I’m hesitant to do this because everyone says how the SolarWinds hack confirms all their priors, but here goes.

My PhD and first book argues the blurred lines between espionage and preparations to attack in cyber make interpretation hard. A short thread on what that means here.

Simplifying a lot, the problem is this: the illicit network access hackers use to spy can also enable attacks. Not particularly high-end ones, but still damaging.

This means that it’s sometimes hard to know the intentions behind an intrusion. Was it espionage or a foiled attack?

International relations theory and history suggests that, faced with ambiguity, states tend to assume the worst about their adversaries. What one side does for defensive reasons, the other often sees as offensive, or potentially so. I argued that this instinct applies to hacking.

The folks saying this is war or like flying bombers over the US are good examples. They’re partially right and partially wrong. They’re right that this access could have aided attacks, but so could the access for most cyber espionage. It’s alarming, but doesn’t make espionage war

To be clear, I’m not saying this hack was defensive. It’s very intrusive and damaging espionage. The failure to stop it should sound alarms about what else we’re missing.

But it’s not war. It’s a window into the world of cyber ops and the risks of misinterpretation it poses.

For those interested, my book on misinterpretation in cyber operations is The Cybersecurity Dilemma. But, for non-theorists, my second book does a better job of showing how the game is played. https://www.amazon.com/gp/aw/d/0674987551/ref=dbs_a_w_dp_0674987551