The Russians Are Here

The United States government is still uncovering the extent of Russia’s unprecedented hacking of nine government agencies and dozens of private-sector organizations, according to a report last week by the Associated Press. About nine months ago, Russia’s foreign intelligence service, the SVR, hacked into the email accounts of the secretary of homeland security and top officials at that department, as well as high-ranking officials at the departments of Energy, State, the Treasury, and others. A private cybersecurity firm, FireEye, discovered only four months ago that Russian spies had done this through software—widely used throughout the public and private sectors—provided by a vendor called SolarWinds. The cybersecurity firm then tipped off the government, which is still investigating the operation. How did this happen, and what does it mean?

According to Dmitri Alperovitch, who co-founded the cybersecurity firm CrowdStrike, the SolarWinds hack is the most expansive breach of national security through online espionage in U.S. history. But the Russians didn’t destroy or even damage any data or documents. As Alperovitch sees it, this is just traditional intelligence gathering extended to the digital domain, but the breadth and the duration of the hack should, he says, finally move the U.S. government to enhance its weak cyber defenses—and rethink its approach to cybersecurity as a whole.

Michael Bluhm: How significant is the SolarWinds hack?

Dmitri Alperovitch: This is unquestionably the most devastating breach of U.S. national security through cyber means that we’ve ever had.

That is the case for two reasons. One is the number of agencies that have been compromised. Department of Energy, DHS, Treasury Department, State Department—we have almost a dozen agencies that we know about that have been compromised.