Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

The National Security Agency (NSA) logo is shown on a computer screen inside the Threat Operations Center at the NSA in Fort Meade. U.S. President George W. Bush visited the ultra-secret National Security Agency on Wednesday to underscore the importance of his controversial order authorizing domestic surveillance without warrants. (Photo: Brooks Kraft LLC/Corbis via Getty Images)

The National Security Agency (NSA) logo is shown on a computer screen inside the Threat Operations Center at the NSA in Fort Meade. U.S. President George W. Bush visited the ultra-secret National Security Agency on Wednesday to underscore the importance of his controversial order authorizing domestic surveillance without warrants. (Photo: Brooks Kraft LLC/Corbis via Getty Images)

SolarWinds Is Not the 'Hack of the Century.' It’s Blowback for the NSA's Longtime Dominance of Cyberspace

Breathless coverage of the SolarWinds hack functions to manufacture consent for NSA's internet hegemony and to divert us from considering alternative models of security.

Jesselyn RadackWilliam Neuheisel

Last month, the private security firm FireEye discovered a widespread breach of government and corporate computer networks through a so-called "supply chain" exploit of the network management firm SolarWinds, conducted by nation-state-level hackers, widely thought to be Russia. Most coverage of the breach featured ominous headlines and quotes from current and former government officials describing it as the biggest hack of modern times. Occasionally, buried in one of the closing paragraphs, there was an official quoted admitting that, so far, only "business networks" were known to be compromised—sensitive but unclassified email systems and data on job descriptions and HR functions.

"Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance."

These stories lack context of the true state of cyber espionage over the last few decades. The SolarWinds hack is certainly a large and very damaging breach, but one could almost pick at random any five or ten of the hundreds of codename programs revealed in the Snowden documents that would top it. The mother of all supply chain attacks (that we know of publicly) may have been the clandestine American role behind CryptoAG—which allowed the NSA to sell scores of foreign governments broken cryptographic systems through which it was possible to crack the encryption on their top-level government and military communications for decades. And of course the first, and one of the only, actual cyberattacks in history was the Stuxnet program conducted by Israeli and American services against Iranian nuclear centrifuges.

Yet the American public may be left with the impression that Russian hacking poses a uniquely aggressive and destabilizing threat to the international order, and therefore must be punished. News coverage has been leadened with apoplectic quotes from senior officials and lawmakers that the breach represents "virtually a declaration of war," that we need to "get the ball out of their hands and go on offense," that "we must reserve our right to unilateral self-defense," and even that "all elements of national power must be placed on the table" (All elements? Tanks? Nuclear weapons?). This kind of hyperbolic reaction cannot be driven by sincere shock at the idea of a government hacking into and spying on another government’s networks. More plausibly, it is driven by outrage at the idea of any other nation challenging the United States' overwhelming dominance to date in network espionage.

The Pentagon has so far responded to the breach by proposing a rearrangement of the organizational chart for our cyber army. And if history is any guide, Congress will respond as they have to past intelligence failures: by throwing more money at the bureaucracy to feed its legion of private contractors. In other words: more of what contributed to this breach in the first place. The ever-growing feeding frenzy for beltway bandits not only increases the attack surface for foreign hackers, it ensures that Congress does not have the capacity (even if it had the will) to understand and oversee increasingly complex supply chains to ensure basic security standards for the very companies who will be called on to fix these vulnerabilities. Few were even aware of the ubiquity of SolarWinds presence across so many of our government networks, and the lax security practices of this key software provider have only come under scrutiny retroactively. According to reports, the update server for SolarWinds’ software ⁠— an incredibly sensitive key piece of any software supply chain ⁠— was publicly accessible by a default password that had leaked to the internet in 2019, and the company had been warned both by its employees and by independent security researchers.

Here another tragic irony emerges: whatever internal channels were used to warn of these security lapses were clearly not effective, but if a whistleblower had taken this kind of sensitive national security information to the press ⁠— publication of which perhaps could have forced action and prevented a major act of espionage against our government ⁠— they would have put themselves at risk of prosecution under the Espionage Act.

"If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities."

So while the pundits clamor for retaliation and Washington bickers about rearranging the desks at Fort Meade, we still do not get a debate on alternatives that might better serve the American people. In secret, and without public consultation, the NSA long ago decided to use our privileged position sitting atop the internet backbone not to secure it; to level up the safety of key systems for all its users (but to poke more holes in it); and to stockpile exploits and hoard vulnerabilities in order to dip its hands into nearly every network, communications protocol, and computer system of consequence on the planet, both foes and allies alike.

Even our defensive strategy has become a policy of aggression. Dubbed "defend forward," it has us maintaining backdoors and software implants on key infrastructure systems around the world, as a way of keeping a loaded gun pointed at any real or potential adversary. Like our nuclear policy before it, the stated goal is deterrence, but the actual goal is to create a cover for unchecked aggression and dominance. If reports are true that Russia was behind SolarWinds, and was using its access to case physical infrastructure networks in the U.S., their motivation may have been to gain a small measure of deterrence against the overwhelming superiority of American offensive capabilities.

The wisdom of such an aggressive posture towards the global internet was one of the key questions Edward Snowden posed to the public after his disclosures. We should not fail to consider it as we increasingly get a taste of what the rest of the world has been subjected to by American spies for decades.


Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Jesselyn Radack

Jesselyn Radack

Jesselyn Radack is a national security and human rights attorney who heads the 'Whistleblower & Source Protection' project at ExposeFacts. Follow her on Twitter: @JesselynRadack

William Neuheisel is a human rights and civil liberties analyst at WHISPeR. Follow him on Twitter: @wneuheisel

William Neuheisel

William Neuheisel is a human rights and civil liberties analyst at WHISPeR. Follow him on Twitter: @wneuheisel

This is the world we live in. This is the world we cover.

Because of people like you, another world is possible. There are many battles to be won, but we will battle them together—all of us. Common Dreams is not your normal news site. We don't survive on clicks. We don't want advertising dollars. We want the world to be a better place. But we can't do it alone. It doesn't work that way. We need you. If you can help today—because every gift of every size matters—please do. Without Your Support We Simply Don't Exist.

Covid-19 Vaccine Makers Blasted for 'Unconscionable Profits,' Monopolies, and Low Taxes

"Big Pharma's business model—receive billions in public investments, charge exorbitant prices for lifesaving medicines, pay little tax—is gold dust for wealthy investors and corporate executives but devastating for global public health."

Common Dreams staff ·


UN Human Rights Chief Calls for Global Halt to Sales of Dangerous AI Technologies

"The power of AI to serve people is undeniable, but so is AI's ability to feed human rights violations at an enormous scale with virtually no visibility."

Brett Wilkins ·


ICC Approves Probe Into 'Drug War' Atrocities Carried Out by Duterte Regime

"Duterte along with his co-accused henchmen of the war on drugs will be facing justice."

Andrea Germanos ·


Global Indigenous Coalition Echoes Call to Postpone UN Climate Talks

"No equitable or just climate solutions can emerge from such an unjust process."

Brett Wilkins ·


House Dems Unveil Bill to Stop Wall Street From Destroying the Planet

"The Federal Reserve's role is not to surrender our planet to corporate polluters and shepherd our financial system to its destruction," said Rep. Rashida Tlaib, among the Democrats urging the Fed to end fossil fuel financing.

Kenny Stancil ·

Support our work.

We are independent, non-profit, advertising-free and 100% reader supported.

Subscribe to our newsletter.

Quality journalism. Progressive values.
Direct to your inbox.

Subscribe to our Newsletter.


Common Dreams, Inc. Founded 1997. Registered 501(c3) Non-Profit | Privacy Policy
Common Dreams Logo