Companies keep assessing SolarWinds hack as U.S. sanctions Russia
Share Now on:
The Biden administration cut off Russia’s sovereign bond market from the U.S. banking system Thursday as one measure to sanction Moscow for its presumed disinformation campaign during the 2020 election, and for the Russian spy agency’s role in the SolarWinds breach in December 2020 that penetrated tens of thousands of U.S. companies, as well as key government agencies.
Across the economy, companies in various sectors continue to assess the scale of the SolarWinds breach, which is what cybersecurity experts call a supply chain attack.
The White House on Thursday accused Russian spies of breaking into software that tens of thousands of companies — and government agencies — depend on. The malicious code infected systems through automatic software updates, the administration said.
Dmitri Alperovitch, co-founder and executive chairman of the Silverado Policy Accelerator think tank, said the hackers’ main target is intelligence secrets. But they also compromised multiple software companies, “with the goal seeming to be to find vulnerabilities in their product, maybe even try to introduce back doors or steal critical information,” Alperovitch said. “And it’s clear what the Russians are doing. They’re stockpiling as many of these supply chain vulnerabilities as possible.”
These vulnerabilities threaten all of us, who use, say, Microsoft programs, said Stewart Baker, a former National Security Agency attorney now at the law firm Steptoe & Johnson.
“None of us is an island,” Baker said. “We all trust the people who write the software that we are using. And if those folks fall down, we’re next.”
At stake is the digital plumbing of modern life. Cyber analysts say the SolarWinds hack infiltrated network hardware, including Cisco routers.
“These are brand-name companies moving lots of units of hardware that malicious entities abroad would like to get into if they can,” said David Edelman, who served in cybersecurity and economic policy roles in the Obama White House and now teaches at the Massachusetts Institute of Technology.
“We trust these algorithms and these interconnected networks to make decisions for us, but humans may not know how to override those systems,” said Shital Thekdi, business professor at the University of Richmond.
The hackers have “burrowed in,” Thekdi said, but how deeply and what the Russians’ ultimate plans are remain unknown.
Breaches like the SolarWinds attack highlight the vulnerability of American factories as well, said Chris Painter, the top U.S. cyber diplomat in the Obama administration.
“The manufacturing sector still has a long way to go” before securing itself from hacks, Painter said. “The energy sector has a long way to go.”
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.