Emilio Iasiello, 17Apr2021
Editor’s note: On 15 April the Biden Administration formally attributed the Solar Winds attacks to Russia’s Foreign Intelligence Service, the SVR. Soon thereafter they issued several directives implementing sanctions against Russia and some Russian related business leaders. The fall out from these actions is still underway and we will continue to track and assess how these matters could impact business and government strategies and decision-making. This post provides context important in assessing why any cyber retaliation needs to be both quick and meaningful.-bg
The United States finds itself in a precarious position having been victimized by two major breaches that have far-reaching impacts. The 2020 SolarWinds breach by suspected Russian state actors remains extraordinary in the number of global government and Fortune 500 companies and organizations affected. The breach caught several important U.S. government and military entities exposed, among them the Department of Commerce, the Department of Defense, the Department of Homeland Security, and the Department of Treasury, among others. While SolarWinds stood at the apex of data breaches when it was eventually identified, another breach by another state actor quickly revealed the extent of which sophisticated cyber espionage campaigns plagued the United States, threatening its national security. In March 2021, Microsoft disclosed that China state-sponsored actors had leveraged zero-day vulnerabilities to gain entry into Microsoft Exchange Servers, deploying additional malware to sustain long-term access. Data collected in mid-March indicated that Germany, the United States, and the United Kingdom were the most targeted countries, with government, military, manufacturing, financials, and software vendors accounting for a quarter of all exploit attempts.
The SolarWinds and MS Exchange Server breaches are very similar in that two cyber powers successfully executed sophisticated supply chain attacks to support cyber spying activities. Both China and Russia have been cited in numerous U.S. Intelligence Community worldwide threat assessments as being stalwart cyber threat actors with the capabilities to conduct a variety of cyber operations. But the expanse, demonstrated effort, and sophistication of these breaches draws comparisons to the U.S.’s own capabilities, famously revealed in the Snowden disclosures that unmasked the U.S.’ global surveillance and cyber espionage apparatus. These adversaries not only had the skillsets and patience to pull off such ambitious activities, but Beijing and Moscow proved themselves worthy competitors to U.S. cyber dominance.
However, the gravity of these attacks cannot be overlooked, immediately issuing alarms throughout the U.S. national security establishment. The fact that the U.S. government failed to detect the SolarWinds breach and had to be notified by a private sector company was a complete embarrassment, raising questions about its cyber security programs, resources, and defensive capabilities. An Intelligence Community review of the SolarWinds hack revealed Russian culpability, demanding some level of response from a Biden Administration that asserted retaliation at a time and place of its choosing. The public statement of making a retaliatory strike against Russia has put Moscow on the immediate defensive, giving it advanced warning, and enabling it to prepare for and mitigate an attack even if it goes undetected. But the more important question remains: as its first cyber test and against a near-peer cyber power to the U.S., what is the Biden Administration prepared to do?
No comments:
Post a Comment