The new Cold War
If grappling with a contentious presidential transition, a spiralling COVID-19 crisis and the president’s last- minute brinkmanship on pandemic aid and defence spending were not sufficiently challenging, reports of a major hack that compromised several government agencies and thousands of private companies sent a severe shock wave through America’s national security network.
The attacks began in March and are regarded as the most extensive security breach in American history. It shows the rivalry between major powers in cyberspace is becoming a more ominous, 21st-century version of the Cold War.
In the murky world of cybersecurity, one rarely gets full details about the extent of the damage or about what would be the most appropriate response. Those being attacked are usually reluctant to publicly acknowledge what has been compromised, while the perpetrators, for very different reasons, are unlikely to make public what they did or why. It is a cat- and- mouse game between offenders and defenders, but those on the offence seem to be winning.
The revelations are embarrassing given that, in February 2020, Gen. Paul Nakasone, head of the National Security Agency and the United States Cyber Command, said that U. S. teams were “understanding the adversary better than the adversary understands themselves.” Little did he know what was about to happen one month after he made those remarks.
Adding to the confusion are reports that, just before President Donald Trump fired its leader, Chris Krebs, the federal Cybersecurity and Infrastructure Security Agency ( CISA) was repeatedly criticized by the Homeland Security Department’s watchdog for “poor intelligence sharing with its private and public partners and weak information security for its own system.”
Equally concerning were reports of CISA’S failure to ensure the physical security of polling locations, in sharp contrast to Krebs’ assertion that the 2020 elections were the “safest and most secure in history,” a boast that prompted his firing.
What we do know is that problems emerged when computer users downloaded an update for network monitoring software developed by Solar Winds, a company with an enormous customer base. It was a textbook supply chain attack. The hackers implanted malicious code into the company’s regular software updates, creating a potential backdoor into any of its tens of thousands of customers’ networks.
The hack is unique in scope and ran without being noticed for nine months. Only a handful of organizations, including the cybersecurity company Fireeye and three federal agencies — the departments of commerce, energy and treasury — have publicly admitted to being seriously affected. State and Homeland Security were also vulnerable.
While Solar Winds has since updated its software, the hackers’ nine-month head start means they likely built additional entry points into networks that they deemed important. “Just because you closed the intrusion doesn’t mean that you solved the problem,” observed Neil Jenkins, the chief analytic officer of the Cyber Threat Alliance. Yet to be explained is why the attack went undetected for nine months.
Victimized organizations now have to choose between two unpleasant options: spending significant resources searching through their computers in the hope that they can eradicate the hackers’ footholds, or rebuilding their networks from scratch.
Secretary of State Mike Pompeo and Attorney General William Barr, along with U. S. intelligence officials, pointed clearly to Russia as the culprit, suspecting that the hacking was most likely driven by
Russia’s SVR intelligence agency, though Russia has denied it.
President Trump, meanwhile, downplayed the “exaggerated” media reports, saying the situation was “under control,” a claim that president-elect Joe Biden flatly dismissed. Trump also declared, without offering specifics, that China, rather than Russia, “may” have been behind it.
It may take years to unravel the extent of the damage. But what is certain is that America’s defence capability is demonstrably inadequate. That is why the most urgent task will be to tighten lines of responsibility and accountability for defending against foreign intrusions. ( There is also a need for similar improvements in Canada’s cybersecurity monitoring.)
Once forensic evidence is collected to confirm the perpetrator, the next task will be to make clear that intrusions of this magnitude will not go unpunished, in order to deter future attacks from Russia, or other unsavoury countries like China, Iran and North Korea.
The president- elect was quick to fault the Trump administration for not prioritizing cybersecurity. He described digital threats as being “among the most grave problems facing America.” Biden has already assured the hackers that there will be “substantial costs” and that America “will respond, and probably in kind.”
Senators on both sides of the aisle underscored Biden’s call for a swift response. Republican senators Marco Rubio and Mitt Romney asserted that America must retaliate and “not just with sanctions.” In fact, given those already in place, there is not much scope for additional economic sanctions against Russia. Democratic Sen. Dick Durbin of Illinois called the hack a “virtual declaration of war.”
Given the decrepit state of the Russian economy, targeting Russian corporations would not produce comparable economic damage. Instead, the Foundation for Defense of Democracies, a Washington, D. C.- based think- tank, suggested the U. S. strike back by hacking and releasing information about President Vladimir Putin’s personal wealth, in an attempt to shame him into halting digital attacks against the United States.
Shining a light on government corruption and exposing how much money foreign leaders have stashed away could be damaging in authoritarian countries like Russia and China. The ultimate goal would be to make cyberspace more peaceful rather than simply punching back in anger.
Others believe that the U. S. should overtly disrupt Russia’s security and infrastructure networks. But that could escalate the situation even further.
Russia is aggressively positioning itself to confront the new Biden administration. Deputy Foreign Minister Sergei Ryabkov stated recently that Russian- U. S relations are “going from bad to worse,” and that Russia does not expect “anything good” from the new president. He suggested a policy of “total deterrence” toward Washington, with minimal dialogue.
Putin often extols the spies who hack into U. S agencies. Laying a wreath at the SVR monument on Dec. 27, Putin praised the work of SVR officials as “extremely important,” noting “the difficult professional operations that have been conducted.” Such words suggest that the prospects of engaging in a constructive dialogue with his government are slim.
President Biden will be obliged to deal with the fallout from the latest cyberattack as one of his first orders of business. How he chooses to respond will be watched carefully by allies and adversaries alike, and will be an early, critical test of the new administration’s leadership mettle.
russia is positioning
itself to act against
biden’s government.
— derek h. burney
a major hack in late 2020 might have opened the next chapter.