Solorigate: A case study for why supply chain security is critical for governments and businesses

By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group

In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.

After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.

The Open Group Open Subsurface Data Universe™ (OSDU) Forum Update

The Professional Petroleum Data Expo was held April in Houston by the Professional Petroleum Data Management Association (PPDM). This conference is one of several events this spring where The Open Group Open Subsurface Data Universe™ (OSDU) Forum unveiled a new standard in development that will facilitate movement of oil and gas company exploration, production, and wells data from in-house IT systems to cloud services.

The Open Group was a sponsor of the event, and had a presence in the exhibition hall. There was a steady stream of attendees with questions about the Open Subsurface Data Universe Forum, and about the emerging standard.