Cyber

Commerce CIO: Solarwinds pushed agency to abandon siloed approach to cybersecurity

André Mendes says the 2020 breach led to a major change in how IT leaders at the agency work together on cybersecurity.

April 6, 2022

Commerce CIO Andre Mendes delivers the opening keynote at the 2022 Zero Trust Summit. (FedScoop)

The 2020 SolarWinds attack was a turning point for the Department of Commerce that pushed IT leaders at the agency to put together a unified cybersecurity plan, according to CIO André Mendes.

The breach led senior leaders from across the organization to abandon a previously siloed approach and work together more closely, Mendes said Wednesday during a keynote at the 2022 Zero Trust Summit, presented by CyberScoop.

“Historically, Commerce would go to the Hill, get the budget, then find the solution on a bureau-by-bureau basis,” he said. “When SolarWinds came about and Congress decided to do security … we got together all of the best people in cybersecurity from the bureaus [at Commerce] and said: ‘You’re not going to leave until we put together a plan for everybody.'”

Mendes said that despite some initial resistance, IT leaders across the agencies in short order realized the benefit of working together.

“[The] reality is there is the ability to make synergies between bureaus and leverage each other’s data,” he added.

Following the discovery of the SolarWinds breach in December 2020, federal agencies sought to rapidly improve internal and external communication in response to the incident.

Shortly after the attack was discovered, CISA, the FBI and ODNI set up a unified coordination group (UCG) to respond to the incident, according to a GAO report. A similar UCG was also subsequently set up in March 2021 in response to the Microsoft Exchange server hack.

While details of the SolarWinds breach were publicly disclosed in December 2020, cyber forensics specialists believe that the malicious actors responsible for the breach may have been preparing to carry out the attack since 2019.

Commerce CIO: Solarwinds pushed agency to abandon siloed approach to cybersecurity

More Like This

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

Commerce requests information about AI, open data assets, data dissemination

Top Stories

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

GSA taps Login.gov deputy director to take top role next month

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

More Scoops

Commerce’s Office of the Secretary used default passwords for endpoint detection

Federal CISO hails improving federal agency log management

White House cybersecurity strategy to force large companies to make systems secure by design

Google to offer Workspace as backup solution for govt entities in case they get hacked

SolarWinds agrees to pay $26M to settle shareholder lawsuit over 2020 cyberattack

Cyberattack led USDA to seek $4.4M from TMF for threat monitoring

Cybersecurity skills shortage has led to a talent war between agencies says Commerce CIO

Latest Podcasts

Commerce CIO: Solarwinds pushed agency to abandon siloed approach to cybersecurity

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

DHS’ Chris Kraft on emerging trends in AI and automation

Tech

Defense

Cyber

Acquisition