Marketplace Logo Donate

Daily business news and economic stories from Marketplace

Companies keep assessing SolarWinds hack as U.S. sanctions Russia

Heard on:
From left, FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify on the 2020 cyberattack during a Senate Intelligence Committee hearing on Feb. 23, 2021.

From left, FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify on the 2020 cyberattack during a Senate Intelligence Committee hearing on Feb. 23, 2021. Drew Angerer/POOL/AFP via Getty Images

get the podcast

The Biden administration cut off Russia’s sovereign bond market from the U.S. banking system Thursday as one measure to sanction Moscow for its presumed disinformation campaign during the 2020 election, and for the Russian spy agency’s role in the SolarWinds breach in December 2020 that penetrated tens of thousands of U.S. companies, as well as key government agencies.

Across the economy, companies in various sectors continue to assess the scale of the SolarWinds breach, which is what cybersecurity experts call a supply chain attack.

The White House on Thursday accused Russian spies of breaking into software that tens of thousands of companies — and government agencies — depend on. The malicious code infected systems through automatic software updates, the administration said.

Dmitri Alperovitch, co-founder and executive chairman of the Silverado Policy Accelerator think tank, said the hackers’ main target is intelligence secrets. But they also compromised multiple software companies, “with the goal seeming to be to find vulnerabilities in their product, maybe even try to introduce back doors or steal critical information,” Alperovitch said. “And it’s clear what the Russians are doing. They’re stockpiling as many of these supply chain vulnerabilities as possible.”

These vulnerabilities threaten all of us, who use, say, Microsoft programs, said Stewart Baker, a former National Security Agency attorney now at the law firm Steptoe & Johnson.

“None of us is an island,” Baker said. “We all trust the people who write the software that we are using. And if those folks fall down, we’re next.”

At stake is the digital plumbing of modern life. Cyber analysts say the SolarWinds hack infiltrated network hardware, including Cisco routers.

“These are brand-name companies moving lots of units of hardware that malicious entities abroad would like to get into if they can,” said David Edelman, who served in cybersecurity and economic policy roles in the Obama White House and now teaches at the Massachusetts Institute of Technology.

“We trust these algorithms and these interconnected networks to make decisions for us, but humans may not know how to override those systems,” said Shital Thekdi, business professor at the University of Richmond.

The hackers have “burrowed in,” Thekdi said, but how deeply and what the Russians’ ultimate plans are remain unknown.

Breaches like the SolarWinds attack highlight the vulnerability of American factories as well, said Chris Painter, the top U.S. cyber diplomat in the Obama administration.

“The manufacturing sector still has a long way to go” before securing itself from hacks, Painter said. “The energy sector has a long way to go.”

What's Next

Latest Episodes From Our Shows

Listen
Jul 1, 2022
20:04
Listen
Jul 1, 2022
27:05
Listen
Jul 1, 2022
1:50
Listen
Jul 1, 2022
7:20
Listen
Jul 1, 2022
8:00
Listen
Jun 30, 2022
31:02
Listen
Jun 28, 2022
26:17
Exit mobile version