SolarWinds hack: What we must do to avoid the next attack
Americans awoke to a horrific tragedy on Sept. 11, 2001. Afterward, we discovered that we had had multiple pieces of intelligence that might have prevented it. The Markle Foundation, a technology- and security-focused foundation of which I’m a director, and the 9/11 Commission both concluded that our nation must move from the classic paradigm of “need to know” to a new paradigm of “need to share,” in order to prevent future attacks.
Today, we are in the midst of a cyber 9/11 with the SolarWinds breach, apparently executed by a nation-state actor to specifically undermine our digital infrastructure and steal critical information from the U.S. government and American companies.
As after 9/11, we are discovering more and more indicators and warnings that — had they been contextualized, enriched and shared — could have been used to anticipate and contain the attack. As a result, we must create a National Cyber Protection Center to improve our ability to fuse and share cyber-related intelligence across the public and private sectors, advise on coordinated responses, and proactively prevent attacks like this from occurring again.
The SolarWinds attack exposes our organizational faults. While government agencies work to defend themselves and the homeland, our current cybersecurity intelligence infrastructure is fragmented. The Department of Homeland Security (DHS) and the FBI have domestic protection missions, but their intelligence functions are too small to deal with the growing attacks from nation-state actors, leading to inefficient intelligence enrichment, collaboration and information-sharing. Conversely, our intelligence community (IC) is focused externally, not on homeland issues. This ultimately leaves the U.S. vulnerable.
This attack is part of a growing arrogance and aggression by nation-state actors targeting our civilian and critical infrastructure to meet their end goals. We need to employ the same methodology that our national security teams use in non-cyber domains: robust intelligence gathering, analysis of the sources of that intelligence, followed by collaboration and distribution of that information to deter, mitigate, or prevent and, if necessary, provide coordinated responses to attacks that do occur.
Intelligence needs to be correlated, contextualized and enriched, and we must collaborate and distribute that information, with a need-to-share approach, among all levels of government, critical infrastructure and U.S. companies. Collaboration is critical to developing trust and ensuring that shared information is acted on. While some sharing exists between the U.S. government and critical infrastructure, we need to expand the groups with whom we share and increase sharing exponentially, at machine speeds rather than bureaucratic speeds, to ensure rapid action.
A National Cyber Protection Center, modeled after the National Counterterrorism Center, can serve as a centralized cyber intelligence-sharing and collaboration unit with multi-agency jurisdiction and authorities to coordinate responses. This center can prioritize the collection, contextualization, enrichment, analysis and dissemination of cyber threat intelligence, including threat-actor capabilities; coordinate any action abroad with the IC and Department of Defense (DOD); and, domestically with law enforcement, protect the homeland, U.S. companies and Americans at large from cyber-attacks led by nation-states and other foreign actors.
We often punish victims or blame defenders. Instead, I urge us to use this attack to pinpoint the systematic and organizational weaknesses that led to our inability to detect, prevent, or defend against this kind of attack. I call on the incoming administration and Congress to:
- Establish a National Cyber Protection Center, potentially within the Office of the Director of National Intelligence, the Cybersecurity & Infrastructure Security Agency, or U.S. Cyber Command, with the appropriate authorities to fully execute the cyber protection mission.
- Establish a Cybersecurity Commission, modeled after the 9/11 Commission, with experts and representatives from industry, government and academia to review the SolarWinds attack and similar risks. This commission should review readiness levels, determine impact and provide a list of actionable recommendations for Congress and the executive branch.
- Name and confirm a national cyber director, serving as a senior adviser to the president, within the first 30 days of the new administration.
- Standardize information-sharing, so intelligence can be shared across the public and private sectors. With platforms that leverage a standards-based sharing language, sharing can happen at machine speeds.
- Provide stronger support for adversary-focused missions and bring the power of our government intelligence and security teams to these missions. Only contextualized, full-spectrum cyber intelligence will provide the level of security we need to defend our country against attacks like these.
America has the most advanced technology and intelligence capabilities in the world. Unfortunately, because of the way we are organized, our adversaries exploit our seams and defenses. We must remove the barriers to the flow of intelligence, encourage a need-to-share mentality across the whole of the government and our critical infrastructure, and coordinate appropriate, decisive responses against those who attack us. This is the only way to bring the full weight of the United States to bear on our adversaries.
Gilman Louie is CEO and chairman of LookingGlass Cyber Solutions; founding partner of Alsop Louie Partners, an early-stage technology venture capital firm; chairman of the Federation of American Scientists; director of the Markle Foundation; and a founder and former CEO of In-Q-Tel, a strategic venture fund connecting the Central Intelligence Agency with innovative entrepreneurial companies.