CISA Issues Emergency Directive to Disconnect SolarWinds Orion Products

December 15, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert following reports of a nation-state hack involving SolarWinds Orion. The emergency directive urged all federal civilian agencies to immediately disconnect or turn off any SolarWinds Orion products.

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, 

SolarWinds provides network monitoring and management tools used by private companies, including several title companies. Companies should talk with their IT departments about what security updates and precautions they need to take in response to this hack.

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “(The) directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.” 

SolarWinds acknowledged its systems “experienced a highly sophisticated, manual supply chain attack on SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020.”

Contact ALTA at 202-296-3671 or