Blurred Lines: SolarWinds and the Private Sector in National Cyber Security

Source: Unsplash

Bronte Munro

The evolving nature of technology and the advent of the Internet have challenged traditional modes of national security in the 21st century, forcing states to question their capacity to defend their intangible national borders in cyberspace. National security has traditionally been associated with the state’s core aspects of military and political power, tied to its interest in safeguarding its citizens from external threats and attacks upon its economy and institutions.

Between March and December of 2020, a cyber espionage attack was allegedly launched by Russia against the US. A national network management system called Orion was compromised by surveillance software installed through a supply chain hack. Orion is owned by a company called SolarWinds and was used by the White House, various branches of the US military, the US State Department, as well as numerous private institutions - including universities and transnational corporations based in the US and internationally.

The breach in network security occurred when government employees were prompted by Orion to unwittingly download software updates that contained surveillance software planted by hackers. Although the then-US Secretary of State, Mike Pompeo, publicly blamed Russia for the hacks against the US, the SolarWinds cyber-attack has exposed the US’ prevailing vulnerability to unorthodox methods of state-sanctioned espionage in cyberspace.

What is SolarWinds?

SolarWinds is a private US software company founded in 1999 that assists businesses in managing their IT infrastructure. Consequently, the ability for the Russian Intelligence Service (SRV) to conduct a sustained cyber-espionage attack against SolarWinds’ networks and access sensitive government communications has highlighted the increasingly blurred lines around who is ultimately responsible for national security in cyberspace. The infiltration of SolarWinds demonstrates the increasing overreliance states have upon the private sector to provide secure network services for the day-to-day operation of critical government functions and services and, by extension, to uphold national security in cyberspace.