Companies keep assessing SolarWinds hack as U.S. sanctions Russia
Companies keep assessing SolarWinds hack as U.S. sanctions Russia
The Biden administration cut off Russia’s sovereign bond market from the U.S. banking system Thursday as one measure to sanction Moscow for its presumed disinformation campaign during the 2020 election, and for the Russian spy agency’s role in the SolarWinds breach in December 2020 that penetrated tens of thousands of U.S. companies, as well as key government agencies.
Across the economy, companies in various sectors continue to assess the scale of the SolarWinds breach, which is what cybersecurity experts call a supply chain attack.
The White House on Thursday accused Russian spies of breaking into software that tens of thousands of companies — and government agencies — depend on. The malicious code infected systems through automatic software updates, the administration said.
Dmitri Alperovitch, co-founder and executive chairman of the Silverado Policy Accelerator think tank, said the hackers’ main target is intelligence secrets. But they also compromised multiple software companies, “with the goal seeming to be to find vulnerabilities in their product, maybe even try to introduce back doors or steal critical information,” Alperovitch said. “And it’s clear what the Russians are doing. They’re stockpiling as many of these supply chain vulnerabilities as possible.”
These vulnerabilities threaten all of us, who use, say, Microsoft programs, said Stewart Baker, a former National Security Agency attorney now at the law firm Steptoe & Johnson.
“None of us is an island,” Baker said. “We all trust the people who write the software that we are using. And if those folks fall down, we’re next.”
At stake is the digital plumbing of modern life. Cyber analysts say the SolarWinds hack infiltrated network hardware, including Cisco routers.
“These are brand-name companies moving lots of units of hardware that malicious entities abroad would like to get into if they can,” said David Edelman, who served in cybersecurity and economic policy roles in the Obama White House and now teaches at the Massachusetts Institute of Technology.
“We trust these algorithms and these interconnected networks to make decisions for us, but humans may not know how to override those systems,” said Shital Thekdi, business professor at the University of Richmond.
The hackers have “burrowed in,” Thekdi said, but how deeply and what the Russians’ ultimate plans are remain unknown.
Breaches like the SolarWinds attack highlight the vulnerability of American factories as well, said Chris Painter, the top U.S. cyber diplomat in the Obama administration.
“The manufacturing sector still has a long way to go” before securing itself from hacks, Painter said. “The energy sector has a long way to go.”
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.