What do you think? Leave a respectful comment.

Massive cyberattack ‘detrimental’ for U.S. national security

There is new and troubling information on a massive cyberattack in the U.S.. The Cybersecurity and Infrastructure Security Agency has determined that the attacks on the government, critical infrastructure and the private sector, pose a serious risk to national security. Dmitri Alperovitch, co-founder of the think-tank of the Silverado Policy Accelerator, joins Judy Woodruff discuss.

Read the Full Transcript

  • Judy Woodruff:

    There is new and troubling information on a massive cyberattack against the U.S.

    The Cybersecurity and Infrastructure Agency has determined that the recent hacking of federal, state, and local governments, as well as critical infrastructure and other private sector organizations, poses — quote — "a grave risk."

    They also said that eliminating the malicious computer code from compromised computer networks will be highly complex and challenging.

    We start by turning again to Dmitri Alperovitch. He's co-founder of Silverado Policy Accelerator. It's a Washington-based think tank.

    Dmitri Alperovitch, thank you so much for being with us again.

    We are learning from the cyber agency that the hackers used possibly more than one path to get in. How significant is that?

  • Dmitri Alperovitch:

    (AUDIO GAP) espionage campaigns in history.

    And we have just breaking this tonight before you went on the air that Microsoft was one of the other vendors whose software was impacted here. And the Russians were able to leverage it to get into some of the victims, in addition to the original company called SolarWinds.

    But the impact is huge, because you have so many companies using the software that essentially gave a map to the Russian intelligence service, who is believed to be behind this, to gain entry, government agencies, private sector companies alike.

  • Judy Woodruff:

    Well, it sounds serious enough.

    But then there is this additional reporting today from Politico that they managed to get inside the Energy Department, inside the national Nuclear Security Administration, which manages the nuclear weapons stockpiles.

    It sounds serious. How serious is this?

  • Dmitri Alperovitch:

    Well, this was a supply chain hack.

    So, in effect, the Russians were able to infiltrate into these software companies whose software is used by tens of thousands of organizations globally, including most of the sensitive government agencies. And then they cherry-picked.

    They decided which targets they wanted to go after to actually get into the doors and exfiltrate very sensitive information from those networks. And that is why we are seeing this drip, drip, by drip reports of numerous government agencies that you can imagine would be of high interest to the Russian intelligence services, like the State Department, like the Treasury Department, like the Pentagon, and now the Department of Energy as well and others.

  • Judy Woodruff:

    So, Dmitri Alperovitch, do we have a sense of how close they came to triggering something — I mean, the whole thing is serious enough — but to triggering, I don't know, a nuclear incident or some other unthinkable sort of incident, step, emergency?

  • Dmitri Alperovitch:

    This is an incredibly dangerous situation and very detrimental to our national security.

    But there are two silver linings here that I think it's useful for us to remember. One, it looks like this was a traditional espionage attack. It looks like they were not interested in destruction. And it looks like no data was — is being changed. We may find out differently in the future.

    But, for now at least, it looks like they went in and did traditional theft of information, very, very serious stuff, but — of course, but it could have been so much worse.

    And second silver lining is that, in this particular case, it looks like they were not able to get access to classified networks. Those are networks that are disconnected from the Internet, so they are extremely difficult to infiltrate. And that's where most of the U.S. government secrets, of course, are located on.

    But even compromising the unclassified networks, they still contain enormous amounts of sensitive information. So, this is going to be very, very damaging to our national security for many years to come.

  • Judy Woodruff:

    And, as we reported, very difficult to unwind, to undo whatever damage was done?

  • Dmitri Alperovitch:

    It is going to take us months to get the Russians out of those networks.

    In particular, if it is indeed the SVR, the Russian foreign intelligence service, they are the ones that infiltrated the White House, the Joint Chiefs of Staff, and the State Department back in 2015. And it took many, many weeks for those organizations back then to kick them out, because they are so good at burying themselves in, staying stealthy, maintaining that foothold within the organization, that it's going to take us probably months to get them out of all these networks that they have been able to infiltrate.

  • Judy Woodruff:

    Dmitri Alperovitch, as always, we thank you.

  • Dmitri Alperovitch:

    Thank you so much.

Listen to this Segment