Following a tampering with a number of SolarWinds Orion platform updates in March, hackers have infiltrated the networks and computer systems of government and private entities around the world by spying on their moves and, in some cases, stealing highly sensitive data assets.
The attack has also affected our country, unfortunately.
From the early stages of the discovery, Italy activated the Cyber Security Nucleus, the collegiate body entrusted with the task of managing cyber incidents that could have a potential impact on national security.
The Cyber Security Nucleus
What is this?
According to the current legislation that regulates the activities of the Information Security Department (DIS) of the Presidency of the Council of Ministers, the NSC is responsible for coordinating national cybersecurity architecture, as well as the response to any crises as a result of cyber-attacks .
This structure was created as a permanent body of the Presidency of the Council of Ministers in 2017.
The core response to the SolarWinds crisis
How did the Nucleus respond to the SolarWinds crisis?
The NCS has collaborated with “CyCLONe“, the newly established European connection network. “CyCLONE” aims to facilitate cooperation between national cybersecurity authorities in the event of destabilizing cyber incidents.
Furthermore, all support and contact activities have been launched with the national subjects responsible for managing the essential functions and services of the State (included in the National Cyber Security Perimeter), the operators of essential services (provided for by the European NIS Directive – Network information System) and public administration bodies.
Conclusions and advice
The Nucleus has shown itself ready to take action to mitigate this emergency: our country is well protected and surveillance is high.
Never let your guard down, however.
For those who have suffered an intrusion via SolarWinds, we suggest a series of mitigation measures:
- Disconnect all systems on which SolarWinds has been installed and download any available updates
- Conduct a forensic analysis of the host and the network
- Evaluate Indicators of Compromise (IoC)
In any case, the NSC recommends that all organizations using the SolarWinds Orion platform use the appropriate section created on the CSIRT website (https://csirt.gov.it) containing advice, updates and possible accident mitigation measures.