ABSTRACT

Solarwinds and Beyond: Improving the Cybersecurity of Software Supply Chains, Joint Hearing Before the Subcommittee on Investigations and Oversight Subcommittee on Research and Technology of the Committee on Science, Space, and Technology, House of Representatives, One Hundred Seventeenth Congress, First Session, May 25, 2021   [open pdf - 20MB]

This is the May 25, 2021 hearing on "Solarwinds and Beyond: Improving the Cybersecurity of Software Supply Chains," held before the U.S. House Subcommittee on Investigations and Oversight Subcommittee on Research and Technology of the Committee on Science, Space, and Technology. From the opening statement of Bill Foster: "We're focusing on the software supply chain today, and cybersecurity attacks throughout the software supply chain are especially insidious. A company can deploy a digitally signed software update from a trusted partner, but unless they are willing to do a complete cybersecurity analysis of that update, they are wide open to any significant breach of cyber hygiene in their trusted provider. So supply chain attacks are harder to detect, to prevent, and to remediate than traditional malware. And, once an adversary is in the system, they can deploy multiple types of attacks to maintain access and steal data. [...] As a semi-separate item I have concerns about whether the Federal agencies are doing enough to enforce best practices to reduce their exposure to cyber risks, and whether they have systems in place to respond quickly enough to a significant breach." Statements, letters, and materials submitted for the record include those of the following: Matthew Scholl, Trey Herr, Katie Moussouris, and Vijay D'Souza.

Report Number:
Serial No. 117-17
Publisher:
Date:
2021
Copyright:
Public Domain
Retrieved From:
U. S. Government Publishing Office: http://www.gpo.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations