The SolarWinds Hack

John Arquilla - Credit: Naval Postgraduate School

The SolarWinds Hack
[“From Solar Sunrise to SolarWinds“]
Communications of the ACM, April 2021, Vol. 64 No. 4, Pages 6-7
By John Arquilla

“The SolarWinds affair is simply another incident in a long pattern of intrusions.”


For all its breadth, depth, and skillful insertion via the supply chain, the latest hack of critical departments of the U.S. government—and of many leading corporations from around the world—should come as no surprise. Twenty-two years ago, as American forces were readying to strike Iraq for violations of an agreed-upon U.N. weapons inspection regime, deep intrusions into sensitive military information systems were detected. Enough material was accessed that, if printed out, it would have made a stack over 500 feet tall. The investigation into this hack, code-named “Solar Sunrise,” unearthed a group of teenagers, two in Northern California, one in Canada, and a young Israeli computer wizard, Ehud Tenenbaum.


The youth of the miscreants, and their lack of connection to a hostile power, led to a somewhat dismissive attitude toward this sort of cyber threat. The absence of a sense of urgency about the problem was noted in a study of the matter undertaken by the National Academy of Sciences the following year, 1999, at a time when yet another very grave series of intrusions into American defense information systems—this time seemingly by Russians—was occurring. The effort to detect, track, and then deter further hacks was code-named “Moonlight Maze,” an investigation that revealed the intrusions had been ongoing or at least three years before having been spotted.



The SolarWinds affair is simply another incident in a long pattern of intrusions. …


Why, then, this worst-ever hack? The National Academy study from 1999 put the matter well when it focused on an organizational culture, especially in the military, that tended to downplay thinking and planning for defense. To this I would add that, when conceiving of defense, too much reliance is placed on firewalls and anti-viral software designed to keep intruders out. These are Maginot Lines. Instead, the right approach is to “imagine no lines,” to think in terms of aggressors who will always find a way in. By cultivating a mindset emphasizing this inevitability, those charged with protecting our cyberspace will find that innovative defensive practices will arise more readily.



What is to be done now? Aside from fundamentally shifting the emphasis away from “static” cyber defenses like fortified firewalls and anti-viral software that find it hard to detect the latest advances in malware, it is crucially important to take full advantage of the opportunity that the SolarWinds hack has provided to scour all information systems for any signs of delayed-action devices—designed not for spying, but rather for disrupting or distorting data flows in time of war. Military and business information systems should both get a clean bill of health; that is, test negative for signs of “cybotage,” before shifting to a new security regime based on strong codes and regular movement of data.


Read the Full Article »

About the Author:

John Arquilla is Distinguished Professor of Defense Analysis at the U.S. Naval Postgraduate School. From 2005–2010, he served as Director of the Department of Defense Information Operations Research Center. The views expressed are his alone.