In early 2020, the Texas-based software company SolarWinds was unheard of. Currently, it is now associated with one of the largest security breaches to national security in global history. The Departments of State, Commerce, Treasury, and Homeland Security were all victims of the cyber-attack in December, leaving classified and top-secret governmental information open to access by these hackers. To make matters worse, nobody noticed for 9 months.
SolarWinds provides computer network management tools to a diverse range of wealthy companies; including UK’s Deloitte and the US Defence to protect classified info. Over 6 governmental agencies and some of America’s largest corporations fell for the hacker’s infiltration of the software. The “highly sophisticated” attack manipulated the Orion security software with malware, slowly embedding their coding into Orion itself, enabling the hackers to download and transfer protected data into their own networks. The question remains, who was the perpetrator and what were their intentions?
Extensive security concerns brew amid allegations of Russia’s involvement in the scandal. The US National Security Advisor Robert O’Brien states that there is “no doubt it was done by a state actor”. Former Secretary of State Mike Pompeo claimed Russia was “clearly” behind the attack. In a new interview, the spy chief of Russia’s Intelligence Service, Sergei Naryshkin denied all claims of Russian involvement, calling the allegations “pathetic”. As a result, Biden has imposed sanctions on Russia, including 32 officials and expelled 10 diplomats not only because of the hackings but meddling in 2020 elections. The back-and-forth power play between these two actors echoes the Cold War in cyber form. The hacking is considered one of the most sophisticated attacks so far in cyber history considering the importance of the classified data.
The main concern is how the hackers infiltrated the most complex of security systems. It seems shocking, or even embarrassing that hackers could access US government information without anybody noticing for 9 months. Therefore, the attack had intent to access a backdoor of information of the US government and large technology companies. GCHQ claimed that it was “highly likely” that Russian Intelligence was responsible for the cyber-crime. The UK’s response was provoked due to some large companies being affected; the former Director of GCHQ Ciaran Martin told the BBC that this “large scale espionage” has existed for years. It is unknown what information the hackers were able to gain access to or currently have; however, over 33,000 users of SolarWinds were hacked simultaneously. Consequently, the hacking catastrophe has meant SolarWinds has lost over $2.3b in stock, losing over a third of its value.
A Cold War 2.0 is brewing, but with larger implications – knowledge and data is power. If Russia were involved with the hacking scandal, the malign nature of international relations between the West and the East is becoming increasingly hostile. Biden stated that the United States was not looking to escalate conflict with Russia, yet acts that threaten the national security of the global hegemon may be more the reason to engage in this Cold War 2.0.