https://it.nc.gov/resources/cybersecurity-risk-management/solarwinds
The above link from the North Carolina Joint Cyber Security Task Force contains the latest information and resources regarding the SolarWinds supply chain compromise for North Carolina state agencies, local governments, academic institutions, and private sector entities.
The NC Joint Cybersecurity TF is actively monitoring this situation and has stood up a site to post the latest reports DHS CISA, MS-ISAC, and others.
The TF is very concerned about the “unknowns” meaning other vendors who have been impacted and are not forthcoming as they strive for reputational goals. This puts our entire infrastructure in a questionable posture and places a heavy load on the current IT/Cyber staff for monitoring and threat hunting. Many companies, especially small ones do not have the SMEs to conduct such activities.
The TF is asking state, local, and academic entities to complete a short questionnaire to help it assess the state’s security posture. Information shared as part of this process will be protected from public disclosure under N.C. G.S. 132-6.1(c). https://it.nc.gov/resources/cybersecurity-risk-management/solarwinds
The TF is also encouraging all SolarWinds users of impacted/affected versions to take them offline—similar to the Federal approach and wait for a clean version or better yet, migrate from the solution. We envision there will be more claims of impact as the days go on. Be sure to Report Cyber incidents using the Statewide Cybersecurity Incident Report Form
Latest Updates
Updated Guidance from CISA
Dec. 29, 2020
The Cybersecurity and Infrastructure Security Agency has issued new guidance that supplements Emergency Directive 21-01 and Supplemental Guidance v1, issued Dec. 18, 2020. While the emergency directive is aimed at federal civilian agencies, CISA encourages the broader cyber community to review and consider taking these actions as part of their event management and mitigation.
Specifically, all federal agencies operating versions of the SolarWinds Orion platform other than those identified as “affected versions” below are required to use at least SolarWinds Orion Platform version 2020.2.1HF2. The National Security Agency has examined this version and verified that it eliminates the previously identified malicious code. Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020.