The hack of SolarWind's Orion software and subsequent compromise of US government and commercial computer networks by Russian cyber operatives may prove to be unprecedented in it is breadth with as many as 18,000 SolarWinds customers potentially affected. However, the initial compromise may be just the opening salvo in this game of cyber cat and mouse if the attackers installed "backdoors" providing future access to compromised networks, as offensive operators have suggested. With backdoors in place, the opportunity to provide attackers with persistent access for follow-on attacks and lateral movement within supply chain "networks of trust" massively expands the potential scope and consequence of this attack.
As important as detection as been in cyber defense strategy, once you are compromised, the game needs to to shift to hunting and remediation - and fast. This is the day that cyber companies like Prevailion (the ability to detect command and control communications in cyber attacks), CyberGRX (assessing and assuring supply-chain cyber risk) and Dragos (securing Industrial Control System networks) have been warning of, and preparing for. Borrowing from Loius Pasteur, in cyber security, "Fortune Favors the Prepared Mind"
At a minimum it has set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyber defenses failed so spectacularly.