As reported in the news, an actor affiliated with a foreign state used the SolarWinds Orion Platform software to compromise public and private computer networks in the United States. The SolarWinds Orion software is used to manage computer networks across the nation. At this point, federal, state, tribal/territorial, and local officials are still evaluating the exploit and examining the damage that has been done.
The IAFC recommends that local fire chiefs:
Contact your computer network administrator to see if your computer systems have been affected. If you are on a city or county computer system, please contact that city or county IT office to ascertain if your fire department’s systems are vulnerable to this attack. Ask your city or county network administrators to check with “trusted partners,” who are vendors that have access to your systems. Make sure that the “trusted partners” have not been compromised.
If your systems are vulnerable to the Orion software vulnerability, please make sure that they are patched. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CSIA) has technical information about this exploit.
If your systems have been compromised, please contact your local FBI office. Please develop a workaround plan if the system is compromised.
Please use this incident to train your staff on basic cyber-hygiene. The IAFC, in collaboration with American Military University and Fire Rescue1, created a guide to help local fire departments prepared for cyberattacks.
Stay safe. Stay vigilant.
Ken LaSala is the IAFC’s Director of Government Relations and Policy.