This week brought news that hackers, reportedly linked to Russia, had successfully penetrated critical US government infrastructure networks in a campaign that may have lasted for years. Affected systems include those of the US Commerce, Treasury and State Departments, parts of the Pentagon, the Department of Homeland Security and the National Institutes of Health.
According to the Washington Post investigators are probing an attack “with a scope and sophistication that has surprised veteran security experts and exposed a potentially critical vulnerability in America’s technology infrastructure” The attack relied on “extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack.” It shrewdly targeted a vulnerability in the software supply chain used by U.S. businesses and government agencies. Although details remain scarce, the intrusion seems to have begun as early as March 2020 with teams similar to the ‘Cozy Bear’ and ‘Fancy Bear’ groups who infiltrated the Democratic Party computers in 2016.
The news comes at the end of the year in which our dependence on digital infrastructure has never been greater. Globally, among scores of other daily uses, we rely on online networks for telecommuting, holding elections, monitoring infections and developing and distributing vaccines. Activity that lowers trust in this infrastructure, disrupts democracy. It isn’t hard to see why so many anti-democratic forces have used hacking to sow confusion among their political rivals. While Russia has been blamed for the current breach, several other nations have the capacity to mount a similar offensive.
The success of the hack is alarming given the vast sums the US has spent on its cyber infrastructure; tens of billions of dollars on systems that the intruders simply bypassed. Equally concerning is what David Sanger of the New York Times calls “an allergy inside the United States government to coming clean on what happened.” Since the hack may have compromised networks at nuclear facilities the lack of transparency is particularly worrisome.
If the US government, with the world’s most advanced cybersecurity, can be hacked, no country should consider itself safe. The range of mischief that can result from compromised government networks, including the misappropriation of citizens’ data, is almost open-ended. True to form, the Trump administration has said little about the current revelations but the incoming president has warned that further attacks will provoke a sharp response. Until the full extent of the current breach is known – and it remains an unfolding story with at least 400 US companies compromised – Biden’s threats will remain largely rhetorical.
After so much upheaval, it seems fitting that 2020 should come to an end shrouded in uncertainty. Democratic institutions in dozens of countries have withstood repeated assaults from within, in some cases barely, much to the chagrin of their adversaries. As the US prepares to shuffle off the coil of its most illiberal presidency, while grappling with a pandemic and profound social and economic challenges, these cyberattacks are proof that the survival of democracy is never to be taken for granted and that eternal vigilance remains the price of liberty.