The authors argues that there are several important lessons to be learned from the fact that APT29, a hacker group tied to Russian foreign intelligence, inserted malicious code into SolarWinds software. For one, "governments no longer control the announcement of who’s behind a cyberoperation," as media outlets began assigning blame for the attack to Russia without waiting for the government. SolarWinds, the software company itself, "suggested a government was behind the hack" before the Trump administration. Second, "so far no one has reported that the hacker manipulated, destroyed or disrupted data," suggestions that benefits of cyberoperations such as these "come from the information they unearth." Third, "deterrence is complicated," and hacks such as these throw into question the Department of Defense's "defend forward" strategy, introduced in its 2018 Cyber Strategy. Going forward, the U.S. should "take the SolarWinds hack into consideration as it helps develop international cyber norms."

Read the full article at The Washington Post.

Photo from Wikimedia Commons shared under a Creative Commons license.