The "SolarWinds Hack": A Global Cyberattack

The “SolarWinds Hack”: Has the cyber-aggression of the nation-states become a dangerous Geopolitical Strategy as the world rejuvenates to greater International Collaboration?

The "SolarWinds Hack": A Global Cyberattack

Research Article 

By Mrityunjaya Dubey

Introduction

On 8th December 2020, the unexpected news formally broke amongst leading security management firms of scale big and small including the US's federal government agencies. The world-renowned US-based cybersecurity company, FireEye's CEO posted highlighting the heinous nature of the crime, saying "attacked by a highly sophisticated threat actor". The pandemic has provided several opportunities to cyber-criminals- including individuals, nation-state, and groups to harness their technical prowess, while the entire world and the US, in particular, is fighting hard to overcome the loss from the deadly virus- human, economic, political, social and cultural. 

As the world contracted in "zoomed" spaces in March 2020 making space for a very significant question: Are the individuals, government agencies, big and small private companies, security management firms, welfare schemes/policies, health centres, educational institutions prepared enough to nod over "Terms & Conditions" and "Privacy" policy of various ill-feted-actors having enhanced their cyber machinery? Do we have policies in line with such accelerated developments? Are we better equipped to deal with such a threat having the potential to collapse our existing institutions? As we increasingly move towards making "cyberspace" as our daily bread and butter, these questions need to be asked constantly and consistently.

Primarily the US Department of Homeland Security, the US Treasury, the US Department of Commerce-all have been affected to varying degrees and the consequences are to follow. The cyberattack has been turned as a Supply Chain attack. 

The nature of Supply Chain is evident as it involves multiple stakeholders as named above. The big companies and federal government agencies deal with FireEye to check-on crucial security management issues building a long chain not only in the domestic lands but across the globe. Therefore, the supply chain nature makes it difficult to find out the faults allowing ill-feted-attack to control at a go. Very similar to the Stuxnet malware that disrupted the supply chain at the Iranian Nuclear Reactor Plant established at Natanz in November 2007. Similar small scale cases have been surfaced in several western often connoted as the developed countries such as the UK, France and Germany from time to time. One of the glaring instances is that of the United Kingdom’s- NHS (National Health Service). 

The National Health Service(NHS) has always been at the core of Britain’s domestic policy paradigms but the bitter reality during COVID-19 pandemic impinges upon the nasty levels of attacks it has been subjected to. It was in the year 2017, WannaCry ransom ware had put the coveted healthcare apparatus at the mercy of strenuous cyber attack. The ransom ware attack on the NHS in 2017 brought the entire system on its knees overnight. There was heavy stress to upgrade the older equipment as the NHS failed to upgrade them. Today, in 2020, the Digital Infrastructures of developed countries such as the US and European countries such as the UK, France and Germany are under heinous attacks from state-sponsored cyber-attacks. In the case of the hack attack on the Iranian Nuclear Plant- the US and Israel were the alleged perpetrators, and now in the SolarWinds Cyber-attack, Russia is looked upon with suspicion. The aim of installing such malware is primarily to disrupt and collapse national and international frameworks heavily dependent on carrying their activities in the digital space. 

The case of Stuxnet explains that the speed of centrifuges embedded in the nuclear facility was disrupted, as disturbing the centrifugation process by meddling with speed will ultimately lead to the total collapse of the nuclear plant making the nuclear scientists and monitoring teams clueless of what was happening, hinting to accelerated need to upgrade servers and databases. Thus, as the "SolarWindsCyberattack" unfolds there is an urgency for states and governments across the globe to follow the suit depending upon their level of technological advancement and more through international collaboration, case in point, The Achievable Multinational Cyber Treaty. Therefore, the cases of Sunburst and Stuxnet Malware in 2020 and 2010 respectively, open the geopolitical space for the nation-state to a new avenue that can be called as Cyber Warfare. 

Thus, cyber-warfare in simpler terms can be defined as the conflict involving the use of a computer or network-based set up to aggravate chaos against the target nation primarily aimed at creating political, economic or geopolitical anarchy. While India is pushing towards greater and accelerated internal and external institutional streamlining of cyberspace, it is high time for India to learn lessons from such global events and take necessary steps to secure its cyberspace. Recently, the Ministry of Electronics and Information Technology has rejuvenated the work of embedding AI in several welfare schemes. This has to be utterly serious and a room for thorough discussion for implementation of such plans to avert cyber-aggression dangers from states, individuals, groups big and small as the above cases suggest. 

There are primarily three different kinds of cybercriminals as enunciated by Vitaly Kamluk of Kaspersky Lab. These are
a). Traditional Cyber Criminals, these are involved in cyber crimes for illegal profit-orientation;
b). Activists or Hacktivists- these criminals or terrorist groups are motivated by fun or for spreading a certain kind of rumours into the cyberspace. 

These categories of cybercriminals also push for political messages. The case of ISIS caliphate and its global networks across the globe started culminating into cyberspace from this particular category. They have transited from the category of activist or hacktivists to advanced nation-state levels. The documentary "SolarWinds Cyberattacks maligned with malware named Sunbursts" presents a glaring example of the third category of cybercriminals as
c). Nation-State- these categories of cybercriminals are primarily equipped with highly advanced levels of cyberspace expertise and a team of intelligence professionals. They are interested in high-quality intelligence and infrastructure cyber sabotaging activities. 

The case of the US and Israeli security services where they invested millions by deploying their departments of Homeland Security and the departments like the United States Cyber Command by incorporating their intelligence teams to infect the Iranian Natanz Nuclear Plant with Stuxnet malware are relevant examples. Thus, the activities within the cyber warfare are highly motivated attempts by nation-state result in disrupting organizations and infrastructure of another nation-state for military, strategic and cyber espionage. 

An In-depth Analysis of Major Cyberattacks Across the World: The Lessons for India

Eugene Kaspersky, Cyber Security Analyst points that some twenty years ago people in the field of cyberspace tackling with viruses and software under the category of malware hunted for them and found negligible outcomes of such crimes but today they collect millions of unique viruses in a day. Further analyzing the statement by Ralph Langer, Cyber Security Expert based in Hamburg, Germany and Liam O'Murchu the structure of the Stuxnet malware suggested that there must be at least one nation-state involved in the manufacture of the malware as these largely affected the PLC- Programme Logic Controller and showcased traces of big multinational companies (MNCs) such as Microsoft and Siemens. 

The report published by New York Times national security correspondent, David Sanger and cross-examination of geopolitical affairs such as 'Iran Oil Pipeline Explosion' and 'Assassination of top Iranian Nuclear Scientists' via cyber and A.I enabled gears showcases cyber warfare as a new domain for the balance of power and maintenance of geopolitical interests. Therefore, as mentioned above such acts carried out via platforms of cyberspace can be equated with "speech act" that forms the crux of securitization. 

Therefore, like various non-traditional dimensions of security, cyber warfare stands as the glaring example in the contemporary world. On similar lines, the case of "SolarWinds Cyberattack encrypted via Sunbursts Malware" highlights the destructive capabilities of this space and the need to collaborate internationally as the clock ticks and technology advances. Building the aforementioned cases, it can allude that there is no formal or agreed-upon definition of "Cyberwarfare". However, the following cases may be categorized under the cyber "act of war". These showcase the forms of cyberwarfare and includes:

a). The complete disruption or collapse of water supplies, transportation networks, military systems, power grids and intelligence infrastructures

b). destruction and theft of databases from governments, businesses, and institutions and

c). advanced malware like ransomware making hostages on the computer until the victim pays a ransom.

Therefore, in a broader sense, the objective of cyber warfare is mainly to achieve national interests by developing crucial national cyber warfare programs. These programs are jointly developed by military and intelligence services having the potential to cause immense havoc on the targeted state. Malware such as "Sunbursts in SolarWinds Cyberattack", "Stuxnet", "WannaCry in NHS" have all been easily gushed into most advanced systems as weapon-grade malware formed from single pieces having the potential to cause vast real-world physical destruction.

The cyberattacks are aimed to destabilize government machinery by indulging in important elections and processes that affect the functioning of government. The recent acceleration of the world into cyberspace as a result of COVID-19 allures more perils in long-run to nation-states, if concrete review, continuous up-gradation and thorough checks are not taken into policy measures.

Worthy to highlight the case that led to the disruption of the internet in Ukraine in March 2014 based on a 'denial of services attack' can be attributed as the alleged act of cyber warfare by the Russian government. In this case, the motive behind the act of cyber-warfare was to give power in the hands of pro-Russian rebels to take control of Crimea. On similar lines, the assassination of two nuclear scientists in Tehran on 29th November 2010 is the hallmark of major strategic cyber-warfare executed by the US and Israel. The "Stuxnet" operations were first suspected in Belarus. It is often referred to as the cyber epidemic that caused several computers to shut down as the virus-infected operating systems in an unusual manner. Therefore, this category of malware was added to a very dangerous category. 

The case of Stuxnet malware presented in the documentary also emphasizes the offensive capability of the US and Israeli national security agencies. As General (retired) Michael Hayden, former director of National Security Agency and Central Intelligence Agency, highlights in the documentary the cyber operations are taking a strong foothold in the domain of national security on very similar lines as the land, sea, air and space domain occupy. Therefore, the new domain of cyberspace where cyber-warfare occurs stands crucial to the maintenance of national security aspirations of a state like the US and Israel. Thus, the technique of cyberwar has become a subset within the approaches of national defence technology.

It becomes noteworthy to mention the National Security Presidential Directive (NSPD)- 54 that acts as a defining policy for cyberspace illustrates the shift in methodology of war and cyber warfare takes the front seat. The concepts of national sovereignty and national boundary have seemed to become redundant as this cyberspace where cyber warfare is fought in borderless terrains that cannot be delimited to a particular national boundary. Thus, it can allude that cyber-warfare is a kind of affair that can take place anywhere and everywhere and at any point in time. The specific characteristics like no fixed territorial boundary, beyond the conception of national sovereignty, a war that can take place anytime and anywhere from any corner of the globe- all these features in-fact completely substantiates the global nature of cyber-warfare. 

Therefore, it can be drawn from the above analysis that cyber-warfare falls under the global common goods to which every state owes equal responsibility. To this end, firm and concrete international standards in the form of treaties are required to monitor the activities carried within, one such case as mentioned above is The Achievable Multinational Cyber Treaty which deals with the domain of cyberspace in general and ethics of cyber warfare in particular. However, the mere assumption of a set of norms and rules guiding the cyberspace does not suffice the need of the hour. 

The major difficulty lies in monitoring the ever-developing grid and complex web of technological advancement that on one fringe promotes the prosperity while on the other fringe promotes the illicit activities (acts of cyberwar) that ultimately promotes cyberwarfare. The US has allocated cyber warfare as the number one security threat to national security in its various security reports that is explicitly evident in the documentary as well. Therefore, in this foray where it's not clear to distinguish between what can be categorized as acts of war and what legitimizes the sovereignty of nation-states and lastly without any fixed (overarching) standards of categorization of such acts as acts of cyber warfare, it makes it severely difficulty to apply the similar rules of fighting the war as in the domains of land, air, and sea. 

This underpins a sense of no ethics in fighting a war in cyberspace at large. Therefore, abiding by the ethics of warfare in a situation of cyberwar seems a far-fetched idea. The differences of opinion between CEO’s of leading security management firms such as T Kevin Manda of FireEye, Microsoft’s President Brad Smith, and several other tech giants such as Google as per the leading reports showcase the gravity of the situation. The urgent need as emphasized several times above finds a serious reflection in an opinion piece in The New York Times by Homeland Security Advisor for President Donald Trump, Mr Thomas P Bossert making explicit that "evidence in the SolarWinds attack points to the Russian intelligence agency known as the SVR, whose tradecraft is among the most advanced in the world". 

Conclusion

As everyone across the globe craves for a new ray of hope, predominantly keeping the lessons the COVID-19 has taught each one and the imperative need and lust for greater international collaboration as the result of this historic upheaval. Thus, it becomes noteworthy not only for the state and non-state actors (UN, intergovernmental organizations, INGOs, civil societies) but also for every individual living under the Sun to solemnly act towards what President Bush once enunciated, "This is a different kind of a war, our enemies are not organized into battalions, or commanded by governments. They hide in shadowy networks and retreat after they strike". Therefore, the on-going "SolarWinds" cyberattack akin as a "Global Cyberattack" must now be a point of saturation to act earnestly rather than wait for another cyber-assault to blow everything at one go. Greater International Collaboration expressly in the cyberspace as the SolarWinds Cyber Attack suggests and various other dimensions is the way forward. The developed countries such as the United States (as explicit from the case), Germany, the UK, France, etc. need to work with utter efficacy and efficiency with developing and like-minded countries towards framing long-term and sound cyber-policies. There is an immediate need for deeper technological exchanges to avert any future "SolarWinds" Global Cyberattack. 

Primarily the US Department of Homeland Security, the US Treasury, the US Department of Commerce-all have been affected to varying degrees and the consequences are to follow. The cyberattack has been turned as a Supply Chain attack. 

The nature of Supply Chain is evident as it involves multiple stakeholders as named above. The big companies and federal government agencies deal with FireEye to check-on crucial security management issues building a long chain not only in the domestic lands but across the globe. Therefore, the supply chain nature makes it difficult to find out the faults allowing ill-feted-attack to control at a go. Very similar to the Stuxnet malware that disrupted the supply chain at the Iranian Nuclear Reactor Plant established at Natanz in November 2007. Similar small scale cases have been surfaced in several western often connoted as the developed countries such as the UK, France and Germany from time to time. One of the glaring instances is that of the United Kingdom’s- NHS (National Health Service). 

The National Health Service(NHS) has always been at the core of Britain’s domestic policy paradigms but the bitter reality during COVID-19 pandemic impinges upon the nasty levels of attacks it has been subjected to. It was in the year 2017,WannaCry ransom ware had put the coveted healthcare apparatus at the mercy of strenuous cyber attack. The ransom ware attack on the NHS in 2017 brought the entire system on its knees overnight. There was heavy stress to upgrade the older equipment as the NHS failed to upgrade them. Today, in 2020, the Digital Infrastructures of developed countries such as the US and European countries such as the UK, France and Germany are under heinous attacks from state-sponsored cyber-attacks. In the case of the hack attack on the Iranian Nuclear Plant- the US and Israel were the alleged perpetrators, and now in the SolarWinds Cyber-attack, Russia is looked upon with suspicion. The aim of installing such malware is primarily to disrupt and collapse national and international frameworks heavily dependent on carrying their activities in the digital space. 

The case of Stuxnet explains that the speed of centrifuges embedded in the nuclear facility was disrupted, as disturbing the centrifugation process by meddling with speed will ultimately lead to the total collapse of the nuclear plant making the nuclear scientists and monitoring teams clueless of what was happening, hinting to accelerated need to upgrade servers and databases. Thus, as the "SolarWindsCyberattack" unfolds, there is an urgency for states and governments across the globe to follow the suit depending upon their level of technological advancement and more through international collaboration, case in point, The Achievable Multinational Cyber Treaty. Therefore, the cases of Sunburst and Stuxnet Malware in 2020 and 2010 respectively, open the geopolitical space for the nation-state to a new avenue that can be called as Cyber Warfare. 

Thus, cyber-warfare in simpler terms can be defined as the conflict involving the use of a computer or network-based set up to aggravate chaos against the target nation primarily aimed at creating political, economic or geopolitical anarchy. While India is pushing towards greater and accelerated internal and external institutional streamlining of cyberspace, it is high time for India to learn lessons from such global events and take necessary steps to secure its cyberspace. Recently, the Ministry of Electronics and Information Technology has rejuvenated the work of embedding AI in several welfare schemes. This has to be utterly serious and a room for thorough discussion for implementation of such plans to avert cyber-aggression dangers from states, individuals, groups big and small as the above cases suggest. 

Mrityunjaya Dubey has a postgraduate degree in International Relations from Symbiosis International University. He has a keen interest in the field of international relations in general and a specialization in Europe and North American studies. His latest book is now available on Google’s Book titled “India-Australia Defence Cooperation in the Indo-Pacific: The changing nature of India’s Act East Policy”

Disclaimer: This paper is the author’s individual scholastic contribution and does not reflect the organisation’s viewpoint.