CISA head: Group of SolarWinds victims is 'solidified'

alert ( 

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency, said on Monday the list of victims from the attack on SolarWinds Orion has "solidified" and he is not expecting many more organizations to come forward.

"When it comes to the SolarWinds and Microsoft Office 365 compromises from last year, I would say the victim space is largely solidified now," Wales said during an online forum hosted by the McCrary Institute at Auburn University in Alabama. "We’re not expecting to see a lot of new victims."

Anne Neuberger, the deputy national security advisor for cyber and emerging technology, has previously said nine federal agencies and roughly 100 private companies were victimized by the campaign against SolarWinds Orion, an IT management software.

Asked a similar question about victims of the recently discovered vulnerabilities in Microsoft Exchange, Wales said CISA is continuing to work with federal agencies to understand if any have been compromised. He said he could not give a definitive answer yet on if some were breached.

"Different from the Microsoft Exchange vulnerability, there’s a relatively smaller universe -- still quite large -- of companies that are utilizing things like SolarWinds Orion network management software," he said.

During the virtual event, Wales also sounded the alarm on the threat posed by ransomware and discussed his agency’s new awareness campaign.

"Ransomware continues to kind of bedevil the cybersecurity community in part because these ransomware operators are looking broadly," he said. "When we’re facing up against nation state adversaries, they’ve got a purpose behind what they’re doing. They’re looking for information.… But for ransomware operators, they’re looking at anyone."

The CISA director also noted -- as private-sector companies have outlined in reports -- the spike in remote work and digital activities as a result of the coronavirus pandemic brought with it a spike in ransomware attacks in 2020.

"If the business model remains viable, if criminal actors can continue to profit from ransomware, we are unlikely to see a significant reduction in the activity from these ransomware operators," Wales said.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected