Russia hack seen to point up U.S. lapses
Cyberdefenses prove inadequate even after billions spent on latest technology
WASHINGTON — Over the past few years, the U.S. government has spent tens of billions of dollars on cyberoffensive capabilities, building a giant war room at Fort Meade, Md., for U.S. Cyber Command, and installing sensors all around the country — a system named Einstein — to deter the nation’s enemies from picking its networks clean, again.
It now is clear that the broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected by the private sector only a few weeks ago, ranks among the greatest intelligence failures of modern times.
Einstein missed it — because the Russian hackers designed their attack to avoid setting it off. The National Security Agency and the Department of Homeland Security, which focused on protecting the 2020 election, were looking elsewhere.
The new U.S. strategy of “defend forward” — essentially, putting American “beacons” into the networks of its adversaries that would warn of oncoming attacks and provide a platform for counterstrikes — proved little to no deterrence for the Russians, who have raised their game significantly since the 1990s, when they opened an attack on the Defense Department called Midnight Maze.
The national security adviser, Robert O’Brien, cut short a trip to the Middle East and Europe on Tuesday and returned to Washington to run crisis meetings to assess the situation.
Asked Tuesday whether the Defense Department had seen evidence of compromise, the acting defense secretary, Christopher Miller, said, “No, not yet, but obviously looking closely at it.”
At the very moment in September that President Vladimir Putin of Russia was urging a truce in the “large-scale confrontation in the digital sphere,” where the most damaging new day-to-day conflict is taking place, one of his premier intelligence agencies had pulled off a sophisticated attack that involved getting into the long, complex software supply chain on which the entire nation now depends.
“Stunning,” Sen. Richard Blumenthal, D-Conn., wrote Tuesday night. “Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what’s going on.”
He called for the government to declassify what it knows and what it doesn’t know.
On Wednesday morning, Sen. Dick Durbin, D-Ill., called the Russian cyberattack “virtually a declaration of war.”
The National Security Agency has been largely silent. Even the Cybersecurity and Infrastructure Security Agency, the group within the Department of Homeland Security that defends critical networks, has been quiet on the Russian mega hack.
Blumenthal’s message on Twitter was the first official acknowledgment that Russia was behind the intrusion.
Trump administration officials have acknowledged that several federal agencies — the State Department, the Department of Homeland Security, parts of the Pentagon as well as the Treasury and Commerce departments — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence agencies and nuclear laboratories were affected.
The same questions are being asked inside many Fortune 500 companies that use the network management tool, called Orion and made by Austin, Texas, company SolarWinds. Los Alamos National Laboratory, where nuclear weapons are designed, uses it, as do major defense contractors.
“How is this not a massive intelligence failure, particularly since we were supposedly all over Russian threat actors ahead of the election,” Robert Knake, a senior Obama administration cyberofficial, asked Wednesday on Twitter. “Did the NSA fall in a giant honey pot while the SVR” — Russia’s most sophisticated spying agency — “quietly pillaged” the government and private industry?
Government officials have yet to say what the Russians were seeking or what they stole — and perhaps that has not been determined.