This language is misleading as a matter of international law and therefore in terms of possible responses. Senior US politicians have described the incident as a ‘ virtual invasion’ and akin to ‘ the level of an attack that qualifies as war’.
The incident is also mischaracterized in that it has frequently been referred to as an attack. This is a valuable lesson which should inform the debate on the role of the state in private sector cybersecurity and the importance of sharing cybersecurity threat intelligence between the public and private sectors, as highlighted by Microsoft President Brad Smith, as well as the role of non-state actors in technical attribution. Fire Eye was not legally required to report it but did so voluntarily, and we will never know what could have happened had it chosen not to do so. So rather than reverting to the kind of sabre-rattling rhetoric which may only serve to further destabilize cyberspace, the SolarWinds intrusion could prove to be a simple, albeit critical, lesson for everyone involved.Ī related point hinges on the fact that the breach was discovered by a private cybersecurity firm called FireEye, which reported it to the US government. Some have therefore called this an ‘ unacceptable… big failure’ of cybersecurity. It is therefore important to maintain perspective and focus on the original cause of the incident a supply chain weakness which, in 2020, arguably should never have happened. This level of preparedness and monitoring is a challenge and engenders discussion about the need for national strategies to proactively counter and deter such cyber operations, rather than focus on the use of offensive cyber capabilities or ‘cost imposition’. Such elaborate methods require cybersecurity measures which must be constantly revised, tried and tested. The intrusion was able to insert ‘back doors’ into the networks of dozens of companies, government agencies, and think-tanks across the US and beyond, thus gaining persistent access – and it was nearly a year before it was detected. SolarWinds and Microsoft have called it a very ‘sophisticated’ operation.
#Solarwinds breach update
The conduit for the cyber intrusion was a software update provided by a private company called SolarWinds. Although it is tempting to focus on options for a potential response, such as ‘cost imposition’ or the use of offensive cyber capabilities - and even on the purported failure of the US strategy to ‘defend forward’ – there is also value in paying attention to what this wasn’t, to ensure that future preventative action is appropriately focused. A joint statement by the FBI, the National Security Agency (NSA) and others, concluded that Russia is ‘likely’ to be behind the hack. The global reach of the incident, and the nature and number of affected US government agencies – most notably the US Energy Department which controls the National Nuclear Security Administration – is unprecedented. In mid-December 2020, the biggest cyber intrusion known to date was discovered in the United States, the world’s leading cyber power.
0 kommentar(er)
