scope and coverage. That is why those supply chain attacks are so dangerous. They spread

easily and relatively quickly. As an average person, though, it is impossible for us to really

consider all the variety of cybersecurity attacks that are out there. And in general, the right practice is to

have some level of trust of the vendors, of the software that you use.

Welcome to patching the system, a special podcast for the Global Stage series, a partnership between GZERMedia and Microsoft.

I'm Ali Wine, a senior analyst at Eurasia Group.

Throughout this series, we're highlighting the work of the Cybersecurity Tech Accord, a public

commitment from more than 150 global technology companies dedicated to creating a safer cyber world for all of us.

Today we're talking about a cyber attack so massive it became a household name, SolarWinds.

In early 2020, a group of hackers broke into a software system called Orion, which was built

and managed by the Texas-based company, SolarWinds. They installed malicious code, and later that spring,

it was unwittingly delivered to customers in routine software updates. In total, more than 18,000

clients were affected, including large private companies, as well as some government agencies,

including the State Department and the Department of Homeland Security. Now, the Solar Winds hack is an example of what we call a supply chain attack

on information and communication technology, or ICT, for short.

We're going to talk about what those kinds of attacks are

and why they pose a serious and unique threat in the world of cyber attacks.

Joining us now are two industry representatives who work on different sides of this issue.

First, Charles Carmichael, who is a senior vice president and chief technology officer at Mandiant,

a security research firm working to discover and thwart bad actors who target technology products

and services.

Charles, it's great to have you here.

...