Communications Litigation Today was a Warren News publication.

SolarWinds CEO to Testify at Second Hearing Friday; He Offers Details Now

SolarWinds CEO Sudhakar Ramakrishna will testify Friday about the company’s recent breach, the House Oversight and Homeland Security committees announced Monday (see 2102180043). Microsoft President Brad Smith, FireEye CEO Kevin Mandia and ex-SolarWinds CEO Kevin Thompson will also testify. The vulnerability that enabled the breach exists in “every company, so what happened to us can happen to any software developer in the world,” Ramakrishna told a Center for Strategic and International Studies event Monday. The attacker was able to inject malware into Orion software code in a narrow way that went undetectable, so SolarWinds delivered and signed it, he said: “The ability for our bill systems to identify that did not exist.” Ramakrishna “came to know” about the breach around Dec. 13-14, when he wasn’t officially an employee, he said. He noted the attackers used older software releases as test beds. He said SolarWinds is working with third parties to understand the breadth, depth of the sophistication and patience of the attackers. SolarWinds is working with the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology on potential generalized best practices, he said. He suggested the U.S. government should have one agency for companies to inform and brief about incidents, because having multiple points of contact results in wasted time and effort.