Technology

Illuminating SolarStorm: Implications for National Strategy and Policy

March 4, 2021  • Aspen Digital

In December 2020, cybersecurity experts began to unravel an unprecedented security breach affecting potentially thousands of organizations, including key federal agencies and Fortune 500 companies. Fully investigating and remediating this operation—known alternatively as SolarStorm, Sunburst, or Solorigate—will take months or years, but we know some key details:

  • The perpetrators almost certainly acted on behalf of the Russian government, who can claim a tremendous intelligence success against the United States.
  • By exploiting security vulnerabilities in popular software used in government and industry, attackers created the opportunity to devastate thousands of organizations.
  • While software sold by a company called SolarWinds was the initial focus of efforts to learn the true scope and scale of the attack, we now know that the attackers also leveraged other vectors in the software supply chain to compromise private networks.
  • It appears that the attackers only stole data. No publicly available evidence suggests that computing systems or data were destroyed, manipulated, or disrupted.

As the White House and Congress consider the appropriate response to SolarStorm, the Aspen Cybersecurity Group has collected seventeen leading experts to offer concise assessments on a productive path forward for policymakers. Follow the links below each name to read their reactions in full.


Contributors

Gen. (Ret.) Keith Alexander
Founder & Co-CEO, IronNet Cybersecurity
Member, Aspen Cybersecurity Group

Jamil Jaffer
SVP, IronNet Cybersecurity
Founder & Executive Director, National Security Institute

 

Dr. Erica Borghard
Senior Fellow, Atlantic Council
Senior Director, U.S. Cyberspace Solarium Commission

 

Michael Daniel
President & CEO, Cyber Threat Alliance
Member, Aspen Cybersecurity Group

 

Tiana Demas
Partner
Cooley LLP

 

Michael Garcia
Senior Policy Advisor
National Security Program, Third Way

 

Trey Herr
Director, Cyber Statecraft Initiative
Atlantic Council

 

Herb Lin
Senior Research Scholar
Stanford University

 

Brad Maiorino
Executive Vice President and Chief Strategy Officer, FireEye
Member, Aspen Cybersecurity Group

 

Katie Moussouris
Founder & CEO
Luta Security

 

Greg Rattray
Co-Founder & Partner, Next Peak
Member, Aspen Cybersecurity Group

 

Devon Rollins
Senior Director, Cyber Intelligence
Capital One

 

Bruce Schneier
Chief Security Architect, Inrupt
Fellow and Lecturer, Harvard University
Member, Aspen Cybersecurity Group

 

Camille Stewart
Cyber Fellow, Belfer Center Cyber Project
Harvard Kennedy School

 

Lt. Gen. (Ret.) Vince Stewart
Chief, Innovation and Business Intelligence, Ankura
Former Director, Defense Intelligence Agency

 

Corey Thomas
CEO
Rapid7

 

Kiersten Todt
Managing Director, Cyber Readiness Institute
Former Executive Director, Presidential Commission on Enhancing National Cybersecurity

 

“Cuckoo’s Nest” by Ivana Troselj is licensed under CC BY 4.0 / Cropped from original.