CASE STUDY: THE SUPPLY CHAIN ATTACK ON SOLARWINDS

In $2020,$ SolarWinds, a leading provider of IT management software, suffered a

major supply chain attack. Hackers infiltrated SolarWinds' software development

process and inserted malicious code into their Orion platform, a widely used

network monitoring and management tool. This compromised software was then

distributed to thousands of SolarWinds customers, including government agencies

and Fortune $500$ companies, leading to a widespread and sophisticated cyber

espionage campaign.

YOUR TASK

You are a cybersecurity risk analyst working for a government agency that was

affected by the SolarWinds supply chain attack. Your task is to analyse the

incident and develop a comprehensive report that addresses the following

questions:

$1.$ Explain how the NIST Risk Management Framework $($RMF$)$ or the ISO

$31000$ standard could have been used to identify and assess the risks

associated with using third$-$party software like SolarWinds Orion.

$2.$ Discuss the importance of vulnerability management in mitigating the

risks of supply chain attacks. How could SolarWinds have implemented a

more effective vulnerability management program to detect and address

the malicious code inserted into their software?

$3.$ Describe the key components of a Third$-$Party Risk Management $($TPRM$)$

program. How could a robust TPRM program have helped organizations

identify and mitigate the risks associated with using SolarWinds Orion?

$4.$ Analyse the SolarWinds incident in the context of risk identification,

assessment, and treatment. What were the key risks that organizations

failed to identify or address? How could these risks have been mitigated

or treated more effectively?

WORKSHOP INSTRUCTIONS

$1.$ Carefully review the details of the SolarWinds supply chain attack and

understand the sequence of events that led to the compromise.

$2.$ Familiarize yourself with the NIST Risk Management Framework $($RMF$)$

and the ISO $31000$ standard, focusing on their risk identification,

assessment, and treatment processes.

$3.$ Research best practices for vulnerability management and third$-$party risk

management $($TPRM$)$ programs.

$4.$ Analyse the SolarWinds incident through the lens of risk management

frameworks, identifying the key risks and missed opportunities for

mitigation.

$7019$ICT Cyber Security Risk Management

$6$

$5.$ Develop a comprehensive report that addresses the questions outlined

above, providing clear explanations, supporting evidence, and actionable

recommendations for improvement.

WORKSHOP WRITE$-$UP STRUCTURE

Use the following structure for your report:

Introduction

$$ Briefly summarize the SolarWinds supply chain attack and its impact.

Risk Management Frameworks

$$ Explain how the NIST RMF or ISO $31000$ could have been used to identify

and assess risks.

Vulnerability Management

$$ Discuss the importance of vulnerability management in mitigating supply

chain attacks.

$$ Suggest improvements to SolarWinds' vulnerability management

program.

Third$-$Party Risk Management $($TPRM$)$

$$ Describe the key components of a TPRM program.

$$ Explain how a robust TPRM program could have helped mitigate risks.

Risk Identification, Assessment, and Treatment

$$ Analyse the SolarWinds incident in the context of risk management.

$$ Identify key risks and missed opportunities for mitigation.

Recommendations

$$ Provide actionable recommendations for organizations to improve their

risk management practices and protect against supply chain attacks.

Conclusion

$$ Summarize your findings and emphasize the importance of proactive risk

management in cybersecurity.

Your report should be approximately $600$ words in length and be written in the

workshop template provided on the course website. Support your analysis with

evidence from the case study and your research