ABSTRACT
In late 2020, the American cyber-security community discovered a widespread breach of private-sector and government networks. A primary vector for the breach appeared to be the hacking of software provided by the US information-technology company SolarWinds. The United States government identified the likely perpetrator as a Russian intelligence agency. Ever since, complex and painstaking technical investigations have been under way into the precise nature and extent of the breach. At the same time, debate has raged about the intent behind the hack and the implications for the cyber policies of the US, and states in general, including whether some form of retaliation is justified. This article examines issues raised by the SolarWinds hack with respect to the cyber-security, offensive-cyber and broader national-security policies of the US and its allies.
