21 December 2020
What is the scale of the cyberattack?
The United States security establishment is reeling from the shock of a massive cyberespionage operation which was discovered just this month, but may have been active since before March, this year.
The cyber operation primarily targeted software made by SolarWinds, an American firm headquartered in Austin, Texas. The cyberattack has Washington worried because SolarWinds provides software for all five branches of the military and several important government departments, including the Treasury, Department of Energy, and the Department of Homeland Security.
The full extent of the hacking operation is not yet known, but several high-profile government departments are known to have been compromised. The hackers were able to access parts of the Pentagon, State Department and Homeland Security among others, according to an alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) on 17 December.
At least four SolarWinds Orion software products are believed to have been compromised by the hackers, putting an estimated 18,000 of SolarWinds’ 300,000 customers at risk. Organisations in other countries were also targeted in the UK, Israel, and Canada.
The cybersecurity firm FireEye was the first to detect the cyberattack. FireEye’s CEO, Kevin Mandia, has said that of the 18,000 affected, about 50 organisations have been seriously compromised by the hack.
According to CISA, the hackers are likely to have had access to the emails of IT and cybersecurity staff and may have posed as their colleagues to gather further information.
The nature of the cyber operation suggests that the hackers were seeking information and intelligence, rather than to disrupt or destroy cyberspace infrastructure. The hackers may have been able to access sensitive information from US and allied governments, as well as the private sector.
Who is behind the cyberattack?
Most US officials have blamed Russia for the attack. US Secretary of State Mike Pompeo has said, ‘we can say pretty clearly that it was the Russians that engaged in this activity.’
The Kremlin have denied playing any part in the cyberattack.
Despite cross-party consensus that the Kremlin is to blame for the attack, President Donald Trump has expressed doubts. On Saturday, Trump tweeted that, ‘it may be China’ behind the cyber operation.
....discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
However, broad consensus remains that Russian hackers are behind the breach. Democrat Senator Dick Durbin, speaking on Wednesday to CNN, said that the cyberattack was ‘virtually a declaration of war by Russia on the United States, and we should take it that seriously.’
Durbin criticised Trump on Twitter for dismissing Russian involvement.
Even on his way out the door, President Trump can’t help but cower (once again) to Putin and refuse to accept the truth from even his own Secretary of State. https://t.co/WjzmZeWNLZ
— Senator Dick Durbin (@SenatorDurbin) December 20, 2020
The Republican Chair of the Senate intelligence committee, Marco Rubio, has also blamed the Kremlin for the cyberattack, stating on Twitter that it is ‘increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history’.
Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history
— Marco Rubio (@marcorubio) December 19, 2020
The process of determining its extent & assessing the damage is underway
Remediation will take time & significant resources
Our response must be proportional but significant
How will Washington respond?
Trump’s near-silence on the issue and reluctancy to pin firm blame on the Kremlin likely means that any response will be left to the incoming administration of President-elect Joe Biden.
In a statement issued on Thursday, Biden said: ‘we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place. We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.’
Based on Biden’s statement, the incoming administration looks set to pursue a strategy of deterrence by punishment. For this strategy to be affective, the costs imposed on the perpetrator must be both sufficiently harmful and credible.
According to insiders, Biden’s team are considering a retaliatory cyberattack against Russian infrastructure. Sanctions are among other options being considered, which may be used in conjunction with a retaliatory cyberattack.
Sanctions have also been proposed by Republicans, like Congressman and former Navy SEAL Dan Crenshaw.
We must respond, likely with sanctions.
— Rep. Dan Crenshaw (@RepDanCrenshaw) December 19, 2020
But that’s not enough.
Russian oligarchs own property assets in America. Pass HR4189, which amends FSIA to allow victims of cyber crimes to sue Russia directly.
We need to bolster our cyber defenses and boost our offensive capabilities https://t.co/288R42vTFS
More broadly, the strategic shock imposed by the massive hacking operation may prompt the US to transform the way it conducts cybersecurity, cyberwarfare, and cyber espionage.
Republicans and Democrats are asking Trump to sign the national defence policy bill and approve measures to strengthen American cybersecurity apparatus.
Significant changes in the future may include the establishment of a Joint Cyber Planning Office under CISA to organise cyberspace activities across the public and private sectors. A Senate-confirmed national cyber director would be appointed to provide leadership in the cyberspace domain.
The Department of Homeland Security may adopt a more aggressive stance on cyberspace if recommendations by the Cyberspace Solarium Commission are put into place. This would include the Cybersecurity and Infrastructure Security Agency being authorised to track down threats on federal networks.