All of the talk about the #SolarWinds hack has me thinking about a piece I did for @JanesINTEL back in 2015 in the wake of the OPM hack headlined “How Cyber Broke Espionage.” Here’s a quick thread on what I found then, and why that might apply this time around. (1)

For those who don’t recall, the OPM hack involved China accessing sensitive files from a White House office tasked with, among other things, keeping details on background investigations conducted for US security clearances. (2)

Stealing those records struck intel folks as classic espionage, in that information was obtained but the hackers didn’t destroy or corrupt the underlying data. That has historically been the crucial divide between attack and espionage. (3)

In fact, then Director of National Intelligence Clapper basically congratulated the Chinese on their success in a speech. “On the one hand - please don't take this the wrong way - you have to kind of salute the Chinese for what they did.” (4)

So as you might have guessed from the headline of my piece, despite the fact that stealing information is classic espionage, some officials were beginning to contemplate whether cyber espionage might be different crossing the threshold towards war. (5)

“At what point do you reach the point when you have to react? It's the size of the OPM breach, even if it is a legitimate target; it's the scope of it,” an ODNI official told me at the time. That was why the Obama admin was considering action. (6)

That official came up with a historical parallel that I hadn’t heard of previously, something called “Operation Foot” run by British Intelligence in 1971. At the time there was a fairly permissive structure in place for Soviet spies in the UK. (7)

The British let the spies in, and kept tabs on them. But by 1971 the total number of Soviet spies had become a problem. The UK couldn’t keep track of them all. So they launched Operation Foot which booted 90 spies out of the country and barred 15 more. (8)

It wasn’t that the behavior of the spies changed, it was the scale of the spying. And cyber radically changes the scale of spying. Instead of a single spy being capable of stealing a bag full of files, a single hacker could steal millions of records. That’s what changed. (9)

As you may recall, the US and China agreed to some restrictions on hacking activity in the shadow of US pressure, and some of China’s hacking did temporarily abate. So let’s fast forward to what just happened with Russia and #SolarWinds (10)

The basics here are still the same, in that to date we haven’t heard evidence of destruction. It seems that the Russians were broadly stealing massive amounts of data from a wide range of government agencies (and some security companies). (11)

On its face that’s not an attack, and so the discussion that this was an act of war would seem inconsistent with past cyber policy. Yet the scale of this hack seems to one up the OPM hack. In that instance US officials were toying with action. (12)

From my sources at the time, I don’t believe the US was ever near quite ready for a sustained campaign, an escalation, with China. But I don’t know if the Biden people (many of whom served in the Obama admin) would treat #SolarWinds the same. (13)

Another thing to keep in mind is that Russia has also broadly engaged in election interference, and if you pair this hack with that activity, that might justify a more substantial response. It’s clear the Trump admin won’t do that, but we’re less than a month from a change. (14)

For anyone who’s interested, the Jane’s piece referenced here is behind a firm fixed paywall, so I don’t even have a viable link. But if you’re interested in the topic, check out this feature I did back in September on how AI is changing cyber warfare https://publicintegrity.org/national-security/future-of-warfare/scary-fast/twilight-of-the-human-hacker-cyberwarfare/ (15)