Question 4
MODULE 4
Instructions: Write a 750–1250-word essay, answering this question:
Which countries, and which strategies, do you believe represents the biggest threat to American security in this decade? If you can, give examples from recent history (either from the course or from outside reading) and describe why they worry you. Is the U.S. well prepared for these challenges? What should the U.S. government do in response? What are your policy prescriptions? The report by Kathleen Hicks and coauthors might be one place to find ideas for the last question.
In addition to being well-structured and articulated, your essay should clearly identify what the threat is, give examples, and provide policy prescriptions for it to receive the highest possible grade.
Reading
https://theconversation.com/cyber-attacks-what-is-hybrid-warfare-and-why-is-it-such-a-threat-164091
https://www.rand.org/pubs/research_reports/RR2942.html
Kath Hicks et al, By Other Means: Part II: Adapting to Compete in the Gray Zone, CSIS, 2019:
https://csis-website-prod.s3.amazonaws.com/s3fs-
Andy Greenberg, “How an entire nation became Russia’s Test Lab for Cyberwar,” Wired, 2016.
https://www.wired.com/story/russian-hackers-attack-ukraine/
Jack Watson and William Loomis, “Crossing the Cyber Rubicon: Views from Both Sides of the river,” The Atlantic Council, 2019.
Crossing the cyber Rubicon: Views from both sides of the river
“Cyber Power – Tier Three,” IISS, 2021
https://www.iiss.org/blogs/research-paper/2021/06/cyber-power—tier-three
· Dana Beth Weinburg and Jessica Dawson, “From Anti-Vaxxer Moms to Militia Men Influence Operations, Brookings 2021
https://www.brookings.edu/wp-content/uploads/2021/10/FP_20211108_influencer_operations_dawson_weinberg_v2 (Links to an external site.)
1/15/2021 Opinion | I Was the Homeland Security Adviser to Trump. We’re Being Hacked. – The New York Times
https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html 1/3
I Was the Homeland Security Adviser to Trump. We’re Being Hacked.
The magnitude of this national security breach is hard to overstate.
By Thomas P. Bossert
Mr. Bossert was the homeland security adviser to President Trump and deputy
homeland security adviser to President George W. Bush.
Dec. 16, 2020
At the worst possible time, when the United States is at its most vulnerable — during a presidential transition and a
devastating public health crisis — the networks of the federal government and much of corporate America are
compromised by a foreign nation. We need to understand the scale and significance of what is happening.
Last week, the cybersecurity firm FireEye said it had been hacked and that its clients, which include the United
States government, had been placed at risk. This week, we learned that SolarWinds, a publicly traded company that
provides software to tens of thousands of government and corporate customers, was also hacked.
The attackers gained access to SolarWinds software before updates of that software were made available to its
customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden
back door that gave hackers access to the victim’s network.
This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a
supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost
always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency
known as the S.V.R., whose tradecraft is among the most advanced in the world.
According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of
organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal
government unclassified networks and more than 425 Fortune 500 companies.
The magnitude of this ongoing attack is hard to overstate.
The Russians have had access to a considerable number of important and sensitive networks for six to nine months.
The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the
networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry
point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and
control networks in a way that is hard to detect or remove.
While the Russians did not have the time to gain complete control over every network they hacked, they most
certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians
control and which ones they just occupy.
DEBATABLE: The sharpest arguments on the most pressing issues of
the week.
Sign Up
https://www.nytimes.com/
1/15/2021 Opinion | I Was the Homeland Security Adviser to Trump. We’re Being Hacked. – The New York Times
https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html 2/3
The logical conclusion is that we must act as if the Russian government has control of all the networks it has
penetrated. But it is unclear what the Russians intend to do next. The access the Russians now enjoy could be used
for far more than simply spying.
The actual and perceived control of so many important networks could easily be used to undermine public and
consumer trust in data, written communications and services. In the networks that the Russians control, they have
the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could
escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian
behavior.
What should be done?
On Dec. 13, the Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland
Security — itself a victim — issued an emergency directive ordering federal civilian agencies to remove SolarWinds
software from their networks.
The removal is aimed at stopping the bleeding. Unfortunately, the move is sadly insufficient and woefully too late.
The damage is already done and the computer networks are already compromised.
It also is impractical. In 2017, the federal government was ordered to remove from its networks software from a
Russian company, Kaspersky Lab, that was deemed too risky. It took over a year to get it off the networks. Even if
we double that pace with SolarWinds software, and even if it wasn’t already too late, the situation would remain dire
for a long time.
The remediation effort alone will be staggering. It will require the segregated replacement of entire enclaves of
computers, network hardware and servers across vast federal and corporate networks. Somehow, the nation’s
sensitive networks have to remain operational despite unknown levels of Russian access and control. A “do over” is
mandatory and entire new networks need to be built — and isolated from compromised networks.
Cyber threat hunters that are stealthier than the Russians must be unleashed on these networks to look for the
hidden, persistent access controls. These information security professionals actively search for, isolate and remove
advanced, malicious code that evades automated safeguards. This will be difficult work as the Russians will be
watching every move on the inside.
The National Defense Authorization Act, which each year provides the Defense Department and other agencies the
authority to perform its work, is caught up in partisan wrangling. Among other important provisions, the act would
authorize the Department of Homeland Security to perform network hunting in federal networks. If it wasn’t
already, it is now a must-sign piece of legislation, and it will not be the last congressional action needed before this is
resolved.
Network operators also must take immediate steps to more carefully inspect their internet traffic to detect and
neutralize unexplained anomalies and obvious remote commands from hackers before the traffic enters or leaves
their network.
The response must be broader than patching networks. While all indicators point to the Russian government, the
United States, and ideally its allies, must publicly and formally attribute responsibility for these hacks. If it is Russia,
President Trump must make it clear to Vladimir Putin that these actions are unacceptable. The U.S. military and
intelligence community must be placed on increased alert; all elements of national power must be placed on the
table.
While we must reserve our right to unilateral self-defense, allies must be rallied to the cause. The importance of
coalitions will be especially important to punishing Russia and navigating this crisis without uncontrolled
escalation.
1/15/2021 Opinion | I Was the Homeland Security Adviser to Trump. We’re Being Hacked. – The New York Times
https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html 3/3
President Trump is on the verge of leaving behind a federal government, and perhaps a large number of major
industries, compromised by the Russian government. He must use whatever leverage he can muster to protect the
United States and severely punish the Russians.
President-elect Joe Biden must begin his planning to take charge of this crisis. He has to assume that
communications about this matter are being read by Russia, and assume that any government data or email could
be falsified.
At this moment, the two teams must find a way to cooperate.
President Trump must get past his grievances about the election and govern for the remainder of his term. This
moment requires unity, purpose and discipline. An intrusion so brazen and of this size and scope cannot be tolerated
by any sovereign nation.
We are sick, distracted, and now under cyberattack. Leadership is essential.
Thomas P. Bossert, who was the homeland security adviser to President Trump and deputy homeland security adviser to President George W. Bush,
is the president of Trinity Cyber, a firm that provides network security services to governments and private companies.
The Times is committed to publishing a diversity of letters to the editor. Weʼd like to hear what you think about this or any of our articles. Here are
some tips. And here s̓ our email: letters@nytimes.com.
Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.
A version of this article appears in print on , Section A, Page 19 of the New York edition with the headline: Weʼre Being Hacked. The Damage Is Already Done.
https://help.nytimes.com/hc/en-us/articles/115014925288-How-to-submit-a-letter-to-the-editor
mailto:letters@nytimes.com
https://www.facebook.com/nytopinion
https://www.instagram.com/nytopinion/
