I like David Ignatius’s take on the Russian SolarWinds hack, expressed in his most recent Washington Post column:
One simple way to think about the threat posed by Russian intelligence in its “SolarWinds†hack is that it exposed the vulnerability of the vast store of supposedly secure personal and corporate data known as the “cloud.â€
This wasn’t an attack on classified systems or a sabotage mission, from what we know. Loose talk by Sen. Richard J. Durbin (D-Ill.) calling it “virtually a declaration of war†is misplaced. This appears to have been an especially intrusive version of cyberespionage, which governments conduct routinely around the world.
But make no mistake: The SolarWinds hack, named for the company whose widely used network software was manipulated to plant malware, was a scary snapshot of today’s Internet — a world where personal privacy has all but vanished and nation states or private actors can penetrate systems and steal data almost at will. If you’re used to thinking of the United States as a fortress, forget it. Our information space has become the terrain where people fight their cyberwars: We are the Internet version of Belgium or Lebanon, trampled by so many armies of manipulation.
There’s a reason for the greater reaction from private companies to the hack than from the federal government that Mr. Ignatius calls out: it threatens their business model. The hack is crushing SolarWinds’s stock but it has actually boosted FireEye’s. What this points out is that being hacked is embarrassing for a cybersecurity firm but openness and calling public attention to a massive public problem is beneficial to all of us.
If the federal government weren’t full of arrogant, ignorant dolts, they’d realize that the hack calls their business model into question as well. Counter-attacking would be reckless and no number of defensive layers will help in the presence of centralized decision-making.
