Morgan Wright, a cybersecurity expert and chief technology analyst for Fox News warned that the recent hack discovered in SolarWinds’ software could have major foreign-policy implications, and possibly even warfare.
“Anytime you call a meeting on Saturday of the National Security Council, it’s serious,” Wright told Fox host Lou Dobbs. “This is almost like a prelude to war.”
The Cybersecurity and Infrastructure Security Agency announced this week that it had discovered the threat, which foreign actors—presumably Russia—executed through an update in the company’s software.
“They exploited the trust mechanism that every company relied upon to deliver … these updates to patch the vulnerabilities,” Wright said.
“Instead, they were introducing new, hidden vulnerabilities,” he added. The updates “were securely delivered, but they contained a malicious payload.”
Wright noted that several things made the massive hack such an alarming threat.
One was that it remained ongoing, with the prospect of months, if not years, until even the full scope of the damage was understood fully.
“It’s either shut it off or cut it off, and neither one of those is a good alternative,” Wright said.
Already, the duration of the attack was disconcerting, with the update in question occurring between February and May of this year.
“It’s like finding a burglar in your home that has been living in your house for nine months,” Wright said.
The scope was equally alarming. SolarAir is estimated to have about 300,000 total clients., with an estimated 18,000 clients impacted in the public and private sectors.
That included key defense-industry contractors like Lockheed Martin and cybersecurity firm FireEye.
Also among the likely hacking victims were government agencies like the Treasury, those regulating the nuclear arsenal, and national laboratories.
“Russia now has got the entire playbook if they want to, for example, … take down the US energy grid.”
Dominion Voting Systems, already at the center of intense scrutiny amid allegations that it intentionally interfered in the November election, had listed on its website that it used SolarWinds products, although it denied it in a statement this week.
The timing of the discovery underscored many of the deep vulnerabilities already felt by Americans that the long trusted systems of government were now failing them.
Defense Secretary Mark Esper and CISA chief Christopher Krebs were both dismissed by President Donald Trump, with the apparent reason being their efforts to contradict and undermine the evidence of widespread vote fraud presented by the Trump campaign.
But Dobbs noted that Krebs’ failure to identify the Russian worm undermined his recent claims that the election was one of the most secure in history and free of foreign interference.
This is a cyberattack of nightmare proportions—and apparently, dimensions and longevity,” he said.