NATO Assessing Damage from SolarWinds Hack, Canada Issues Alert

The NATO Western military alliance is assessing the damage caused to its communication networks as a result of a massive hack that has rocked global institutions, including multiple agencies of the U.S. federal government and neighboring Canada.

The infiltration was first uncovered Sunday days after cybersecurity firm FireEye admitted it was hit by an unclaimed attack ultimately attributed to a series of trojanized updates to software company SolarWinds, which services some of the largest public and private institutions around the world.

Among these customers are all five branches of the Pentagon, as well as U.S. military allies spanning the 30-member North Atlantic Treaty Organization (NATO), certain agencies of which use SolarWinds.

A NATO official told Newsweek that the transatlantic mutual defense group has sounded the alarm internally.

"SolarWinds software is used by a wide range of governments and organizations, including some entities in NATO," the official said. "Our experts are currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks."

Originally formed during the Cold War to counter the Soviet Union, the 70-year-old NATO alliance has been forced to rapidly adapt in recent years to a 21st-century battlefield in which the cyber domain has become a top focus.

"Cyber security is a priority for NATO, and our networks are defended 24/7," the NATO official told Newsweek. "Our cyber experts regularly offer support and share information, including through our Malware Information Sharing Platform."

The NATO official asserted the organization is fully prepared to respond in real-time to cyber threats to its member states.

"NATO also has cyber rapid reaction teams on standby to assist Allies 24 hours a day," the NATO official told Newsweek, "and our Cyberspace Operations Centre is operational. For NATO, cyber defence is a core part of our collective defence."

NATO, cyber, coalition, exercise
An image shared November 16 by NATO previews the week-long Cyber Coalition exercise conducted among member states at the time. NATO has swiftly begun to prioritize cyberwarfare in recent years in response to a rapidly changing 21st-century battlefield in which nation states like Russia have been accused of illicit online operations. North Atlantic Treaty Organization

NATO's collective defense doctrine is encoded in Article 5 of its founding treaty, which, at its core, states that "an armed attack against one or more of them in Europe or North America shall be considered an attack against them all."

The definition of such an attack has been left up to individual members and has evolved with the state of the international security environment, where potential threats extend far beyond those posed by enemy standing armies.

In fact, Article 5 has only been formally invoked once, in response to the 9/11 attacks orchestrated by global Islamist militant group Al-Qaeda against the United States in 2001. Other collective defense measures have been taken over the years in response to regional crises in the Middle East, as well as Russia's annexation of the Crimean Peninsula amid the 2014 unrest in Ukraine.

That event served as a landmark in the recent resurgence of great power competition, which has reignited the rivalry between Russia and NATO nations and crept eastward across Europe since the fall of the Iron Curtain.

Reuters and other media outlets have cited unnamed officials identifying Moscow as the top suspect in the SolarWinds hack, which FireEye and Microsoft have attributed to a nation-state, owing to the size and sophistication of the operation.

U.S. Secretary of State Mike Pompeo also told Breitbart News Radio on Monday that "it's been a consistent effort of the Russians to try and get into American servers, not only those of government agencies but of businesses." He also blamed Chinese and North Korean hackers, calling such attacks part of "an ongoing battle, an ongoing struggle to keep our systems safe."

Russian officials have always denied their country engaged in cyberwarfare in the face of accusations by NATO nations, nearly all of whom have accused Russia of illicit online attacks affecting government bodies, political parties and elections.

In response to the recent allegations regarding the SolarWinds issue, Moscow's embassy in Washington has issued a vehement rejection of what it called "unfounded attempts of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies."

"We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations," the embassy said in a statement Monday. "Russia does not conduct offensive operations in the cyber domain."

The embassy stressed a need for more comprehensive cyber cooperation between the U.S. and Russia, noting their previous proposals for such collaboration have gone unanswered.

So far no country has publicly named a culprit, though individual states have followed in U.S. footsteps by taking measures to investigate and mitigate the scope of the crisis.

In a statement sent to Newsweek, Canada's Communications Security Establishment and its Centre for Cyber Security stated that they are "are aware of media reporting about a major cyber incident affecting the U.S. Government," as well as "of SolarWinds' recent disclosure of a security advisory outlining malicious activity impacting SolarWinds Orion Platform resulting from a supply chain compromise."

"We are assessing the situation and continue to work with government partners, including Shared Services Canada, to ensure that our networks remain secure and no information has been compromised," the Communications Security Establishment (CSE) said.

The Cyber Centre stated that it "has issued Cyber Bulletins on this specific cyber incident to government and non-government partners, including critical infrastructure partners." The general public has also been alerted in a separate alert on the matter.

While the extent to which U.S. government systems were compromised is still being measured at home, partners abroad are anxiously assessing whether their own sensitive information shared with U.S. counterparts may have been monitored as well.

solarwinds, customers, list
A partial list of SolarWinds customers as per the company's website as seen on December 14. SOLARWINDS

In addition to being fellow NATO members, the U.S. and Canada are part of other security groups such as the Anglophone Five Eyes group intelligence-sharing treaty, of which Australia, New Zealand and the U.K. are the other three members.

"CSE has a strong and valuable relationship with its Five Eyes alliance partners, including our intelligence and cyber defence counterparts in the United States," the Canadian agency told Newsweek.

The CSE emphasized the importance role communications among the alliance partners plays in their mutual security.

"We regularly share information with our partners that has a significant impact on protecting our respective countries' safety and security," the agency said. "While we can't confirm or deny, or offer specific details on the intelligence shared, threat information to help defend against critical infrastructure threats is regularly shared and acted upon as appropriate."

The Pentagon's cyberwarfare branch told Newsweek on Monday it "is postured for swift action should any defense networks be compromised."

"We are in close coordination with our interagency, coalition, industry, and academic partners to assess and mitigate this issue," the U.S. Cyber Command spokesperson said. "As is our mission, we will continue to conduct cyberspace operations in defense of our Nation."

Steven P. Stover, spokesperson for the U.S. Army's 780th Military Intelligence Brigade, a Cyber Command component, said he was not authorized to discuss operations or with whom specifically the brigade's 21 cyber teams were aligned.

But he did describe the overall mission of the teams.

"Suffice to say, the Brigade's 21 Cyber Teams are aligned under various combatant commands (geographical region), the CNMF, and/or a government agency and support their operations," Stover told Newsweek. "In short those organizations/agencies are responsible for any operation in their respective areas, and we are supporting them with planning and executing an effect as part of a larger team."

Stover confirmed the brigade is "actively engaged against our nation's adversaries in cyberspace and the electromagnetic spectrum."