lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Solarwinds breach, a signal for a systemic enterprise view on Information Security
Linnaeus University, Faculty of Technology, Department of Informatics. (System Thinking)ORCID iD: 0009-0000-8265-0944
2021 (English)In: The OR Society's 63rd Annual Conference, Operational Research Society, UK , 2021Conference paper, Oral presentation only (Refereed)
Sustainable development
Not refering to any SDG
Abstract [en]

Once, system thinking was about singular systems. Today we exist in a far more complex world, with systems interacting with systems, directly or indirectly. Today's info security involves all systems in the chain; to use an old maxim, "No chain is stronger than its weakest link". The ICT world has become so interconnected that holistic system thinking is needed, with systems outside the organizational border to be involved and accounted for. ICT criminals are using increasingly sophisticated attack methods, often based on the victim's system architecture. In the Dec 2020 security breach at the network management firm Solarwinds in the US, an external party had added a trojan horse package to the Solarwinds management system. The hack gave the hackers stealth control of both Solarwinds as its 18.000 customers' internal system environments. Including high-security targets like the FBI, Homeland Security, and Microsoft. 

The attack was sophisticated, using the Solarwinds system knowledge, standards, and code layouts. Anyone not doing a deep survey would see Solarwinds code. The trojan was well-known but rewritten to the standards of the target. Solarwinds shows that we now entered a "new brave world", demanding a much more structural system discussion, how to protect our ICT. Based on this attack's sophistication, this was probably a 7- or 8-time successful attempt. We need solid enterprise-wide, system-coordinated security perspectives. But, how can we use system thinking to help plan a better and more cost-efficient security approach on an enterprise-level? For 14 years, this researcher worked with info security in a global automotive company, having the Viable System Model as its internal system model. When not "sabotage" by managers, yes, it happened; VSM worked fine. VSM also works fine with securing modern laws like GDPR when having an enterprise perspective. Info Security desperately needs enterprise system thinking.

Place, publisher, year, edition, pages
Operational Research Society, UK , 2021.
Keywords [en]
Data breaches, Info Security, Security Governance, System Thinking
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
URN: urn:nbn:se:lnu:diva-109132OAI: oai:DiVA.org:lnu-109132DiVA, id: diva2:1626733
Conference
The OR Society's 63rd Annual Conference, 14-16 september, 2021
Note

No conference abstracts or compilations was published from OR Society for the OR63 conference

Ej belagd 220121

Available from: 2022-01-11 Created: 2022-01-11 Last updated: 2024-08-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Magnusson, Lars

Search in DiVA

By author/editor
Magnusson, Lars
By organisation
Department of Informatics
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 349 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf