- Published on
Massive U.S. Government Cyberattack Highlights Need for New Security Approaches
- Authors
-
-
- Name
- Michael Jones
-

Blockchain technology can better secure supply chains and digital transactions.
December 2020 brought a flurry of news stories around the massive cyber attack on the U.S. government. Called the Solar Winds Orion Supply Chain Compromise, or the Great Supply Chain Hack, this evolving story reflects the risks even sophisticated networksālike those run by the federal governmentāface when dealing with attackers deploying anti-forensic techniques, user impersonation, privilege escalation and persistence, and MITRE ATT&CKĀ® techniques.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 17th on the advanced persistent threat (APT) to government agencies, critical infrastructure entities, and private sector organizations, saying the attack began in at least March 2020 and the attacker “demonstrated sophistication and complex trade craft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”
A December 21st NPR article says the ālist of affected U.S. government entities reportedly includes the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service and the National Institutes of Health.ā Plus, the Department of Energy acknowledged its computer systems had been compromised, though not the critical National Nuclear Security Administration systems.
āHackers exploited the way software companies distribute updates, adding malware to the legitimate package,ā note NPR reporters Bill Chappell, Greg Myre, and Laurel Wamsley. āSecurity analysts said the malicious code gave hackers a ābackdoorāāa foothold in their targets’ computer networksāwhich they then used to gain elevated credentials. Solar Winds traced the āsupply chainā attack to updates for its Orion network products between March and June.ā
āThis is looking like itās the worst hacking case in the history of America,ā says one U.S. official, speaking on condition of anonymity. āThey got into everything.ā
In this environment of fear and reaction, the promise of distributed ledger technologies offers an appealing new approach to digital security. For example, blockchains have quickly been embraced as a solution for improving supply-chain security for data, communications, and logistics.
The emerging technology of blockchain āadds layer of security to movement of critical components,ā claims SAIC, an American government contractor. āWe see blockchain as a transformative technology to protect elements of supply chains.ā
āBlockchain can greatly improve supply chains by enabling faster and more cost-efficient delivery of products, enhancing productsā traceability, improving coordination between partners, and aiding access to financing,ā says Vishal Gaur and Abhinav Gaiha in a Harvard Business Review article. āThere is considerable room to improve supply chains in terms of end-to-end traceability, speed of product delivery, coordination, and financing. Blockchain can be a powerful tool for addressing those deficiencies.ā
āItās about time we start talking about the advanced methods of privacy and security we can ensure on blockchain,ā adds Shamsh Hadi, CEO and co-founder of ZorroSign, Inc. āHow many times do we need hacks to happen before we finally ask the right questions?ā
For governments organizations and companies that require secure digital transactions, ZorroSignās digital signature and document management platform can decrease costs, reduce errors, and increase productivity. Unlike other electronic signature solutions, ZorroSignās platform is built on a private, permissioned Hyperledger Fabric blockchain architecture to secure digital assets and deliver security certificates with robust audit trails and lifetime document escrow.
āUltimately, blockchain technology helps make digital transactions more secure, faster and less expensive,ā says Hadi.
Learn how blockchain can more securely manage your organizationās digital signatures and documentsācontact ZorroSign today.