The most surprising thing about the failure of U.S. intelligence to discover for nearly nine months the SolarWinds penetration of U.S. government agencies, reportedly including the State, Energy, and Homeland Security Departments as well as private contractors, is that anyone is surprised. After all, the National Security Agency, responsible for protecting the communications of the U.S. government, had such a massive hole punched in its capabilities by a breach in 2013 that Michael McConnell, the former director of first the NSA and then the Office of National Intelligence, assessed “This [breach] will have an impact on our ability to do our mission for the next 20 to 30 years.”
The proximate cause of the damage was Edward Snowden’s theft of NSA files in June 2013. He was never apprehended because he fled first to Hong Kong, where he met with journalists, and then Russia, where he received sanctuary from Putin. How could such a loss of intelligence not do immense damage to the NSA’s counterintelligence for many years?
According to the unanimous report of the House Permanent Select Committee on Intelligence, Snowden removed from the NSA digital copies of 1.5 million files, including 900,000 Department of Defense documents concerning, among other things, the newly created joint Cyber Command. Other stolen files contained documents from GCHQ—the British signal intelligence service— to which Snowden had access. One NSA file, a 31,000-page database, included requests to the NSA made by the 16 other agencies in the Intelligence Community for coverage of foreign targets.
NSA Deputy Director Rick Ledgett, who headed the NSA’s damage assessment, warned that this database reveals the gaps in our knowledge of Russia, thus provides our adversaries with a “roadmap of what we know, what we don’t know, and gives them—implicitly—a way to protect their information from the U.S. intelligence community’s view.”
Snowden’s theft dealt a savage blow to U.S. intelligence. Whenever sensitive compartmentalized information (SCI) is removed without authorization from the NSA’s secure facilities, as it was by Snowden, it is, by definition, compromised, regardless of what is done with it. Whether Snowden gave these files to journalists, Russians, or Chinese intelligence, or whether he erased them or threw them in the Pacific Ocean, all the sources in them had to be considered compromised—and shut down. So did the methods they revealed.
The Pentagon did a more extensive damage assessment than the NSA, assigning hundreds of intelligence officers, in round-the-clock shifts, to go through each of the 1.5 million files to identify all the fatally compromised sources and methods they contained, and shut them down. This purge reduced the capabilities of the NSA, the Cyber Command, the British GCHQ, and other allied intelligence services to see inside Russia and China.
The damage was deepened by Snowden’s defection to Russia. In a televised press conference on September 2, 2013, Vladimir Putin gloated, “I am going to tell you something I have never said before,” revealing that, while in Hong Kong, Snowden had been in contact with Russian “diplomats.” While Snowden denies giving any stolen secrets to Russia, U.S. intelligence further determined, according to the bipartisan House Permanent Select Intelligence Committee, that he was in contact with the Russian intelligence services after he arrived in Moscow and continued to be so for three years. Both Mike Rogers, the committee’s chair, and Adam Schiff, its ranking minority member, confirmed this finding to me. Fiona Hill, an intelligence analyst in both the Obama and Trump administrations, told the The New Yorker in 2017 that “The Russians, partly because they ‘have’ Edward Snowden in Moscow,’’ possess “a good idea of what the U.S. is capable of knowing. They got all of his information. You can be damn well sure that [Snowden’s] information is theirs.”
After the NSA, CIA, and the Cyber Command shut down the sources and methods Snowden had compromised, McConnell pointed out that entire “generations” of information had been lost. The resulting blind spots in our surveillance of Russia gave Moscow’s intelligence services full latitude to carry out mischief. Russian intelligence services have no shortage of operatives and tools to carry out long-term operations in cyberspace and elsewhere.
In the 2020 SolarWinds penetration, which Secretary of State Mike Pompeo attributes to Russian intelligence, the gaps allowed Russian spies to masquerade as authorized system administrators and other IT workers. The spies could use their forged credentials to copy any material of interest, plant hidden programs to alter the future operations of thousands of workstations in networks inside and outside the government, cover their tracks, and plant hidden backdoors for future access. Though it may take years to find and unravel all the malicious code implanted in these systems, the Cybersecurity and Infrastructure Security Agency has already determined that “this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
This immense compromise of government networks is the inevitable price for allowing a large part of our counterintelligence capability to be compromised in 2013. The perverse irony here is that while Vladimir Putin rewarded Snowden for his contributions with permanent residency, Donald Trump says that he is “looking into” pardoning Snowden for his intrusion into NSA files and betrayal of American secrets.
Photo by Rosdiana Ciaravolo/Getty Images