Cyber-attacks Expose US Failure
The story that has since emerged of the recent hacking attack on the United States government (USG) agencies would have seemed like fiction taken from the pages of a Cold War novel—too far-fetched to happen in real life. But today it is not fiction. Rather, the dark secret has come to light: The cyber-attack was very sophisticated and backed by well-funded entities, including government(s). The hackers demonstrate powerful espionage skills that exposed not only U.S. secrets and vulnerabilities, but also the failure of the US intelligence and security apparatuses to thwart and defend the country from such attacks.
By account of many cyber and international security analysts, the USG has recently experienced one of the largest and most serious cyber-attack in its history. As to how the hackers managed to break through the heart of the USG agencies, it would take few years before we get an answer.
This comes on the heels of the recent emerging information from a private dinner for senior technology security executives at the St. Regis Hotel in San Francisco, where Gen. Paul Nakasone, head of the U.S. National Security and Cyber Command, boasted of how his institutions could protect the US from spies. Looks to me like arrogance and assumptions have left us with little to show for. And when you have a top cybersecurity official, Gen. Nakasone, stated that U.S. teams "understand adversaries more than adversaries themselves" only to be faced with this massive breach, it puts forth the need and consideration for a top to bottom review of the U.S. intelligence community including cybersecurity command.
Let us state the obvious: U.S. recent intelligence failure(s) should serve as a wakeup call. While this criticism may sound harsh, it is the love and concern for our nation that prompts me to write this piece calling for action.
Of note: The hackers used a malicious software program to hack into Microsoft and ten other USG agencies which was planted in a Texas software company called SolarWinds. The hackers had also access to the E-mails of the U.S. Treasury and Commerce Departments.
We ended up doing what we do best: shift the blame, point fingers, and seek a scapegoat; rather than admitting our shortfalls and work on fixing the problem. When the hack was discovered and reported on in December 13, 2020, U.S. Secretary of State, Pompeo was quick to blame Russia describing the hack as a “serious threat" to the United States. What if it was China, North Korea, or someone else for all we know since no public evidence has been presented to back up either Pompeo or anyone else’s claim. There is, however, consensus among security analysts that the cyber-attacks bear the hallmark of the Russian ‘Cosy Bear’ malware. Note: Cozy Bear, classified by the US Government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with the Russian version of CIA, the SVR. APT29 is the same group that hacked the DNC in 2015.
At the time of this writing, the damage attackers inflicted is unknown. The cyber-attacks could not come at a worse time as the USG is struggling with a peaceful transition of power between two presidents, a nation so divided, and COVID-19 pandemic that has so far crippled the U.S. economy and destroyed many small businesses and the lives of many Americans. And when you have departments of the USG including branches of the Department of Defense, State, Treasury, Homeland Security, and Energy attacked, it undermines and further damages public confidence in not only U.S. cybersecurity infrastructure, but also the ability of the USG to protect Americans.
Resolving these issues is no easy matter. It took years before the USG was able to find out the extent of the 2014 and 2015 hacking attacks the Russian intelligence services conducted when they gained access to the unclassified e-mail systems of the White House, State department and the Joint Chiefs of Staff. What is known is that in 2017, Russian agents used similar method to disable private and government computer systems across Ukraine after a malicious program dubbed "Nut Petya" was hidden in a program widely used in accounting. Moscow, as expected, denied involvement.
As argued in my recently published book, The Dynamics of Russia’s Geopolitics: Remaking of Global Order, the internet became the platform on which cyberattacks, hacking, disinformation, and manipulation of social media settings happened. It fundamentally changed not only the rivalry between the United States and Russia, but also the nature of military confrontation, geopolitical tensions, diplomacy, and, of course, intelligence, mainly espionage.
It looks to me that some countries are capitalizing on the United States’ technological achievements by using those achievements against it. It demonstrates how global the threat is.
David Oualaalou is a Geopolitical Consultant, Award Winning Educator, Veteran, Author, and a former International Security analyst in Washington D.C.