Cybersecurity

3 lessons from Russia's cyberhack into U.S. agencies

December 16, 2020
Erica Borghard and Jacquelyn Schneider
This is a summary of an article originally published by The Washington Post.

The authors argues that there are several important lessons to be learned from the fact that APT29, a hacker group tied to Russian foreign intelligence, inserted malicious code into SolarWinds software. For one, "governments no longer control the announcement of who’s behind a cyberoperation," as media outlets began assigning blame for the attack to Russia without waiting for the government. SolarWinds, the software company itself, "suggested a government was behind the hack" before the Trump administration. Second, "so far no one has reported that the hacker manipulated, destroyed or disrupted data," suggestions that benefits of cyberoperations such as these "come from the information they unearth." Third, "deterrence is complicated," and hacks such as these throw into question the Department of Defense's "defend forward" strategy, introduced in its 2018 Cyber Strategy. Going forward, the U.S. should "take the SolarWinds hack into consideration as it helps develop international cyber norms."

Read the full article at The Washington Post.

Author

Erica Borghard

Erica Borghard is a resident senior fellow with the New American Engagement Initiative in the Scowcroft Center for Strategy and Security at the Atlantic Council and an adjunct associate research scholar at the Saltzman Institute of War and Peace Studies at Columbia University.

Author

Jacquelyn Schneider

Jacquelyn Schneider is a Hoover Fellow at Stanford University and a nonresident fellow at the Naval War College’s Cyber and Innovation Policy Institute, an affiliate of Stanford’s Center for International Security and Arms Control.

Photo from Wikimedia Commons shared under a Creative Commons license.