Limits to Response

Massive Hack Blamed on Russia Tests Limits of US Response is the headline of a Wall Street Journal piece on the Russian hack of our government and some infrastructure facilities.

Despite its size, a sprawling computer hack blamed on Russia could leave President Trump and the incoming Biden administration struggling to find the right response, former US cybersecurity officials and experts said.

The Russian hack was an overt invasion of the United Space, just as much in cyber space as it would have been had it occurred in physical space. The only limits on our response—the only real limits—are our capacity to respond, and the mindsets of those with the authority to order the response.

Capacity includes our shamefully limited cyber capability coupled with the much lower degree of Russia’s dependence on cyber in its various facilities (military, political, economic).

Capacity also includes, though, political, economic, and physical response venues.

This attack badly wants a more prompt response than economic sanctions are capable of effecting.

 “It’s a hack. It’s a breach. It’s espionage. It’s not an attack,” said former White House and Justice Department official Jamil Jaffer, executive director of George Mason University’s National Security Institute. “I don’t think some major offensive response is warranted based on what we know now.”

And

…the former officials said the intrusions fell more along the lines of classic digital espionage, however brazen.

This insistence on downplaying the severity of an invasion is a major player in our vulnerability to such attacks is an illustration of the weakness of the mindsets involved, for all that Jaffer is not one of those charged with the responsibility. It increases our vulnerability to physical attack.

There needs to come an end to mental weakness, idle chit-chat, and vapid responses and to get serious about such invasions.

Now.

Couple Rude Questions

These arise from the SolarWinds hack attack that some experts claim doesn’t rise to an act of war (but that I think might do so*).

Why wasn’t it spotted sooner? This applies to SolarWind as much as it does the IT MFWICs and their staffs at the various government agency and private business recipients. Who inspected SolarWind’s “updates,” how were they tested both before SolarWind disseminated them, and how were they tested before the receiving entities implemented them? Were the recipients actually, with straight faces, allowing a remote entity to enter their systems and install software that was uninspected/untested by those recipients?

What’s being done about the hack now—both defensively and offensively?

On what basis would we be able to believe all of the proximately done SolarWind hackware has been rooted out?

What other software is broadly used in government and automatically updated from outside? What inspecting and testing is being done on that software?

What inspection/testing is being conducted on all the private economy cloud software extant?

More serious, though, are these questions:

Was this hack, which embedded spyware, among other things, all of it? Or was this hack intended to be found as a distraction from detecting other, more hidden, more nefarious software—software that could be triggered later to conduct sabotage of critical systems, insert misleading or outright false data into critical databases and imaging systems, cut off communications between critical government and military leadership entities and between those and their field-operational systems at critical moments of a more overt attack?

Was this hack conducted by Russia? Or perhaps by Iran, while framing Russia, the butcher of Chechnya? Or perhaps by northern Korea, while disguising its own culpability by framing Russia? Or by the People’s Republic of China, which still regards Russia as a foe and now recognizes Russia’s political and military impotence vis-à-vis the CCP and the PLA, and so harming two enemies with one exploit?

*Shameless plug