A suspected Russian hacking campaign that targeted U.S. government agencies and dozens of companies around the globe is a “moment of reckoning” that “illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous,” Microsoft’s president is warning.
Brad Smith is speaking out following the discovery of the Solarwinds hack earlier this week, which one U.S. official described to the Associated Press as “the worst hacking case in the history of America.” The full extent of the hack is yet to be determined, but the U.S. State Department and Department of Homeland Security are among those who have reported being compromised.
“As much as anything, this attack provides a moment of reckoning,” Smith wrote in a lengthy column posted on Microsoft’s website. “It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.”
Smith says 2021 “creates an opportunity to turn a page on recent American unilateralism and focus on the collective action that is indispensable to cybersecurity protection.
“The United States did not win World War II, the Cold War or even its own independence by fighting alone,” he continued. “In a world where authoritarian countries are launching cyberattacks against the world’s democracies, it is more important than ever for democratic governments to work together -- sharing information and best practices, and coordinating not just on cybersecurity protection but on defensive measures and responses.”
Smith added that “if there is an initial question for the incoming Biden-Harris Administration and America’s allies, it is this: Is the sharing of cybersecurity threat intelligence today better or worse than it was for terrorist threats before 9/11?”
In his column, Smith – citing the Solarwinds hack and recent campaigns targeting vaccine providers and health care institutions -- also argues that “we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem.”
“While the world has important international norms and laws to address nation-state attacks, we continue to believe it is important to fill in gaps and continue to develop clear and binding legal obligations for cyberspace,” he wrote.
Microsoft's president concluded his column by writing that the “coming months will present a critical test, not only for the United States but for other leading democracies and technology companies."
"The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks," he added. "It will become even clearer that they reflect not just the latest technology applied to traditional espionage, but a reckless and broad endangerment of the digital supply chain and our most important economic, civic and political institutions."