Could U.S.-Funded Cybersecurity System Have Foiled SolarWinds Attack?

Print More

As America struggles to assess the damage from the devastating SolarWinds cyberattack discovered in December, a system the federal government funded but has never required its vendors to use could shore up the vulnerability the hackers exploited, reports ProPublica.  Named in-toto (Latin for “as a whole”), the system is backed by $2.2 million in federal grants and aims to provide end-to-end protection for the entire software supply pipeline. It is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University, and is available for free. However, despite its potential security benefits, the federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.

In-toto, which has been available since 2018, could block and reveal countless cyberattacks that currently go undetected, according to Cappos, whose team reported studying 30 major supply-chain breaches dating back to 2010. In-toto, they concluded, would have prevented between 83 percent and 100 percent of those attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *