Russia has apparently engaged in another cyberattack against the United States, and it’s imperative that the U.S. government take quick, firm action to protect Americans’ cybersecurity.
According to Bloomberg News, investigators have identified at least 200 government agencies and companies that were hacked via malicious code that was installed into updates of IT software from Texas-based SolarWinds Corp. One U.S. official told the Associated Press, “This is looking like it’s the worst hacking case in the history of America. They got into everything.”
According to the AP, officials including Secretary of State Mike Pompeo say Russia was behind the massive hack, whose victims included the departments of Treasury, Energy and Commerce, as well as government contractors. This breach went on for months, and the threat it poses to United States security can’t be overstated. Officials say the hackers might have been seeking nuclear secrets, blueprints for advanced weaponry, vaccine research related to COVID-19 and information for dossiers on government and industry leaders, the AP reported.
Failure to take seriously who the so-called “bad actors” are inhibits U.S. cybersecurity officials’ ability to tighten protections and punish the perpetrators. Kevin Mandia, CEO of cybersecurity firm FireEye, put it most succinctly to the AP: “These attacks will continue to escalate, and get worse if we do nothing.”
So the question is, as Sean Connery’s tough Irish cop in “The Untouchables” asked, “What are you prepared to do?”
“A wide range of possibilities are on the table, including overt measures and others that are unlikely to ever become public,” Bloomberg’s William Turton reported Dec. 24. “They include targeted sanctions, Justice Department indictments against the hackers, covert operations and the use of the U.S.’s own formidable offense cyber capabilities.”
A Dec. 22 opinion piece on Politico’s website outlined several key strategies to combat cyberattacks, including creating a national cyber director position within the White House; granting subpoena power to the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, to enable it to track down cyber vulnerabilities and breaches in private-sector systems; improving civilian government agencies’ IT security; and fostering better coordination between cybersecurity agencies, which too often operate in “silos.”
Washingtonians have seen firsthand what kind of damage cyber breaches can wreak. The state’s Employment Security Department was victimized by a Nigeria-based fraud ring that apparently used information obtained from previous breaches of personal data. The state paid about $600 million in bogus unemployment claims before the scheme was detected. About $350 million of that has been recovered.
But the latest hack associated with Russia very likely had more nefarious goals. “They’ve blown out the possibility that this is simply an intelligence operation,” Chris Inglis, former deputy director of the U.S. National Security Agency, told Bloomberg. “They’re clearly attacking the confidence that we as a society have in those systems.”
This threat will not go away, and Russia is certainly not the only “bad actor” the United States has to worry about. Make no mistake, this is a war, and it won’t be won by deflecting and pointing fingers. The federal government must launch a sustained, coordinated offensive before the systems on which Americans rely are decimated by our enemies.