January 2021 - Making Your Mark - Page 6

It has been a difficult first week back to teach online. As has been my practice for about a year, I begin each course at the University of Washington with a single slide that encapsulates the latest information I have on the pandemic. To that, I added an introduction to the SolarWinds data breach for my emerging cyber topics course on Monday. On Thursday, I created several slides on the invasion of the U.S. Capitol on January 6th for my information ethics, policy and law course, where we had started with an examination of the foundations of our government, including its seminal documents: the Declaration of Independence, the Constitution, and the Bill of Rights.

The Pandemic

Any risk analyst would advise you that the numbers are going in the wrong direction. What we have now in terms of infections and deaths is the worst-case instance of the magnitude x frequency model. The holidays brought out our most sentimental behavior, and we will continue to see consequences from family gatherings. At the same time, state governments are having a hard time deploying the vaccine that they have received. I know that the Biden-Trump transition teams are working on better solutions than we have right now for vaccinating people; and that badly needed funds for testing and vaccination cannot be far away. I look forward to better working relationships between the federal government and the states who have shouldered the burden of decision making and reallocation of their existing revenues.

The Solar Winds Breach

If there were ever a clear illustration of how the government and the private sector are inextricably bound together, it would be with this breach. The pandemic magnifies fissures in our critical infrastructure. Personnel in both the government and private sector are mostly working from home, which might help explain how the breach activity went undetected since last October. In addition to remote government operations, agencies responsible for defense or nuclear power or homeland security have been hollowed out, with political appointees running the organizations. It was a private sector company, FireEye, that detected the supply chain hack, conducted through an alleged software update from the company SolarWinds, a cybersecurity tools provider with contracts with many parts of the government as well as with Fortune 500 companies. According to my colleague Sean S. Costigan,

“Since the SolarWinds attack affected so many

Fortune 500 companies, including critical

infrastructure entities, once noticed it was

bound to become public. It is a matter of

conjecture as to whether the perpetrators cared

about what collateral damage they caused to

industry and government entities that were less

likely to be targets of interest. According to

SolarWinds, at present count over 18,000

18,000 of its 300,000 customers installed the

malware. It is hard to understate the scale since

SolarWinds counts

the Office of the President of the United States, the

Department of Defense, the NSA, Visa, Mastercard,

Harvard, Subaru, Volvo, Lockheed Martin, Cisco, The

New York Times and thousands more major organizations

among their customers.” (Diplomatic Courier, January 4,

2021)

A More Perfect Union

by Annie Searle