The SolarWinds cyberattack was unprecedented in both scope and scale. The sophisticated breach saw hackers bake their exploit into a trusted software update pushed out to SolarWinds clients, including federal government agencies. This resulted in the exposure of sensitive data and highlighted how the U.S. government’s cybersecurity is only as strong as the posture of its contractors and suppliers.
Nefarious actors targeting the U.S. government’s supply chain are nothing new. Since 2017, the government has sought to limit damage from cyberattacks by requiring federal contractors who handle sensitive government data to comply with the National Institute of Standards and Technology’s 800-171 guidance. But, following a series of high-profile breaches of defense contractors, the Defense Department recognized that this approach was insufficient.