How Unprotected Encryption Keys Enabled the SolarWinds Attack

Brad Beutlich of Entrust Discusses Misinformation Surrounding Encryption and Quantum Computing
Brad Beutlich, vice president of sales, western U.S. and LATAM, Entrust

The Senate Intelligence Committee hearing on the SolarWinds supply chain attack exposed the crucial flaw that allowed attackers, likely Russian, to gain entry into the company's system. Brad Beutlich of Entrust discusses how SolarWinds did not protect its encryption keys, which allowed them to be stolen and used by the malicious actor.

"Everyone talks about the fact that code was inserted into the system, but they don't talk about how code got there. And that is critical - that the crypto keys for authentication were stolen," Beutlich says.

In a video interview with Information Security Media Group, Beutlich discusses:

  • Why it was so easy for the attackers to find and take SolarWinds' encryption keys;
  • The proper way to store keys so an attacker cannot easily find them;
  • The role quantum computers are currently playing and will play in the future regarding encryption.

Beutlich is vice president of western U.S. and LATAM sales at Entrust. For the last 13 years, he has worked for Entrust, providing security solutions that protect customer data, financial transactions and IoT device manufacturing. Beutlich has worked with numerous U.S.-based companies over the past 20 years, providing security solutions ranging from endpoint to data security.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.