National Cyber Security Centre
NCSC statement on the SolarWinds compromise
The latest statement from the NCSC following the reported SolarWinds compromise.
Paul Chichester, NCSC Director of Operations, said:
“This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact.
“That work is ongoing and will take some time, but simply having SolarWinds does not automatically make an organisation vulnerable to real world impact.
“The NCSC is working to mitigate any potential risk, and actionable guidance has been published to our website. We urge organisations to take immediate steps to protect their networks - and will continue to update as we learn more.”
- Read the NCSC’s guidance for SolarWinds’ Orion suite customers. Enhanced technical guidance is available on the NCSC's Cyber Security Information Sharing Partnership (CiSP) platform.
- We recommend that organisations ensure any affected instances of SolarWinds Orion are installed behind firewalls disabling internet access (both outbound and inbound) for the instances.
- SolarWinds customers will only be vulnerable if a number of extra variables are in place.
- FireEye has published a blog updating on its investigation. We recommend that organisations read the blog and follow the suggested mitigations where relevant.
- Microsoft has published a blog outlining the steps that government and the private sector can take to protect themselves from this kind of cyber attack.
- The NCSC has previously published guidance on how to develop and implement a secure system administration strategy.
Latest News from
National Cyber Security Centre
Joint Advisory: Exploitation of Accellion File Transfer Appliance24/02/2021 15:30:00
Cyber security organisations in the UK, USA, Australia, New Zealand, and Singapore publish advice to defend against malicious cyber actors.
NCSC consolidates advice on secure home learning23/02/2021 13:15:00
Three tailored blogs to help manage remote education technology safely.
UK supports US charges against North Korean cyber actors18/02/2021 11:10:00
Indictment charges individuals with involvement in hacking and fraud conspiracy
Schools recognised by cyber experts for first-rate teaching16/02/2021 11:15:00
14 schools and colleges across the UK are the latest to receive CyberFirst Schools status for their excellent cyber security teaching.
Thousands of girls take on codebreaking puzzles in bid to win UK cyber security crown12/02/2021 14:15:00
The 2021 CyberFirst Girls Competition saw over 6,500 students take part, teams now go through to the online semi-finals in March.
Scottish schoolgirls succeed in UK cyber security competition12/02/2021 12:12:00
Pupils at nine schools in Scotland have been successful in reaching the semi-final stage of the 2021 CyberFirst Girls Competition, run by the NCSC.
New UK Cyber Security Council to be official governing body on training and standards09/02/2021 14:22:00
The government has set up a new independent body to boost career opportunities and professional standards for the UK’s booming cyber security sector.
Cyber innovators help protect UK connected places03/02/2021 11:15:00
The latest NCSC Cyber Accelerator cohort has been announced.