Soon after Vladimir Putin’s rise to power, he pushed for a walled-off “Russian internet” which was a strategic shot fired across our bow. Russian operations since would turn global internet-dependent nations and entities into a constellation of sieves to reverse the internet security advantage in favor of the “Russian internet,” if such was attainable.
Hackers have reportedly breached U.S. government and private enterprise systems using malicious code embedded in a SolarWinds software security update earlier this year and established themselves in U.S. government and sensitive private enterprise computer networks for several months, and maybe longer. The software supply chain was compromised. Not surprisingly, Russian state hackers are the main suspect.
There could not come a worse time for the nation’s security with the lame duck administration with hundreds of pre-2016 Russian state friendly connections having asserted loyalist control over varied agencies. Whether there are insiders planted by that Administration to enable this hack within one or more departments or agencies remains to be seen.
On LinkedIn, some profiles in software DevSecOps recently promoted within the government have signaled loyalty to persons and not national security by coming out swinging for the false election fraud allegations even after courts across the nation had dismissed the majority of cases. Nothing screams loyalist as one willing to posture irrationally and fall on their letter openers for a leader acting ultra vires of his or her oath.
If follow-on exploits, installations, and backdoors were created after the SolarWinds security update established the initial access, a question arises of whether Moscow is also spying on the processes used to ‘secure’ the networks, do damage assessment, and investigate leads. Whether or not exfiltration or theft reached the most sensitive material, is Moscow monitoring the post-hack investigation and security measures in real time? Can its hackers or AI available to them, take clues from the post-hack response to learn what we deem sensitive material? That is, if they had not already cracked-into it?
Or if there is another Edward Snowden insider, are these questions moot? Don’t assume so.
Whatever the case, it is hopeful that our cybersecurity responses are not giving the Russians a tour they did not or could not yet take. Don’t show them patterns of concern.
Indeed, wall-off networks altogether if possible, and establish alternate methods for getting departmental business done while the analysis is done.
Putin sought a “Russian internet” for fear of this very kind of breach. Except now he’s inflicting some level of his feared outcomes on the United States while Donald Trump languishes in office, a double-tap against U.S. security.
Were counter-response plans to such a hack known in advance?
Whatever the actual U.S. response, respect is due the Russian side. Let us show that respect by upping our game, and by not following predictable, likely compromised routines and responses. Or thumb-sucking infighting. This is a time to work from scratch even as we assess what Moscow has actually attained, what can be done with it, and what their intentions so far appear to be. Let us also locate the insiders and remove them from the game board.