Read on Twitter
Good piece by @jacklgoldsmith on #SolarWindsHack
I agree with his main points.
But I disagree with some of his analysis, which conflates espionage with far more malicious cyber operations. Vital distinctions in thinking about reciprocity and deterrence in cyberspace.
<thread> https://twitter.com/jacklgoldsmith/status/1339927394770169857
I agree with his main points.
But I disagree with some of his analysis, which conflates espionage with far more malicious cyber operations. Vital distinctions in thinking about reciprocity and deterrence in cyberspace.
<thread> https://twitter.com/jacklgoldsmith/status/1339927394770169857
2. My agreement with Jack:
a) It's wrong to suggest this hack is like an act of war.
b) It's wrong to suggest USG could lawfully use military force in response.
c) Public officials/commentators should react with awareness that USG hacks foreign govts' networks on a huge scale.
a) It's wrong to suggest this hack is like an act of war.
b) It's wrong to suggest USG could lawfully use military force in response.
c) Public officials/commentators should react with awareness that USG hacks foreign govts' networks on a huge scale.
3. On reciprocity: Jack argues that USG's aggressive disruption of Russia’s Internet Research Agency (IRA) in 2018 opens door to other countries' engaging in similar disruptive actions against US for espionage.
But that erroneously conflates IRA’s actions with espionage.
But that erroneously conflates IRA’s actions with espionage.
4. The Internet Research Agency was engaged in election interference (not simple espionage).
The IRA's actions may be said to violate international law – legally justifying US disruptive cyber actions in response.
The IRA's actions may be said to violate international law – legally justifying US disruptive cyber actions in response.
5. On deterrence:
Jack describes US operation that placed malware on Russia's electric grid as an "effort at deterrence [that] appears not to have worked" as evidenced by SolarWinds espionage hack.
But that's probably not what the USG operation was trying to deter.
![5. On deterrence: Jack describes US operation that placed malware on Russia's electric grid as an "effort at deterrence [that] appears not to have worked" as evidenced by SolarWinds espionage hack.But that's probably not what the USG operation was trying to deter.](https://pbs.twimg.com/media/Epi4EQTW8AIW9Yg.png "5. On deterrence: Jack describes US operation that placed malware on Russia's electric grid as an \"effort at deterrence [that] appears not to have worked\" as evidenced by SolarWinds espionage hack.But that's probably not what the USG operation was trying to deter.")
Jack describes US operation that placed malware on Russia's electric grid as an "effort at deterrence [that] appears not to have worked" as evidenced by SolarWinds espionage hack.
But that's probably not what the USG operation was trying to deter.
6. USG was likely responding to Russia's having done similar things to US critical infrastructure and, importantly, to deter Russia from actually launching cyber operation to damage US electric grid/nuclear power plants.
Can't say that effort at deterrence has not worked.
Can't say that effort at deterrence has not worked.
7. Finally, does #SolarWindsHack violate international law?
It's a more difficult question than some have suggested.
The scale and form of the operation are compromising the ability of critical USG networks to communicate including in nuclear sector
A violation of sovereignty?
It's a more difficult question than some have suggested.
The scale and form of the operation are compromising the ability of critical USG networks to communicate including in nuclear sector
A violation of sovereignty?
8/8
On SolarWinds and nuclear sector ( @NatashaBertrand @ericwolff):
https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855
On US op against Russia power grid ( @SangerNYT @nicoleperlroth):
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html?login=email&auth=login-email
Legal analysis of US op against Russia power grid ( @Schmitt_ILaw): https://www.justsecurity.org/64614/u-s-cyber-command-russia-and-critical-infrastructure-what-norms-and-laws-apply/
On SolarWinds and nuclear sector ( @NatashaBertrand @ericwolff):
https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855
On US op against Russia power grid ( @SangerNYT @nicoleperlroth):
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html?login=email&auth=login-email
Legal analysis of US op against Russia power grid ( @Schmitt_ILaw): https://www.justsecurity.org/64614/u-s-cyber-command-russia-and-critical-infrastructure-what-norms-and-laws-apply/
