A suspected Russian hacking campaign that targeted U.S. government agencies and dozens of companies around the globe is a “moment of reckoning” that “illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous,” Microsoft’s president is warning.
Brad Smith is speaking out following the discovery of the Solarwinds hack earlier this week, which one U.S. official described to the Associated Press as “the worst hacking case in the history of America.” The full extent of the hack is yet to be determined, but the U.S. State Department and Department of Homeland Security are among those who have reported being compromised.
“As much as anything, this attack provides a moment of reckoning,” Smith wrote in a lengthy column posted on Microsoft’s website. “It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.”
The U.S. Treasury Department building viewed from the Washington Monument in Washington. Hackers got into computers at the U.S. Treasury Department and possibly other federal agencies.
“The United States did not win World War II, the Cold War or even its own independence by fighting alone,” he continued. “In a world where authoritarian countries are launching cyberattacks against the world’s democracies, it is more important than ever for democratic governments to work together — sharing information and best practices, and coordinating not just on cybersecurity protection but on defensive measures and responses.”
Smith added that “if there is an initial question for the incoming Biden-Harris Administration and America’s allies, it is this: Is the sharing of cybersecurity threat intelligence today better or worse than it was for terrorist threats before 9/11?”
In his column, Smith – citing the Solarwinds hack and recent campaigns targeting vaccine providers and health care institutions — also argues that “we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem.”
“While the world has important international norms and laws to address nation-state attacks, we continue to believe it is important to fill in gaps and continue to develop clear and binding legal obligations for cyberspace,” he wrote.