AUSTIN (Nexstar) — This week, the Cybersecurity and Infrastructure Security Agency released more details about the SolarWinds hack that was first reported in mid-December.
SolarWinds’ original statement about the hack revealed 18,000 of its clients were affected. In a statement posted on CISA’s website, it says “federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations” were affected by the hack.
Still, little specific information has been released about the hack itself thus far. That’s why cybersecurity company PC Matic CEO Rob Cheng is calling for more transparency.
“SolarsWinds has been fairly quiet about what’s going on. And that is concerning to me. This is really important, because we don’t want this to happen again,” Cheng said Thursday. “What happened and what can other software companies do to avoid this happening to their customers?”
Cheng said he’s pushing for federal requirements to release more details, and not just for this case.
“Like the NTSB, when there’s a plane crash, then the federal government gets in, and they analyze everything very quickly actually and very comprehensively. And then they publish to the public all that information. We need something like that to happen for companies like SolarWinds to feel comfortable to go and provide us that information, so that we can know when to make better choices or to react better to these things,” Cheng explained.
He also said it’s too soon to know who’s responsible for the hack, even though others have already attributed it to Russia.
“It’s very possible to just go and make an attack and not leave any traces behind. The few times when there has been attribution is because they wanted us to know. If you remember, things like Sony Pictures. And that was the North Koreans wanted us to know that they did that,” Cheng said.
“We don’t know who they are, I will speculate that we won’t know who they are, until it’s way too late,” Cheng added.