Lessons learned from software supply chain breach lead to innovative and secure development scheme.
SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the companyโs software development system. It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.
SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind โparallel buildโ process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.
โIf a build system lacks integrity checks to ensure that compiled binaries match the intended source code used to create them, then this approach is a marked improvement,โ says Daniel Kennedy, research director for information security and networking at 451 Research. โThe new system was developed using an accelerated timeline so there is no guarantee that the system will be fully secure at the onset, but it appears that the new system also allows for faster and more dynamic actions, if new threats emerge. The new system also has more transparency in its design, allowing for faster and more reliable improvement, maintenance, and development.โ
โThe whole CI/CD pipeline approach to AppDev is not only linear, but relies essentially on a single line, so the introduction of parallel lines, perhaps with one team checking the otherโs work, does sound like an approach to achieve more of a secure-by-design environment,โ adds Rik Turner, a senior principal analyst for cybersecurity at Omdia, a technology advisory firm.
New development processes might have prevented attack
โIf the new build scheme had been in place back in March 2020, it is likely that the attack could have been either prevented or addressed more quickly,โ says Shital Thekdi, an associate professor of analytics and operations at the University of Richmond.
โThe new build scheme would have greatly reduced the chances of hackers having the ability to tamper with the build system without being observed,โ adds Ken Arora, distinguished engineer in the Office of the CTO at F5, a provider of application security and industry tools. โEven if the attackers had some success, the compromise would have been short lived due to the dynamic operation strategy and self-destructive approach.โ
Collaboration key to protect shared infrastructure
SolarWindsโ new build system is constructed around four secure-by-design principles:
- Operations are dynamic and use short-term software build environments that self-destruct after completing a specific task.
- Products are built systematically, ensuring build products can be made deterministically so any newly created byproducts will always have identical, secure components.
- Processes contain simultaneous builds so software development byproducts, such as data models, can be created in parallel to establish a basis for detecting unexpected modifications to the products.
- Detailed records are maintained so every software build step is tracked for complete traceability and permanent proof of record.
Since the software build process SolarWinds used at the time of the Sunburst attack is commonly used by the industry, the company is making some components of its new build system available to the public as open-source software. Says SolarWinds CEO and President Sudhakar Ramakrishna, โCommunicating transparently and collaborating within the industry is the only way to effectively protect our shared cyber infrastructure from evolving threats.โ
