My first thoughts on the strategic impact of Solar Winds: this is appears to be a large infiltration of networks that contain important information about US government operations. This could be a huge intelligence loss for the US with long term implications for national security
As of yet, no released evidence that hack led to disruptions, deletions, or manipulations of data (still waiting here). Unclear whether this was restraint by (presumable) Russian actors, lack of opportunity, or a combination of both, i.e. intel benefit outweighed attack benefit.
Lessons learned: 1) there is a proliferation of private & public US actors that have the capability and willingness to attribute. Attribution may become less of a political decision as these private attribution actors become more influential & capable.
Lessons learned: 2) these kinds of cyber exploits for intelligence will continue. Recommend reading @JoshRovner1 & @jonrlindsay on cyber as an intelligence framework. https://www.tandfonline.com/doi/abs/10.1080/02684527.2020.1840746?journalCode=fint20 https://warontherocks.com/2019/09/cyber-war-as-an-intelligence-contest/
Cyber War as an Intelligence Contest - War on the Rocks

Editor’s Note: Joshua Rovner’s special series, “The Brush Pass,” is back. Rovner is rejoining us after spending a year at the National Security Agency and

https://www.tandfonline.com/doi/abs/10.1080/02684527.2020.1840746?journalCode=fint20
Lesson learned: 3) I largely agree w/folks that point to these exploits as evidence that deterrence of intelligence-motivated cyber exploits is a flawed strategy. I still believe that defense, counter-cyber ops, & info sharing is the best response to these kinds of hacks.
@jacklgoldsmith has important ?s about whether US would conduct similar hacks & if so whether the US' current toolbox is appropriate for dissuading (or degrading) adversaries from these hacks. Are we on the losing side of this competition? @lawfareblog https://www.lawfareblog.com/quick-thoughts-russia-hack
Quick Thoughts on the Russia Hack

This most recent breach constitutes a stunning display of the U.S. government’s porous defenses of sensitive government networks and databases.

https://www.lawfareblog.com/quick-thoughts-russia-hack
The US can better shape rules of the road, but I'm pessimistic we can dissuade adversaries from attempting these cyber hacks. I do believe declaratory restraint can help build norms about not using accesses for cyber attacks that cause civilian violence. https://www.tandfonline.com/doi/abs/10.1080/0163660X.2020.1770970
A Strategic Cyber No-First-Use Policy? Addressing the US Cyber Strategy Problem

(2020). A Strategic Cyber No-First-Use Policy? Addressing the US Cyber Strategy Problem. The Washington Quarterly: Vol. 43, No. 2, pp. 159-175.

https://www.tandfonline.com/doi/abs/10.1080/0163660X.2020.1770970
You can follow @JackieGSchneid.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.