SolarWinds Orion Incident
January 7, 2021
As reported in various news outlets over the past few weeks, certain versions of SolarWinds’ Orion software, a network management platform, contained a strain of malware named SUNBURST that has affected a wide range of organizations in North America and around the world. As the IESO does not use this software, it has not been directly impacted by the incident.
Organizations that may have installed the SUNBURST malware are recommended to apply the software patches that have been made available by SolarWinds in order to remediate the malware.
As part of its ongoing work to protect the IESO grid from cyber security threats, however, the IESO is continuing discussions with stakeholders to determine whether this incident may have affected organizations across Ontario’s electricity sector.
As appropriate, the IESO will provide updates on the SolarWinds Orion incident through its Lighthouse cyber security threat intelligence information sharing program. Market participants that do not participate in the IESO Lighthouse program are encouraged to submit their cyber security contact information to cybersecurity@ieso.ca to receive any future updates and guidance.
For more information about the SolarWinds incident, please refer to the security advisory from SolarWinds or the alert from the Canadian Centre for Cyber Security.