President-elect Joe Biden has pledged to make cybersecurity a key part of his upcoming administration. That’s good news, given the awful string of information released this week about foreign hacks into many sensitive government operations.
But Americans need more than just platitudes about disrupting attacks and protecting data. Biden needs to outline specific ways to protect national security from these insidious attacks, perhaps organizing and empowering a special unit for the job. He also needs to assure Americans he will take the offensive and retaliate appropriately.
Cyberwarfare is more than just the next step for espionage in a post-Cold War world. It is, as the name suggests, a form of warfare. Taken to extremes, it could allow for attacks against power grids, financial institutions and other necessary public and private services, disabling the nation and perhaps paving the way for more conventional, military attacks.
We are dismayed that outgoing President Donald Trump has chosen to ignore the latest evidence of intrusions, seemingly downplaying their importance. The silence makes the nation seem weak and helpless in the face of what is happening. Thankfully, others in Washington have been more candid in their dire assessments.
The U.S. Cybersecurity and Infrastructure Security Agency this week spoke of an “advanced persistent threat” that “poses a grave risk to the federal government.” Recent hacks have been so sophisticated and well-planned that officials say it’s hard to tell what the hackers may have done beyond gathering top-secret information about government networks and how data is monitored.
Beginning as early as March, while most of the world was becoming obsessed with an unfolding pandemic, these hackers started targeting multiple government agencies and private concerns, primarily in the United States, but in many other nations as well.
Brad Smith, the president of Microsoft, said in a blog post that the attacks “put at risk the technology supply chain for the broader economy.”
Hackers have used a flaw in software produced by SolarWinds, a Texas-based company. Thousands of companies and federal agencies use this software to monitor their networks. The company serves about 300,000 customers, according to news reports, but only about 18,000 or less had installed the compromised version of software.
That is enough, however. Experts told NPR the attacks are not the work of some self-propagating bots, but are carefully planned and designed specifically to perform tasks carefully aimed at specific targets. Hackers obtain access to networks, then use malware to obtain higher credentials and greater access to information. They perform mischief while eluding detection, making other users and computer experts think systems are operating normally.
Experts believe Russia is the source of all this. Specifically, a unit known as Cozy Bear, believed to be a part of Russian intelligence, is suspected.
If Russia or any other belligerent nation were to send physical spies to break into buildings and steal information, Americans everywhere would be outraged. This nine-month incursion is exactly that, and it deserves much more attention than it is getting.
In an ever-changing world, the United States must demonstrate it is strong enough to resist modern threats to national security and to respond in meaningful and immediate ways. A more cooperative outgoing president would be able to work with the president-elect to make such a response during a time of transition. That would be a powerful show of national resolve.
Absent that, however, the president-elect needs to prepare to take quick and decisive action on his first day in office.