Top federal cybersecurity experts explain why the SolarWinds cyberattack is such a big deal – and why it’s too soon to declare cyberwar
“The reason everyone is so upset is that the price to the private sector is going to be huge,” says Bryson Bort, CEO of Scythe, a special advisor to the Cybersecurity and Infrastructure Security Agency this year, and is a senior fellow at the R Street Institute think tank. “The malware is in the system that managed their networks, and everyone had it.”
Not necessarily. One of the devastating things about this attack is that it falls inside the realm of intelligence-gathering that happens routinely. This attack was just much more effective than most, and swept up businesses in its scope.
“We do it, they do it, it happens every day,” says Bort, the former CISA advisor. “This is just a very expensive operation.”
Biden said Thursday that “My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office.” But experts said a strong statement may not result in a large public action.
“Everything has to be proportionate,” Bort says. “This is well within the range of intelligence operations. “We’re trying to do the exact same thing to them right now.”
“Just because businesses were hit doesn’t mean that access has been or will be exploited – but every one of them will now need to do threat-hunting, actively searching for signs of intrusion, and there is no easy way to do that. There is no tool that will do that for you,” says Bort, the CISA advisor.