The SolarWinds hack was at the top of the agenda during President Biden’s phone call with Vladimir Putin and featured prominently during Biden’s first major foreign policy speech last week. The Biden Administration appears intent on signaling early that it is taking seriously the breach of the widely deployed SolarWinds’ Orion IT management software.
While we debate whether the U.S. should mount some sort of near-term retaliation for the Russia-backed SolarWinds hack, we might consider some wise words from Garry Kasparov, the émigré Russian chess grandmaster turned democracy activist. “Tactics,” he once said, “is knowing what to do when there is something to do. Strategy is knowing what to do when there is nothing to do.” Right now, we need strategy. Securing real and enduring advantage against the world’s anti-democratic forces requires a new and broader effort to shore up and empower our organizations, allies, and partners across the board.
Start at home: The Biden administration should empower the newly created National Cyber Director office ensuring that it has leadership support and centralizes cyber authorities and coordination at the White House. The administration should also properly resource the Cybersecurity and Infrastructure Security Agency (CISA), likely requiring at least doubling its budget, from $3B to $6B, in order for it to be able to properly shore up cyberdefenses across the entire U.S. government. Doing so would give CISA the resources to hire skilled personnel, provide direct incident response support to breached departments and agencies, and proactively address known cybersecurity deficiencies across the US government. It should also bolster NATO’s role in cyber defense, committing to even greater levels of information-sharing about threat actors, thus renewing our commitment to the transatlantic alliance.
Perhaps less obviously, but no less importantly, the incoming administration should help improve the ability of human rights activists, defenders, and organizations to ward off cyber attacks. Organizations like mine face new attacks daily. The administration should harness American tech talent, tools, and money to protect human rights activists facing sophisticated, long-term campaigns and targeted attacks as they challenge authoritarian regimes. Biden should allocate new funding for initiatives through the Open Technology Fund (OTF), which can incubate people, software and tools to meet this challenge head on. OTF’s current funding is a virtual rounding error in the federal budget and tripling the total size of the fund to at least $50 million annually would have a massive impact on defenders around the world.
The best way to do this is to learn from human rights activists abroad. We can bolster their tech skills through educational exchanges in the U.S. and neutral third countries and foster new tech talent with scholarships and special immigration measures, avenues that have worked in recent history. Additionally, new efforts, potentially housed at the Department of State or Defense, or a new independent entity similar to the OTF, should confidentially help activists to ward off and recover from cyber attacks. When evidence of specific targeting is discovered, these front-line organizers and activists should be confidentially and quickly alerted. That’s because, even when the government publicly announces an attack or campaign, affected organizations and individuals may not have the resources or knowledge to know that they’ve been targeted.
The U.S. government should foster a cyber information sharing and analysis organization similar to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which currently protects banks and the financial sector, for NGOs that are often the target of state-sponsored cyber attackers. In the past, the FS-ISAC has helped financial firms defend against malware, ransomware, and other threats such as DDOS by alerting member organizations to new tactics and payloads used by attackers. Information sharing organizations benefit from scale as attacks happen quickly but not simultaneously. By joining together, once one member detects suspicious activity on their network, others will know swiftly, which could mitigate the impact of attacks like SolarWinds in the future.
Meanwhile, we outside of government must join together to meet this challenge head-on. We should band together to share indicators of compromise, best practices, and observations we make on our networks. And we must make sure information about vulnerabilities reaches members of our community who are very vulnerable but don’t keep up with the latest cyber bulletins.
The more the United States sustains a cyber strategy that empowers all defenders of democracy, the closer we draw to checkmate.
Dr. Welton Chang is Chief Technology Officer at Human Rights First. Prior to joining HRF, Welton was a senior researcher at the Johns Hopkins Applied Physics Laboratory where he led teams and developed technical solutions to address disinformation and online propaganda. Before joining APL, Welton served for nearly a decade as an intelligence officer at the Defense Intelligence Agency and in the Army, including two operational tours in Iraq and a tour in South Korea. Welton received a PhD and MA from the University of Pennsylvania, an MA from Georgetown University, and a BA from Dartmouth College.