The Solarwinds Hack Looks Increasingly Like an Act of War

By John Banks

The Solarwinds hack that broke into U.S. government agencies, along with hundreds of Fortune 500 companies, is increasingly looking like an “act of war” per various sources in the U.S. government and Congress.

“It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war,” Sen. Chris Coons of Delaware told reporter Andrea Mitchell.

“[T]his is as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime,” he added.

The scope of the hack continues to grow. On the government side, the hackers gained access to America’s nuclear stockpile, along with “the departments of Defense, State, Homeland Security, Treasury, Commerce, and Energy and its National Nuclear Security Administration” per Axios — and more.

On the private-sector side, Microsoft reports that customers impacted by the Solarwinds hack spanned more than half a dozen countries beyond the United States, including the U.K., Israel, United Arab Emirates, Canada, Mexico, Belgium, and Spain.

New breaches continue to surface as cyber-investigators hunt for evidence of entry and scan for “back doors,” which are hidden ways to sneak back into the system. As an example of a new finding, dozens of email accounts within the U.S. Treasury department were breached. Bloomberg further reports at least three state governments were hacked.

In a Tweet on Saturday, Dec. 19,  President Trump questioned the seriousness of the attack and whether or not Russia was behind it, saying that “it may be China (it may!).”

But the U.S intelligence community, and Trump’s own cabinet, have confidence Russia is the source.

“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Secretary of State Mike Pompeo had already said on Friday, Dec. 18.

“From the information that I have, I agree with Secretary Pompeo’s assessment,” said Attorney General William Barr on the following Monday. “It certainly appears to be the Russians, but I’m not going to discuss it beyond that.”

The intelligence community is confident it was Russia in part because of the creativity and sophistication of the attack, along with various operational clues.

Though aspects of the Solarwinds hack were new, the approach also bore resemblance to a 2017 effort against the country of Ukraine, in which Russian operatives knocked out public and private computer systems in a malware attack that ultimately spanned dozens of countries, causing hundreds of millions of dollars’ worth of damage.

“This is something we have to address as soon as possible,” Sen. Mitt Romney of Utah said on Meet the Press. “They potentially have the capacity to cripple us economically, they went to our businesses. They have the potential to also cripple us with regards to our water and electricity and so forth.”

It isn’t yet clear how the U.S. government should respond. Behind the scenes, an ongoing root-out and clean-up effort will take years. Tech giants like Microsoft and Cisco — let alone cybersecurity firms like Solarwinds and FireEye — may also have to completely review, upgrade, and overhaul their security approach.

“While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them,” writes Tom Bossert, a former homeland security adviser to President Trump, in a New York Times opinion piece.

“It will take years to know for certain which networks the Russians control and which ones they just occupy,” says Bossert. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated. But it is unclear what the Russians intend to do next.”

In addition to ongoing security issues, a growing question is: How should Russia be punished for this?

Options include sanctions on Russian financial activity (in addition to the sanctions that already exist); a U.S.-led cyberattack on Russian systems as a form of retaliation; a joint effort between, say, the U.S. and European allies; or something bigger and more intense.

We don’t know where the Solarwinds hack will go next. But we know the dangers won’t go away.

Whether the next shoe to drop is another outright attack on U.S. systems, an escalation of geopolitical conflict between the U.S. and Russia, or a high-profile U.S. retaliation, the greatest cyberattack in history — which many now view as an act of war — is very much a storyline to be continued in 2021.