When Texas-based technology company SolarWinds was targeted by a cyber-attack in early 2020, the effects were far-reaching. The hackers, believed to be Russian state-backed cyber spies, were able not only to spy on sectors of the US government, including the Department of Homeland Security and the State Department, but also to attack private companies, hospitals and a US university. Pensions were also impacted: Canada’s largest public pension fund, which had recently bought a stake in SolarWinds, lost $100m after the attack.
Both parties now acknowledge that cyber security is an important risk, as both Ben Wallace and John Healey underline below. The fact that the defence secretary himself writes about the issue, rather than leaving it to a junior minister, shows it is finally at the top of the risk register. Wallace’s initiatives to tackle the threat sound serious—he is working with GCHQ and MI6 to strengthen cyber defence.
Healey raises a crucial point though: we cannot be secured without businesses and individuals taking part—our cyber defence cannot just be left up to government. But that leaves the government on a difficult tightrope, allowing the “whole society approach” Healey advocates while keeping the work of spies private.
Somehow, it must open the discussion to the public without blowing open all the detail of what the National Cyber Force is doing—or the enemy will remain one step ahead.