SolarWinds: Cyber strategists are back to the drawing board - Hindustan Times

The SolarWinds hack – a cyber espionage campaign compromising critical organisations of the US – has fundamentally disrupted the power dynamics of cyberspace.


It is not only a major setback to the cyber statecraft initiatives of the United States (US) which took years to mature, but also challenges the basic assumptions upon which the West’s strategy for cyber dominance rest.


The operation, said to have begun in March, was only discovered this month when FireEye – an American cyber intelligence company – found out that its own network had been breached.


The investigation led responders through a proverbial rabbit hole as it became obvious that, before the intruders audaciously pivoted to FireEye’s network, they had “popped” almost 50 other US organisations including the departments of Treasury, Commerce, State, Energy & Homeland Security; companies such as Cisco, Intel, Nvidia, and VMware; and critical agencies such as the National Nuclear Safety Administration.


The hack of the decade is being attributed to SVR, the discrete Russian foreign intelligence agency. The tradecraft employed by the spies was brilliant as they managed to evade every defence in a global surveillance dragnet feeding the counterintelligence capability of the US and its allies.


By backdooring the update mechanism of a wildly popular IT administration software called SolarWinds Orion, the intruders managed to acquire a beachhead in any of its 300,000 customers.


At every step of the “kill chain,” the operators showed remarkable ingenuity.


They had no plans to outmatch the strategic cyber offensive might of the US, so the spies tactically blended-in with the environment, exploited “transitive trust” of the computers, and used deception to look like routine processes.


Yet, beyond all the technical details, it was the palpable strategic calculus which strikes at the heart of US cyber policy ..

Support the originator by clicking the read the rest link below.