CARSON CITY, NV - December 29, 2020
The state of Nevada today issued a statement on the widely reported compromise of SolarWinds Orion software along with advice and information for consumers.
The state continues to work with the federal government and private industry in response to the SolarWinds attack. To date, there is no indication that any state systems or websites have been compromised, and no known attacks from this incident have been directed toward individuals. However, this is still a rapidly evolving investigation, and as the state learns more, the status may change. It could take a substantial amount of time to have a complete picture of the effects of the attack.
"Even though there has been no known impact on state systems, we are taking this situation very seriously and want to notify the public about it so they can take appropriate steps to protect themselves and so they know how the state is responding," said Alan Cunningham, Chief Information Officer for the State of Nevada.
Nevadans may want to consider the following common practices—as a normal course, not only during a known cybersecurity event—to protect their information and online identities:
- Keep security software current. Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Ensure you are using strong passwords (Lik3_thi$_1) for your digital accounts.
- Don’t use the same password for every site. At the very least, separate sensitive accounts (banking, utilities) from standard accounts (social media, entertainment).
- If a government site or business where you have an account is identified in a hack or breach, change your password immediately.
- If a site offers two-factor or multi-factor authentication, use it. This will provide additional protection to your account.
- Monitor your bank accounts for missing deposits or unexplained withdrawals. Most banks do this for you, but you know your finances better than they do.
- Be alert for scams, whether through email, texting, social media, or over the phone. A good resource is the Federal Trade Commission’s Consumer Information site at https://www.consumer.ftc.gov/.
Nevada does use SolarWinds Orion products in the state enterprise environment and at several agencies. All of those systems were taken offline on Monday, December 14, consistent with guidance from the federal Cybersecurity and Infrastructure Security Agency (CISA) to federal civilian agencies. When they are put back into service, it will be done in accordance with CISA guidance and with continued monitoring. The state has reviewed communications traffic back through the beginning of the year and found no indication of compromise for any agency or system within the state’s IT infrastructure.
The state continues to monitor its systems for any indications of compromise and engage regularly with CISA, the Multi-State Information Sharing and Analysis Center, and IT business partners.