In late 2020 and early 2021, as the United States was tense with the Covid-19 pandemic and preparing to hand over power after the presidential election, it admitted that it had suffered the largest cyberattack ever in terms of complexity and magnitude of impact . The attack was carried out by SolarWinds, a large and respected US cybersecurity company based in Texas. SolarWinds’ network and security products were being used by more than 300,000 large customers worldwide at the time of the attack, including various Fortune 500 companies, major telecommunications companies, military and government organizations such as the Pentagon, the United States Aeronautics and Space Administration (NASA), National Security Agency (NSA), State Department, Department of Justice, and even the President’s Executive Office. SolarWinds announced that up to 18,000 of more than 300,000 of their customers were infected with malicious code. The attack was carried out in a very methodical manner with the participation of more than 1000 professional engineers who are believed to have been sponsored by Russia. With the aim of tracking normal activity of service users, namely software updates, hackers tried to smuggle malicious code into the software update of the SolarWinds Orion Platform from the end of 2019. However, it was not until February 2020 that malicious code began to penetrate and spread. The attack was completely undetected by FireEye – a direct victim of the cyber attack – until December 13, 2020.
According to the Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, as of February 17, 2021, at least nine federal agencies and more than a thousand private companies were affected by the attack. Although they are believed to be from and supported by another country – Russia – hackers launched attacks from the United States. The severe large-scale attack on SolarWinds has signaled the possibility that cyber warfare is becoming more present and fierce than ever. Given the severity of a large-scale attack, focusing resources on measures to improve the security agenda should be a top priority on the security agenda. Therefore, by analyzing the nature and characteristics of large scale cyberattacks like the SolarWinds hack, this proposal will recommend possible precautionary measures to prevent similar attacks as much as possible in the future. In addition, one of the factors that contribute to the massive damage of an attack is the delay in detecting the behavior of this group of hackers. That said, it took more than half a year since the SolarWinds attack started before it was discovered. Former Chief Information Officer Theresa Payton described the SolarWinds attack by comparing the hack to someone in the house six months ago. He says, “The forensic evidence will be corrupted and destroyed.” This delay has given the group of hackers the ability to erase their traces and hide themselves, making it difficult to determine their identity, motives, and information stolen in the intrusion in several ways. The timely response of victims, including individuals, businesses and corporations, especially government offices, has become one of the most important factors in minimizing the damage caused by attacks. Therefore, the second central aspect of this paper, in addition to protecting these authorities from attacks, is minimizing damage and keeping the system firmly in place during these large-scale attacks.
The essence of cybersecurity and cyber threats
Myriam Dunn Cavelty, a senior lecturer at the Center of Security Studies, defined “cyber security” by referring to what she called cyberspace or the “bioelectronic environment”. This is a universal network ecosystem that was created virtually and immaterially. It exists anywhere with computers, servers, phone lines, or electromagnetic waves. Cyber security simply means making this bioelectronic environment secure by setting up both technical and non-technical activities to protect the system itself, along with the information it owns, from attack, damage, theft, and other potential threats . Similar to the physical world, threats in this bioelectronic environment can occur randomly or intentionally with varying degrees of severity. In addition, due to the close connection between these two environments, i.e. the strong dependence of humanity on technology, damage in cyberspace could lead to real ruptures in the physical world. Cyber attacks can therefore be seen as tools for cyber warriors and criminals to wreak havoc in various dimensions of security. The variety of methods, motives and goals of these fighters means that cybersecurity falls not only into the national security category, but also at the individual and international level. More than 160 million personal credit card information stolen in a cyberattack by five Russian and Ukrainian hackers in 2013 is an example of attacks on individuals. National and international agencies are no exception as they have also been victims, and SolarWinds is a prime example of the vulnerability of these agencies to large-scale cyberattacks.
Similar to threats in the physical world, cyber threats become more avoidable if the identity, goals, motives and execution mechanisms of these cyber warriors and criminals can be determined. The determination of the attack lies in what type of cybercrime, cyber warfare, cyber terrorism or cyber espionage are the first steps in dealing with the crisis that are causing these attacks. On the basis of this information, among other things, the determination of the extent of the damage as well as the punishment and deterrence of the attacker are necessary in order to prevent similar events in the future. However, even with the help of computer and Internet experts, it is never easy to identify the origins of these attacks. Fortunately, difficult does not mean impossible. Two of the most effective determinations are based on the extent of the damage and the targets of these hackers. First, the size and complexity of the attack are in many ways proportional to the resources and funding of these hackers, both professionally and financially. In fact, corporations, corporations, government agencies, and even individuals who use technology devices all have certain ideas about their own cybersecurity, even though the understanding of individual actors varies significantly. Corporations, large corporations, and government agencies typically spend a large portion of their annual budget on cybersecurity and protection. This makes it difficult to find and attack a vulnerability in the system, which requires a long research time and the necessary supporting equipment. These hacker groups are therefore more likely to have the financial resources and strong support to spend their time researching and planning large-scale attacks like the SolarWinds. Second, the target could somehow help the government discover the motives of warriors and criminals. Hackers can be divided into two types depending on the purpose of their actions. They could “try to detect, manipulate or otherwise exploit the vulnerabilities in computer operating systems and other software”. For those hackers trying to break into the system and attack its vulnerability simply for personal challenge with no political intent, it is somehow easier to deal with those with political intent. These hackers, because their purpose is merely to demonstrate their personality, many of them do not even erase their tracks and hide their own actions in cyberspace. Even if they are discovered, they are more likely to work with law enforcement agencies and technology companies to close the vulnerability. In fact, big tech companies are interested in these types of hackers and want these people to work for them. In late 2019, for example, Google also awarded prizes of up to $ 1.5 million to any hacker who could figure out how to hack the Titan-M security chip on Pixel smartphones and then take control of the device. On the contrary, hacktivists are those who combine cyberattack activities with political activism. Dealing with these types of hackers is often very difficult. When it comes to political agendas, the actions of these groups of hackers are often system destruction, information theft, which causes serious damage to the economy, society and the political situation. Because of the severity and illegal motivation of these attacks, hackers often try to hide their identities, making it difficult for law enforcement agencies to track down the perpetrators, as in the case of the SolarWinds attack. Hence, unlike the first breed of hackers, hacktivists are becoming a major concern of the cybersecurity paradigm.
Based on the two identifications discussed, large-scale and highly harmful attacks on large corporations and political institutions like the SolarWinds hack typically have two main characteristics. First, they are more likely to be sponsored by governments or political organizations or even extreme terrorist groups, as cyberspace is the ideal environment for these organizations to have a huge impact on the world, with little chance of being held responsible and unlikely to be Have jurisdiction. Second, because these attacks are usually carefully planned, each time they occur they cause great damage to the system and it is extremely difficult to determine the identity of the hackers and the information they are controlling or losing. Therefore, it is of great importance to include cyber threats, especially large-scale attacks, in the security agenda. This is not only because these threats can have a tremendously negative impact on all three aspects of the paradigm: individual, national and international security. But also because of the difficulty and complexity of this problem. Unlike other traditional threats like the military, which after centuries of developing the agenda, providing the state with fairly complete mechanisms, cybersecurity is new with many undiscovered threats that states have never faced before. If states and companies do not want to become vulnerable victims of these potential threats, a comprehensive discussion about effective measures to prevent and combat cyber attacks in modern times is required.
Addressing cybersecurity-related issues requires a clear clarification of the two types of policy: prevention and problem-solving. Prevention policies are implemented at a time when large-scale cyberattacks have not yet taken place or have not gone undetected in order to predict, warn and block these attacks. Examples of this type of policy could be the establishment of defensive measures for technical devices such as firewalls or the establishment of secret services to detect and prevent individuals and organizations that intend to attack the system. In contrast, a problem-solving policy is only implemented when attacks have been identified in order to minimize their negative effects. These guidelines can include patching security vulnerabilities and investigating the cause and purpose of hacking attacks. Each of these types of policies has its own characteristics that are appropriate for the purpose of its creation.
As far as precautionary policy is concerned, its effectiveness depends on the degree to which attacks are prevented in the first place. These guidelines are also known as defensive regimes that follow at different levels. In order to ensure cybersecurity on an individual as well as on a national and international level, technology suppliers must offer a certain level of security with their products in order to protect the personal data of customers. This security mechanism must effectively prevent various types of large-scale cyber attacks, including viruses, phishing attacks, Trojans, worms, ransomware and spyware. Two essential ways to ensure security in a networked computer system are the use of firewalls and third-party products such as anti-malware software, intrusion detection and prevention systems. It is a fact that individuals, corporations, corporations, and even government agencies seldom put in place a defensive security system for their devices and information on their own. Instead, they buy and use third-party services, usually companies that provide security services like SolarWinds. Hence, these cyber security companies play a very important role in risk prevention. Whether they can become a strong fortress against hackers depends entirely on the quality of the products and services offered. When this great wall is defeated, all objects that protect it become vulnerable targets for cyber warriors and criminals. For this reason, just by hacking malware into SolarWinds Orion Platform update software from SolarWinds, the hackers have affected more than 18,000 large corporate customers, including key US government agencies such as the Pentagon and the National Security Agency. While SolarWinds was also a victim of this large-scale attack, the responsibility is considerable as it was unable to detect the malware in its own software for almost a year. Worse still, the person who identified this vulnerability wasn’t SolarWinds, but FireEye, one of its customers. The failure of cybersecurity companies like SolarWinds to test the security of their own programs requires stricter United States national legal systems to ensure the quality of cybersecurity services. Regular checking and scanning of technological defects should be given more attention by these software companies.
For government agencies in particular, ensuring the security of the system must be a top priority, as they understand that information in their possession is very important to national security. The introduction of security standards for government networks was announced in 2008 by President George W. Bush with his Comprehensive National Cyber-security Initiative (CNCI). This is a necessary step in securing a government intranet, but subsequent attacks require these standards to be regularly updated and tested to address existing vulnerabilities. In addition, in large-scale and well-prepared attacks, intelligence becomes very important for governments to prevent and prevent these attacks. International agreements to limit the use of cyber weapons could be effective measures in dealing with large-scale cyber attacks sponsored by governments or terrorist groups. However, these agreements have two major weaknesses. First, it is difficult to identify cyber weapons in real life because the technologies used to manufacture these weapons are dual-purpose. For example, a computer can be used to create a harmful virus for the Internet system while also being used to do good things such as creating an educational program. Second, the signing of these agreements and the use of intelligence information could conflict with the privacy rights of individuals and companies. The paradoxical situation of achieving more cybersecurity would lead to even more insecurity, was illustrated by Myriam Dunn Cavelty. She describes this cybersecurity dilemma by pointing to the fact that national security clashes sharply with individual security. The state security agenda to prevent large-scale attacks could lead to the militarization of cybersecurity and “(re) assert its power in cyberspace, thereby overriding the various security needs of the people in this space”. Therefore, in establishing such an effective mechanism to protect government and society from being attacked by well-planned cyberattacks, it is vital to ethically respect privacy and privacy rights.
Of course, there will still be exceptions if the above measures do not completely prevent cyber attacks. In the worst case, countermeasures or problem-solving policies are of the utmost importance in order to minimize the damage caused by these attacks and to stop it as quickly as possible. In this case, it is necessary to force corporate and corporate cooperation to work with law enforcement agencies and the government to identify the target and purpose of the attack as soon as possible. The cybersecurity dilemma still arises in situations where the private information of individuals and companies could be important to the investigation process. Another potentially effective guideline for dealing with cyberattacks could be the presidential administration’s new bill, Joe Biden, which “requires many software vendors to notify their customers to the federal government when companies have a cybersecurity breach.” The reason for this requirement was the negative impact of the interruption and delay in investigating the SolarWinds attack. The National Security Council spokeswoman said: “The federal government must be able to investigate and eliminate threats to the services it provides to the American people early and quickly. Simply put, you can’t fix what you don’t know. “ The importance of identifying and combating large-scale cybersecurity attacks at all levels shows the need for collaboration between security companies and government agencies.
Because of the complexity and uniqueness of cyberspace, large-scale cyberattacks are attractive tools for governments, political groups and terrorist extremist groups. The rise of sophisticated and complex cyberattacks like SolarWinds requires a shift in the traditional security paradigm by increasing the priority of cybersecurity and policies. Two types of policies have been introduced, including prevention and problem-solving policies. The preventive policies, including raising and ensuring the security standards of security services provided by software companies and internal government networks. From a foreign policy perspective, cyber weapon control agreements deserve concentration. On the other hand, problem-solving strategies also play an important role in dealing with existing cyber attacks. In order to be able to effectively solve these harmful attacks, it is necessary to provide the federal government with information in the event of an attack by cyber warriors and criminals. However, the cybersecurity dilemma must also be considered when setting these guidelines. The possibility of the state militarizing cybersecurity will be greater if governments focus entirely on national cybersecurity. The privacy of individuals and companies should therefore be considered in the cyber security discussion.
Cavelty, Myriam Dunn. 2014. “Breaking through the cyber security dilemma: coordinating security needs and eliminating weak points.” Science & Engineering Ethics 20 (3): 701.
Cavelty, Myriam Dunn. n.d. “Online Safety.” The Routledge Guide to New Security 155.
Dan Caldwell, Robert Williams. 2012. Looking for security in an uncertain world. Rowman & Littlefield Publishing.
Ellen Nakashima, Craig Timberg. 2020. “Russian government hackers are behind a large-scale espionage campaign that has compromised US affairs, including the Treasury Department and trade.” The Washington Post, December.
Esther Dyson, George Gilder, George Keyworth, Alvin Toffler. 1996. “Cyberspace and the American Dream: A Magna Carta for the Age of Knowledge.” The information society 12 (3): 295-308.
Hannah Murphy, Helen Warrell, Demetri Sevastopulo. 2020. “The Great Hack Attack: SolarWinds Breach exposes major cybersecurity gaps.” Financial Times, December. https://www.ft.com/content/c13dbb51-907b-4db7-8347-30921ef931c2.
Holmes, Aaron. 2019. “Google is offering a $ 1.5 million reward to anyone who can perform a complex Android hack.” Business Insider, November.
Jangirala Srinivasa, Ashok Kumar Dasb, Neeraj Kumar. 2019. “Government Regulations in Cybersecurity: Frameworks, Standards and Recommendations.” Computer system of the future 92: 178-188.
Joseph Menn, Christopher Bing, Nandita Bose. 2021. “Exclusive: Software vendors would have to disclose violations to users of the US government under the new regulation: Draft.” Reuters.
Knake, Robert. 2021. “Why the SolarWinds Hack is a wake-up call.” External Relations Council, March. https://www.cfr.org/article/why-solarwinds-hack-wake-call#:~:text=The%20SolarWinds%20hacking%20campaign%E2%80%94one,behind%2C%20is%20far%20from % 20over.
Morgan, Steven. 2019. “Global cybersecurity spending is projected to exceed $ 1 trillion from 2017 to 2021.” Cybercrime magazine, June.
Neuberger, Anne. 2021. Interview, The White House.
Richard Harknet, James Stever. 2011. “The new political world of cybersecurity.” Public administration review 71 (3): 456-459.
Steven Henn, Robert Siegel. 2013. “Russian hackers stole more than 160 million credit cards.” NPR: National public radio, July.
 Robert Knake, “Why the SolarWinds Hack is a wake-up call” External Relations Council, March 2021.
 Ellen Nakashima and Craig Timberg: “Russian government hackers are behind a large-scale espionage campaign that has compromised US authorities, including the Treasury and Commerce.” The Washington Post, December 2020.
 Nakashima and Timberg.
 Knake, “Why the SolarWinds Hack is a wake-up call.”
 Anne Neuberger, Interview by Jen Psaki, The White House, February 17, 2021.
 Hannah Murphy et al., “The Great Hack Attack: SolarWinds Breach Reveals Major Gaps In Cybersecurity” Financial Times, December 2020.
 Dyson Esther et al., “Cyberspace and the American Dream: A Magna Carta for the Knowledge Age”, The information society 12, no. 3 (1996): 295-308.
 Dyson Esther et al., 296.
 Myriam Dunn Cavelty, “Cyber Security”, The Routledge Handbook from
New security studies, 155.
 Steven Henn and Robert Siegel, “Russian hackers stole more than 160 million credit cards” NPR: National Public Broadcasting, July 2013.
 Dan Caldwell et al., Looking for security in an uncertain world (Rowman & Littlefield Publishers, INC: 2012), 159-172.
 Caldwell et al., 154.
 Steve Morgan, “Global cybersecurity spending is projected to exceed $ 1 trillion from 2017-2021” Cybercrime Magazine, June 2019.
 Caldwell et al., Looking for security in an uncertain world 162.
 Caldwell et al., 162.
 Aaron Holmes: “Google Offers $ 1.5 Million Reward to Anyone Who Can Pull a Complex Android Hack” Business Insider, November 2019.
 Caldwell et al., Looking for security in an uncertain world 162
 Caldwell et al, 154.
 Caldwell et al, 162-163.
 Jangirala Srinivas et al., “Government Regulations in Cybersecurity: Frameworks, Standards, and Recommendations”, Computer systems of the future 92 (2019), 178-188.
 Richard Harknet and James Stever, “The New Policy World of Cybersecurity”, Public administration review 71, no. 3 (2011), 456-459.
 Caldwell et al., Looking for security in an uncertain world 173.
 Caldwell et al., 173.
 Myriam Dunn Cavelty, “Breaking the Cyber Security Dilemma: Alignment”
Security requirements and elimination of weak points “, Science and engineering ethics 20, no. 3 (2014), 701.
 Kavelty, 701.
 Joshep Menn et al., “Exclusive: Software vendors would have to disclose violations to users of the US government under the new regulation: Draft.” Reuters, March 2021.
Further reading on e-international relations