LAS VEGAS (KLAS) — There is “no indication that any state systems or websites have been compromised” in the SolarWinds Orion software attack, according to Nevada Governor Steve Sisolak.
This hack of computer systems affected many in the U.S. and around the globe. The government’s cybersecurity agency has expressed increased alarm about the cyberattack that was carried out by Russia. It is believed the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks, according to reports from the Associated Press.
The Governor’s Office released a statement Tuesday on the widely reported attack.
“The state continues to work with the federal government and private industry in response to the SolarWinds attack. To date, there is no indication that any state systems or websites have been compromised, and no known attacks from this incident have been directed toward individuals. However, this is still a rapidly evolving investigation, and as the state learns more, the status may change. It could take a substantial amount of time to have a complete picture of the effects of the attack.”Office of Governor Steve Sisolak
“Even though there has been no known impact on state systems, we are taking this situation very seriously and want to notify the public about it so they can take appropriate steps to protect themselves and so they know how the state is responding,” said Alan Cunningham, Chief Information Officer for the State of Nevada.
Nevadans may want to consider the following common practices—as a normal course, not only during a known cybersecurity event—to protect their information and online identities, according to the Governor’s Office:
- Keep security software current. Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Ensure you are using strong passwords (Lik3_thi$_1) for your digital accounts.
- Don’t use the same password for every site. At the very least, separate sensitive accounts (banking, utilities) from standard accounts (social media, entertainment).
- If a government site or business where you have an account is identified in a hack or breach, change your password immediately.
- If a site offers two-factor or multi-factor authentication, use it. This will provide additional protection to your account.
- Monitor your bank accounts for missing deposits or unexplained withdrawals. Most banks do this for you, but you know your finances better than they do.
- Be alert for scams, whether through email, texting, social media, or over the phone. A good resource is the Federal Trade Commission’s Consumer Information site at https://www.consumer.ftc.gov/.
Nevada does use SolarWinds Orion products in the state enterprise environment and at several agencies, the Governor’s Office noted.
All of those systems were taken offline on Monday, Dec. 14, in accordance with guidance from the federal Cybersecurity and Infrastructure Security Agency (CISA) to federal civilian agencies.
“The state has reviewed communications traffic back through the beginning of the year and found no indication of compromise for any agency or system within the state’s IT infrastructure,” the press release stated.
The Governor’s Office says the state will continue to monitor its systems for any indications of compromise and engage regularly with CISA, the Multi-State Information Sharing and Analysis Center and IT business partners.