To call the revelations about Russia’s devastating cyberattack on U.S. government agencies and thousands of American businesses chilling would be a gross understatement. What is even scarier, though, is that despite wave after wave of Russian-sponsored cyberattacks on the United States and its allies for more than a decade now, Washington still apparently lacks the political will to defend against this Russian aggression.
It is possible and even probable that this latest attack will provoke a strong response from the U.S. and its allies, as some have suggested. As well it should. After all, the breach of the network monitoring software made by Texas-based SolarWinds, which has been widely attributed to Russia’s SVR intelligence agency, targeted the digital information architecture of several federal agencies, including the National Security Agency and the departments of Homeland Security, Treasury, Commerce and State. It also affected an estimated 18,000 companies with SolarWinds accounts, including several on the Fortune 500 list.
Over the coming weeks and months, the scope and scale of the cyberattack will become clear. It has already produced fallout for SolarWinds longtime CEO Kevin Thompson, who announced his resignation last week. And if news reports are any guide, the Russian hack could trigger a federal investigation into suspected insider trading, since some SolarWinds shareholders apparently cashed in right before news of the breach became public. But it is easy to imagine much worse scenarios. Second- and third-order effects of the cyberattack might include, for instance, leaks of sensitive information—or worse, sabotage of America’s critical infrastructure, such as electrical grids or banking systems.