, and that is to be much more transparent with threat information and security information than we have been all these years.” Ramakrishna continued, “there's a lot of work that can still be done, both by the private sector as well as agencies like CISA, to lift everyone's security postures up.” The event concluded with a briefing on the SolarWinds suite of secure solutions, designed using our Next-Generation Build System to help government entities streamline and upgrade IT services while meeting constituent needs.
The insights shared at this event emphasize the remarkably dynamic nature of today's threat landscape. Conversations like those held at SolarWinds Day: A Trusted Vision for Government IT form the basis for the consistent private-public collaboration required to protect our data, systems, and critical infrastructure from increasingly sophisticated threat actors. To learn more about how SolarWinds solutions serve government organizations, visit our public sector resource center.