A Breach of Our Trust: Exploring the Lasting Impact of the SolarWinds Hack

As 2020 came to a close, a cybersecurity company called FireEye reported that SolarWinds, a prominent software company, was hacked by an unknown group now believed to be Russian in origin.

Owen Hite, Reporter

Hacking is not a new threat to our country. It is so common that roughly one third of every living American has already been hacked or is a victim of identity fraud. With this startling statistic, it should be expected that the United States government has robust and powerful cybersecurity measures in place to protect the online presence of its citizens and businesses. Especially in a digitized world led by American companies such as Facebook, Instagram, and Twitter; America would be sure to have a firm grasp on internet protection. Right? Well, as the SolarWinds hack indicates, that’s not exactly the case.

As 2020 came to a close, a cybersecurity company called FireEye reported that SolarWinds, a prominent software company, was hacked by an unknown group now believed to be Russian in origin. The invader gained entry into the code for SolarWinds’ upcoming update to their Orion software, and when SolarWinds released this routine update to their clients, the malware went along with it.

This may seem trivial in the context of how common hacks are, but the depth and impact of this breach are incredible, considering that nearly a dozen major federal agencies are customers of SolarWinds. This means that when the Department of Homeland Security (DHS), the Department of Defense (DOD), and the Department of Justice (DOJ) installed the latest update to their systems, hackers were able to gain access to government information. More alarmingly, this hack is not a story of the past. Even now, it is still underway, nearly three months after it was first detected, and over a year and a half after the projected start of the breach.

But why does any of this matter? Most people likely don’t work for the DOJ or DHS, so they aren’t suffering the frantic wrath of their superior while they scramble to resolve the breach. They likely aren’t employees of SolarWinds either, so they have no reason to be concerned about falling stock, or an ongoing government investigation surrounding their company. However, most people do use technology, and the ease and secrecy with which this hack was executed should demonstrate just how little the American government and the private sector can actually do to protect our data.

With a modification of update software, Russian operatives compromised government and consumer information, and were undiscovered for over a year, which means there are likely more bugs or “backdoors” to consumer data already installed. And with all the new victims exposed by the SolarWinds hack (essentially every customer that downloaded the Orion software update) the United States is facing an endless game of Whac-A-Mole as they continue to discover even more backdoors installed in other aspects of American businesses. 

With all this exposed data, America should feel threatened by Russia’s newfound power. The country could reuse their effective strategy to steal every Google Doc in America. They could mimic China’s plan and attack medical companies to gain access to the health info of all American citizens. They could even use their power as leverage in nuclear talks or in foreign trade deals with the United States government. The opportunities are boundless.

The SolarWinds hack may have been invisible and seemingly undetectable, but despite its apparent harmlessness, the attack led to many casualties. Privacy, security, and trust were all eroded through this breach, and there will certainly be further destruction unveiled as the U.S. government continues to fend it off. Will consumer data ever be safe on the internet from this point forward? Likely not. Not with a lag time like this in recognizing a major hack. The government wasn’t even able to protect its own data, so why should we believe that they can protect ours?