SolarWinds Is Bad, but Retreat From Defend Forward Would Be Worse
The SolarWinds breach has kicked up a lot of dust. It’s thick, obscuring and deeply concerning. It’s also a long way from settling. But that hasn’t slowed the quick and steady drumbeat of postmortems declaring the shortcomings or outright failures of one aspect or another of the United States’s cybersecurity strategy and posture. To some degree this is understandable. In-crisis autopsies are not unusual in the cybersecurity business, and time is not an affordable luxury amid a massive breach. Some mitigation measures simply can’t wait. And as SolarWinds no doubt demonstrates, real cybersecurity continues to elude the nation.
Self-Delusion on the Russia Hack
The U.S. regularly hacks foreign governmental computer systems on a massive scale.
(Photograph by M. Borchi/Getty Images.)
As the news about Russia’s broad digital espionage operation against the U.S. Defense, Treasury, and Commerce Departments, nuclear laboratories, and other governmental systems grows more ominous, prominent voices are calling for a vigorous response. “[A]ll elements of national power,” including military power, “must be placed on the table,” proclaimed Thomas Bossert, the former senior cybersecurity adviser in the Trump administration, in a
New York Times op-ed. The United States must “reserve [its] right to unilateral self-defense,” and “allies must be rallied to the cause” since such coalitions will be “important to punishing Russia and navigating this crisis without uncontrolled escalation.” Sen. Richard Durbin had a similar but pithier assessment: “This is virtually a declaration of war by Russia o
Incoming Biden administration must act fast to prevent another SolarWinds cyber-attack and repair untold damage already done
While we do not yet know the extent of the damage done, the SolarWinds cyber-attack is a sobering reminder that bad actors are actively at work against the United States. Now more than ever, it is critical that we contain and remove all malware and secure our government networks. To do this, the federal government must ensure a coordinated and robust response, pulling resources from wherever necessary, including utilizing Defense Support of Civil Authorities (DSCA), private sector collaboration, and sector-specific agency teams to quickly identify the depth and extent of the breach.
To Blame Russia For Cyber-Intrusions Is Delusional - A Treaty Is The Only Way To Prevent More Damage
The
The first paragraph:
Secretary of State Mike
Pompeo said Friday it was clear that Russia was behind the widespread hacking of government systems that officials this week called “a grave risk” to the United States.
That is a quite definite statement.
But it is very wrong. Pompous did not say that it was clear that Russia was behind the IT intrusions.
The third paragraph in the
NYT story, which casual readers will miss, quotes Pompous and there he does not say what the
Self-delusion on the Russia hack The lack of self-awareness in these and similar reactions to the Russia breach is astounding. The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day. Indeed, a military response to the Russian hack would violate international law. The United States does have options, but none are terribly attractive…
The larger context here is that for many reasons the Snowden revelations, the infamous digital attack on Iranian centrifuges (and other warlike uses of digital weapons), the U.S. “internet freedom” program (which subsidizes tools to circumvent constraints in authoritarian networks), Defend Forward, and more the United States is widely viewed abroad as the most fearsome global cyber bully. From our adversaries’ perspective, the United States uses its prodigious digital tools, short of war,