The hacker attacks on SolarWinds and Microsoft Outlook Exchange has become one of the key concerns of US foreign policy ever since the Biden administration took office. There is little surprise here: the former affected 400 American companies and numerous government bodies, while the latter could leave tens of thousands of companies around the world exposed.
Another notable fact about these attacks is that they started in 2020, but the US learned about them only recently. According to Washington, the attack on the SolarWinds software kicked off in March, but became known to the American authorities in December. The same story is with the Outlook Exchange hack – the attack that allowed hackers to access practically any mailbox based on Microsoft's service had been carried out for two months.
Now that both attacks have become known to the public and the US has assigned blame for them (the usual "scapegoats", Russia and China, and, as is customary, without any hard evidence), Washington is planning retaliation against the two countries, who have both strongly denied the allegations. The "retribution" is expected to take place in the coming months, according to media reports, however, one question will remain unanswered even if these operations end up successful: how could hacks like that happen with the US and what steps is Washington taking to prevent them in the future?
Offence is the Best Defence?
Apparently, the White House believes that cyberattacks against Russia and China would make the two alleged perpetrators think twice before repeating the cyberattacks against the US. However, even experienced cybersecurity experts are sceptical about the prospects of such an approach. Cybersecurity analyst Andy Greenberg pointed out in his editorial for Wired magazine that cyber operation against Russia might trigger more devastating hacks against the US, which had so far been purportedly withheld by the Kremlin.
If such a cyber response bears such potential risks, why is Washington choosing to go that route instead of a more defensive approach – for example developing early detection of cyberattacks or more robust infrastructure to stop them? The White House could namely take steps that would prevent hackers from using the servers of American companies, such as Microsoft or Amazon, to attack other entities on US soil, as was the case with the SolarWinds hack.
The latter became possible due to the peculiarities of American law, The New York Times explained: the National Security Agency could not use its early detection systems, since neither NSA, nor the CIA have the right to meddle into the affairs or spy on US companies. On the other hand, the FBI and the Department of Homeland Security do have such authority, but still failed to detect both hacks.
This happened in part due to the fact that the FBI's forces were already being deployed to monitor an array of other threats, and in part due to difficulties in getting a warrant to spy on an American company.
No Perfect Solution in Sight?
Despite the reasons behind the failure to detect cyberattacks being explainable, it still leaves the US with a question, whether its government is capable of defending the country from further attacks. The last two hacks were, in fact, uncovered by private companies, not the government bodies entrusted with this work. Both of them have resulted in Washington attempting to expand its capabilities to detect and fend off cyberattacks by establishing a system of data-sharing between private firms and the government.
Any attempt to expand the capabilities of US agencies and intelligence to spy over telecommunications is likely to face opposition in the country following the bombshell revelations of whistleblower Edward Snowden. Giving companies more powers to detect and counter cyberattacks also does not guarantee success. The latest WSJ revelations suggest that private entities are also prone to mistakes: one of Microsoft's partners might have leaked the exploit, used by the alleged China-linked hackers to crack Outlook Exchange servers.