It has been a difficult first week back to teach online. As has been my practice for about a year, I begin each course at the University of Washington with a single slide that encapsulates the latest information I have on the pandemic. To that, I added an introduction to the SolarWinds data breach for my emerging cyber topics course on Monday. On Thursday, I created several slides on the invasion of the U.S. Capitol on January 6th for my information ethics, policy and law course, where we had started with an examination of the foundations of our government, including its seminal documents: the Declaration of Independence, the Constitution, and the Bill of Rights.
The Pandemic
Any risk analyst would advise you that the numbers are going in the wrong direction. What we have now in terms of infections and deaths is the worst-case instance of the magnitude x frequency model. The holidays brought out our most sentimental behavior, and we will continue to see consequences from family gatherings. At the same time, state governments are having a hard time deploying the vaccine that they have received. I know that the Biden-Trump transition teams are working on better solutions than we have right now for vaccinating people; and that badly needed funds for testing and vaccination cannot be far away. I look forward to better working relationships between the federal government and the states who have shouldered the burden of decision making and reallocation of their existing revenues.
The Solar Winds Breach
If there were ever a clear illustration of how the government and the private sector are inextricably bound together, it would be with this breach. The pandemic magnifies fissures in our critical infrastructure. Personnel in both the government and private sector are mostly working from home, which might help explain how the breach activity went undetected since last October. In addition to remote government operations, agencies responsible for defense or nuclear power or homeland security have been hollowed out, with political appointees running the organizations. It was a private sector company, FireEye, that detected the supply chain hack, conducted through an alleged software update from the company SolarWinds, a cybersecurity tools provider with contracts with many parts of the government as well as with Fortune 500 companies. According to my colleague Sean S. Costigan,
“Since the SolarWinds attack affected so many
Fortune 500 companies, including critical
infrastructure entities, once noticed it was
bound to become public. It is a matter of
conjecture as to whether the perpetrators cared
about what collateral damage they caused to
industry and government entities that were less
likely to be targets of interest. According to
SolarWinds, at present count over 18,000
18,000 of its 300,000 customers installed the
malware. It is hard to understate the scale since
SolarWinds counts
the Office of the President of the United States, the
Department of Defense, the NSA, Visa, Mastercard,
Harvard, Subaru, Volvo, Lockheed Martin, Cisco, The
New York Times and thousands more major organizations
among their customers.” (Diplomatic Courier, January 4,
2021)
A More Perfect Union
by Annie Searle