Thursday, December 24, 2020


A former CIA mentor of mine used to say intelligence failures are not like fine wine getting better with age.

The purpose of intelligence is to detect threats “left of boom” so they can be preempted before they are visited on our shores. Similar to terrorists, cyber hackers conduct surveillance of their targeted networks before attacking. Instead of spotting the threat before it materialized, we are now in incident response phase, conducting forensics on the damage done to our national security from the suspected Russian cyber attack of U.S. government agencies, which reportedly began in March 2020 but was detected only a few weeks ago.

Ringing alarm bells over the enormity of this brazen attack, former Homeland Security Adviser Tom Bossert wrote “hackers will have long ago moved past their entry point, covered their tracks and gains what experts call ‘persistent access,’ meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”

In other words, we still do not know how much damage the cyber hack caused and we have apparently not ejected the malware, which the Russians used to vacuum up protected information from inside our cyber infrastructure.

The U.S. Department of Homeland Security assessed Russia’s foreign intelligence service (SVR) used U.S. technology firm SolarWinds as a Trojan Horse to inject malware into fortune 500 companies as well as U.S. state, local and federal governments, including the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.

We should of course expect nothing less from KGB operative in the Kremlin Vladimir Putin, who once served as director of Russia’s notorious Federal Security Service (FSB). Mr. Putin relies on relatively inexpensive asymmetric espionage because he knows this is the most effective arrow in his quiver against Russia’s militarily and economically superior “Main Enemy” the United States.

And Mr. Putin is nothing if not wildly hypocritical. In September 2020, he was promoting a truce in the “large scale confrontation in the digital sphere.” At the 2018 Helsinki summit with President Trump, Mr. Putin floated the idea of a U.S.-Russia cyber security working group. Covering the summit, as a member of the media I observed this would be like inviting a criminal to help you solve a crime you know they committed.

The clock is ticking. The U.S. needs to do the following:

First, incident response should occur within minutes of a cyber intrusion not months. We need with the greatest alacrity to conduct a damage assessment as well as forensics on how Russia infiltrated SolarWinds, including whether social engineering or sophisticated phishing might have been involved.

The U.S. intelligence community needs to collect on how Mr. Putin will plan to weaponize the treasure trove of information he stole. The last thing he would do is let it sit idly by on the shelf. And we need to determine whether there were other intrusions as well. In the 1980s, Russia ran multiple high value sources of the U.S. intelligence community. Mr. Putin likely has other cyber attacks in motion.

Second, Russia’s use of SolarWinds is a cautionary tale about the vulnerability of our supply chains. The hackers used malware to insert malicious code disguised as part of a security upgrade. When an update to SolarWinds’ software occurred, the malicious attack would go unnoticed due to the trusted certificate. It was cyber security firm Fire Eye and not the U.S. government, which discovered the hack.

We desperately need an enhanced partnership between our public and private sectors so that the information technology companies, on which our government and citizens rely, will be secure from foreign adversaries attacks.

Third, Mr. Putin will continue his full-throttled espionage attacks against us. Weakened politically because of a failed response to the coronavirus pandemic, protests in Siberia, a populist uprising in Belarus and a deflated economy overly reliant on exporting natural resources, Mr. Putin has demonstrated an increasingly voracious appetite for attacking his enemies at home and abroad.

Notwithstanding President Trump’s downplaying the cyber attack and questioning Russia’s involvement as his Secretary of State and former DCIA Mike Pompeo alleged, it will be over to the incoming Biden administration to re-examine our strategy to counter, deter and defend against Russian espionage. Regarding retaliation, Mr. Biden should be careful to distinguish between the internationally recognized norm of conducting espionage and weaponizing the stolen information to do us harm.

Now more than ever Democrats and Republicans need to stop using Russia as fodder in their domestic partisan debates. We need our elected officials to make common cause against the Kremlin. Shame on all of them, if they fail to do so.

• Daniel N. Hoffman is a retired clandestine services officer and former chief of station with the CIA. His combined 30 years of government service included high-level overseas and domestic positions at the CIA. He has been a Fox News contributor since May 2018. Follow him on Twitter @DanielHoffmanDC.

Copyright © 2021 The Washington Times, LLC.