The relationship between geopolitics and cybersecurity has never been as tight as it is now.
The SolarWinds supply-chain attack, as one of the most potentially damaging attacks we have seen, has seriously impacted some U.S. government departments and revealed how advanced Russian threat actors are.
Although the cyber attacks have not been attributed to the Russia, circumstantially, the espionage operation was masterfully executed and reflected Russian state interests.
Russia has a long history of cyberattacks, and many of its state-affiliated factions have carried out extremely destructive incursions against political targets and critical infrastructure facilities in the West.
Russian president is happy to play with international norms – or disregard them entirely. Russia is also a massive threat to EU and Western democracies, and their cyber capability has been used offensively in several elections over the last five years.
A few days ago in an exclusive interview with BBC Moscow correspondent Steve Rosenberg, the head of Russia’s Foreign Intelligence Service Sergei Naryshkin has denied that his agency was linked to a massive cyber-attack in the US last year and suggested it was Western intelligence that may have orchestrated the operation.
Last month saw yet another revelation in the continuing fallout from the SolarWinds hack.
The email account belonging to the former head of the U.S. Department of Homeland Security’s was compromised.
Other members of the department – which are responsible for safeguarding the US’s cybersecurity, among other things – were also accessed.
This is espionage at another level: it may have set back intelligence operations by many months, or even years.
It is quite logical that U.S. government invest over $10 billion in the Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) to launch new cybersecurity and IT shared services, as well as other cybersecurity programs, indicating the importance of cybersecurity in politics and everyday life.
U.S. President Joe Biden has signed an Executive Order to improve the cybersecurity of the USA, because of persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately people’s security and privacy.
The Executive Order seeks to improve efforts to identify, deter, protect against, detect, and respond to these actions and actors.
Specifically, the Executive Order will:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector.
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government.
- Improve Software Supply Chain Security.
- Establish a Cybersecurity Safety Review Board.
- Create a Standard Playbook for Responding to Cyber Incidents.
- Improve Detection of Cybersecurity Incidents on Federal Government Networks.
- Improve Investigative and Remediation Capabilities.
This document was much anticipated, even before the Colonial Pipeline attack, and is a significant step in securing US from future cyber exploits.
There were earlier red lebels as well, including Iran’s 2013 cyberattack that took control of a New York state flood-control dam, Ukraine’s 2015 attack on its grid, and attack on U.S. power grid in 2016.
These nation-state cyberattacks showed, they can politically strengthen the Russian president, as he is able to paint a picture of Russia against the world, especially Western forces.
The question is whether we will stop the next SolarWinds or Colonial Pipeline attack…