As many of you know, the catastrophic cybersecurity breach of the SolarWinds Orion product was not only a jarring example of how serious cyber attacks can be, but a painful exercise for some on the risks and consequences of utilizing certain software products. The thought of having a talented adversary hidden and undetected for months at a time is enough to make me lose sleep at night — and I already have young children that help me out enough with that. Some of you may have had the unfortunate tasks of addressing a compromised SolarWinds Orion system at your own organization, and are interested to hear how a large Research and Education Network such as Merit dealt with this particular attack. Well, wait no further!
To begin with, let me just say that despite it being one of the most popular network monitoring products on the market, Merit does not use any SolarWinds product, including SolarWinds Orion. We take the security and integrity of our network backbone extremely seriously, as it is the foundation of our core services and inherently trusted by all of you. In looking to continue delivering our world-class service, we have long since – and continue to – hold firm that we are extremely conservative in what we allow to manage our network.
All of our network monitoring and management programs are custom-built by our own internal development and engineering teams. Even apart from any cybersecurity implications, this allows us to have the most confidence in knowing exactly how all of the components of our network are working and interoperating. With this integrated approach, we can quickly isolate and report on the multitude of circuits, fiber optic paths, optical light levels, router interfaces, and other components of our network. Combined with our hyper-local Merit Support Center (MSC), this provides you with the fastest and most reliable network within the State of Michigan.
In addition, we utilize numerous layers of security throughout our organization and network backbone to ensure attackers stay out and your data stays private. Strict access controls, universal multi factor authentication, and best-of-breed network security capabilities are constantly on the lookout for any abnormalities to be investigated. Our dedicated information security team is backed by the Michigan Cyber Range — the nation’s largest unclassified cyber range — where we not only simulate network attacks for our own network backbone, but offer cybersecurity training, exercises, classes, and workshops for our members.
Speaking of members, our drive to help them remain secure is one of our core values. On top of our service offerings with the Michigan Cyber Range, we are proud to host our SCOPE Community of Practice, bringing together not only our entire membership but key Michigan Cyber Partners to collectively identify and solve our shared cybersecurity problems. We continue to develop innovative solutions like our CISO Scanner for easy vulnerability management, and our Community CISO services can help make sure your security program is right on track, no matter how big or small you are.
Your security and confidence are our top priority. While nobody knows when the next large cybersecurity attack will come, you can rest assured that Merit will always be your trusted partner in networking, security, and community.
Kevin Hayes, CISSP, CISM
Chief Information Security Officer
Merit Network, Inc.