The SolarWinds Orion platform is essentially a SCADA system for network management. Almost all guidance on addressing SolarWinds has focused on IT or Operational Technology (OT) networks. As an example, CISA released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise providing guidance for networks. However, the SolarWinds attack has demonstrated that Network Management Systems (NMS) are ideal cyberattack targets for devices. NMS consoles are present in most data centers, network operations centers, utility and energy control rooms, etc., which provides cyber attackers access to critical data and/or operations. NMS platforms can monitor and control virtually any network, control system, or IoT device within their network reach. NMS platforms and devices are used by control system/building control suppliers and system integrators as well as control system/building control system end-users. Potentially affected systems include not just servers and networks but also critical power systems, cooling systems, and other control systems. SNMP also monitors Ethernet switches which are used in all OT networks. Additionally, there are minimal control system cyber forensics at the device level.
NMS platforms use the Simple Network Management Protocol (SNMP) as their means of communicating to the broad range of products they monitor and control. As pointed out previously (https://www.controlglobal.com/blogs/unfettered/the-solarwinds-hack-can-directly-affect-control-systems), well-researched studies have shown that SNMP is highly vulnerable to cyberattack. The most recent version of SNMP is now nearly 20 years old and, communicating with mission critical systems using an insecure 20-year-old protocol has been a disaster waiting to happen. The Russians have shown skill in gaining control over SNMP devices as they demonstrated in the 2015 Ukrainian power grid attack where they initiated this attack by compromising the Uninterruptible Power Supply (UPS) via its SNMP communications card.
NMS platforms are ubiquitous in facilities today. These systems are offered by most vendors of networking equipment, from very small players up to the largest network system vendors. The SolarWinds hack demonstrated that simply placing these units behind a firewall is not enough to protect them or to protect the devices they manage.