Assisted NC businesses in winning 4,543 contracts minimum value of $17.12 billion
Support Provided by Fayetteville Technical Community College

N.C. Joint Cybersecurity Task Force SolarWinds Impact Incident Management

The above link from the North Carolina Joint Cyber Security Task Force contains the latest information and resources regarding the SolarWinds supply chain compromise for North Carolina state agencies, local governments, academic institutions and private sector entities.

The NC Joint Cybersecurity TF is actively monitoring this situation and have stood up a site to post latest reports DHS CISA, MS-ISAC and others. 

The TF is very concerned about the “unknowns” meaning other vendors who have been impacted and are not forthcoming as they strive for reputational goals.  This puts our entire infrastructure in a questionable posture and places a heavy load on the current IT/Cyber staff for monitoring and threat hunting.  Many companies, especially small ones do not have the SMEs to conduct such activities. 

The TF is asking state, local and academic entities to complete a short questionnaire to help it assess the state’s security posture. Information shared as part of this process will be protected from public disclosure under N.C. G.S. 132-6.1(c).

The TF is also encouraging all SolarWinds users of impacted/affected versions to take them offline—similar to the Federal approach and wait for a clean version or better yet, migrate from the solution.  We envision there will be more claims of impact as the days go on.Be sure to Report Cyber incidents using the Statewide Cybersecurity Incident Report Form

Latest Updates

Updated Guidance from CISA

Dec. 29, 2020

The Cybersecurity and Infrastructure Security Agency has issued new guidance that supplements Emergency Directive 21-01 and Supplemental Guidance v1, issued Dec. 18, 2020. While the emergency directive is aimed at federal civilian agencies, CISA encourages the broader cyber community to review and consider taking these actions as part of their event management and mitigation. 

Specifically, all federal agencies operating versions of the SolarWinds Orion platform other than those identified as “affected versions” below are required to use at least SolarWinds Orion Platform version 2020.2.1HF2. The National Security Agency has examined this version and verified that it eliminates the previously identified malicious code. Given the number and nature of disclosed and undisclosed vulnerabilities in SolarWinds Orion, all instances that remain connected to federal networks must be updated to 2020.2.1 HF2 by COB December 31, 2020. 

The NC Military Business Center, the NC Community College System, and the State of North Carolina do not officially endorse events. These items are posted strictly for the information and convenience of NCMBC customers.

website by Biz Tools One