CISA head: Group of SolarWinds victims is 'solidified'

alert ( 

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, said on Monday the list of victims from the attack on SolarWinds Orion has "solidified" and he is not expecting many more organizations to come forward.

"When it comes to the SolarWinds and Microsoft Office 365 compromises from last year, I would say the victim space is largely solidified now," Wales said during an online forum hosted by the McCrary Institute at Auburn University in Alabama. "We’re not expecting to see a lot of new victims."

Anne Neuberger, the deputy national security advisor for cyber and emerging technology, has previously said nine federal agencies and roughly 100 private companies were victimized by the campaign against SolarWinds Orion, an IT management software.

Asked a similar question about victims of the recently discovered vulnerabilities in Microsoft Exchange, Wales said CISA is continuing to work with federal agencies to understand if any have been compromised. He said he could not give a definitive answer yet on if some were breached.

"Different from the Microsoft Exchange vulnerability, there’s a relatively smaller universe -- still quite large -- of companies that are utilizing things like SolarWinds Orion network management software," he said.

During the virtual event, Wales also sounded the alarm on the threat posed by ransomware and discussed his agency’s new awareness campaign.

"Ransomware continues to kind of bedevil the cybersecurity community in part because these ransomware operators are looking broadly," he said. "When we’re facing up against nation state adversaries, they’ve got a purpose behind what they’re doing. They’re looking for information.… But for ransomware operators, they’re looking at anyone."

The CISA director also noted -- as private-sector companies have outlined in reports -- the spike in remote work and digital activities as a result of the coronavirus pandemic brought with it a spike in ransomware attacks in 2020.

"If the business model remains viable, if criminal actors can continue to profit from ransomware, we are unlikely to see a significant reduction in the activity from these ransomware operators," Wales said.

About the Author

Justin Katz is a former staff writer at FCW.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected