This is a link to the PDF report, “Broken Trust: Lesson from Sunburst”, recently released by the Atlantic Council, which looks at seven supply chain attacks to illustrate failures by private sector and governments to identify SolarWinds. The report states the need by federal government to identify “software with the largest potential blast radius” as a preventative measure against more major “sky is falling” cyberattacks like SolarWinds. And where to focus? Per the report “low-profile software used in critical parts of a network or given high-level permission that present valuable targets”.

Thanks to Politico’s weekly cybersecurity email for their insights and making the link available.