|There have been a number of reports in the press that a popular server management tool made by SolarWinds has been compromised by the insertion of malware into a software update that was released in the spring. Based on currently available information, it appears this update was the cause of the FireEye breach and has been used to access the U.S. Treasury, the U.S. Department of Commerce, and other government agencies.
In a regulatory filing, SolarWinds advised that about 18,000 of its customers had downloaded the compromised update.
On Sunday, the U.S. Department of Homeland Security (DHS) issued Emergency Directive 21-01. The DHS emergency directive contains instructions on steps to mitigate exposure, which includes imaging systems and then “immediately disconnect or power down SolarWinds Orion products, versions 2019.4 through 2020.2.1 HF1, from their network.” Based on their notice, the impacted software appears to be the highlighted versions. With the urgency of this directive, it may be wise for anyone using these versions of the software to follow the DHS directive Mitigate SolarWinds Orion Code Compromise.
Risk Management & Insurance Considerations
The incident involving SolarWinds highlights the importance of being prepared for anything in this brave new tech-dependent world. Most cyber insurance policies offer comprehensive protection for organizations against the exact risks presented by the incident involving SolarWinds. Although cyber policies differ greatly in terms of scope of coverage and terminology, an incident of this sort will likely constitute a network security failure and trigger coverage under a cyber policy. Most cyber insurers have 24/7 incident response hotlines and other crisis management resources to help policyholders identify, evaluate and manage these types of incidents. Review your policy with your broker to determine whether or not your policy could trigger given the manner in which your organization is currently being impacted or may be impacted by the SolarWinds incident.
We strongly recommend that you keep physical copies of the declaration page of your cyber policy, which will include your policy number as well as important incident reporting contact information. Your EPIC broker can also provide you with our one-page cyber crisis guide which captures this important information and provides guidance on the steps you should take in the event of any incident. We can also provide you with consultation and advice on both coverage and appropriate limit selection in this complex area.
For more information, please contact our Cyber Insurance Team.