“Everything is well under control,” is what outgoing Republican President Trump tweeted in response to the still ongoing SolarWinds hack. Sadly, the president is wrong. The situation is far from under control. In fact, things are likely to get much worse in a very short amount of time.
SolarWinds products help companies with large IT portfolios identify and manage network problems. These products are used by many Fortune 500 companies, a host of U.S. federal government agencies and defense contractors. According to the president of Microsoft, the hack affected at least eight other countries besides the United States, as SolarWinds products are used overseas.
Recently, the federal government announced that one of America’s near-peer competitors was exploiting a critical vulnerability in SolarWinds software to gain unprecedented access to the entities that depended on SolarWinds software — including the National Nuclear Security Administration (NNSA), which is charged with safeguarding America’s nuclear weapons arsenal. More ominously, every expert has said that the extent of the damage will be unknown for some time, partly because the hack is still underway.
Secretary of State Mike Pompeo has blamed Russia for the hack. Most cyber experts are in agreement with this accusation. The president of Microsoft has echoed this charge and argued that the hack was “reckless” on the part of Russia.
President Trump has inexplicably oscillated from downplaying to outright denying the threat. Every single cybersecurity expert this author has spoken to has stated that this was the most serious hack in American history. None of them agree with the president’s assertions that the hack was “far greater in the Fake News Media than in actuality.” Further, no serious cybersecurity analyst thinks this was the work of Chinese hackers masquerading as Russian hackers, as the president has suggested.
To compound matters, the SolarWinds hack has occurred at precisely the moment that the Trump administration’s Pentagon halted its cooperation with the Biden transition team. During this kind of national crisis, continuity — a rolling start — from one administration to the next, regardless of political party, is required to protect the country. The Trump and Biden teams should be working in tandem together to defend the United States at this precarious time.
While the ongoing hack is best described as an espionage mission conducted by the elite Russian military intelligence unit nicknamed “Cozy Bear,” the fact that the widespread hack is still in-progress means that the hackers are mapping our networks. In essence, this thing is just getting started. Cybersecurity experts are gravely concerned that the Solar Wind hack is merely a prelude to an actual cyberattack.
An actual cyberattack would see Russia destroying or weaponizing data to deprive the United States of useful information and disrupt specific capabilities in times of crisis. For example, the Russian hack of the NNSA could evolve to include the installation of bugs which could ultimately undercut the assurance that America’s leaders have in the dependability of the country’s nuclear weapons. Such uncertainty could lead to poor decision-making by an American president in a nuclear standoff with Russia.
The revelation of the SolarWinds hack has occurred in the same time period when Russia recently successfully tested one of their new hypersonic missiles in the Arctic. Further, last week, Russia fired one of their devastating antisatellite (ASAT) weapons — PL19 Nudol — which can destroy American satellites operating in low-Earth orbit.
These are not merely isolated incidents. In fact, Russian President Vladimir Putin is likely preparing the future battlefield in Russia’s favor, should hostilities erupt soon between the two nuclear-armed powers. Plus, Mr. Putin knows that President-elect Joe Biden’s team is preparing a “cost imposition strategy” for Russia that goes beyond sanctions and other defensive measures. Given the Mr. Biden team’s harsh rhetoric about Russia, it is likely that Mr. Putin thinks conflict between Russia and America will occur sooner rather than later.
The SolarWinds hack, therefore, is a proof-of-concept for Russia. It is Mr. Putin’s warning to Mr. Biden that Russia’s military can impose much greater horrors upon them if the incoming Biden team does not play nice with Russia. The United States is at the beginning, not the end, of an uncontrollable cascade of unconventional attacks emanating from its rivals, like Russia, directed against America’s vital-yet-vulnerable technological infrastructure.
The system is flashing red. Few seem to notice or care. Such crises make or break great powers. If America does not craft a reliable strategy for deterring Russian aggression in cyberspace now, then Moscow will simply escalate until there’s nothing left of America to defend.
• Brandon J. Weichert is the author of “Winning Space: How America Remains a Superpower” (Republic Book Publishers). He can be followed via Twitter @WeTheBrandon.