Illuminating SolarStorm: Implications for National Strategy and Policy

March 4, 2021  • Aspen Digital

In December 2020, cybersecurity experts began to unravel an unprecedented security breach affecting potentially thousands of organizations, including key federal agencies and Fortune 500 companies. Fully investigating and remediating this operation—known alternatively as SolarStorm, Sunburst, or Solorigate—will take months or years, but we know some key details:

  • The perpetrators almost certainly acted on behalf of the Russian government, who can claim a tremendous intelligence success against the United States.
  • By exploiting security vulnerabilities in popular software used in government and industry, attackers created the opportunity to devastate thousands of organizations.
  • While software sold by a company called SolarWinds was the initial focus of efforts to learn the true scope and scale of the attack, we now know that the attackers also leveraged other vectors in the software supply chain to compromise private networks.
  • It appears that the attackers only stole data. No publicly available evidence suggests that computing systems or data were destroyed, manipulated, or disrupted.

As the White House and Congress consider the appropriate response to SolarStorm, the Aspen Cybersecurity Group has collected seventeen leading experts to offer concise assessments on a productive path forward for policymakers. Follow the links below each name to read their reactions in full.


Gen. (Ret.) Keith Alexander
Founder & Co-CEO, IronNet Cybersecurity
Member, Aspen Cybersecurity Group

Jamil Jaffer
SVP, IronNet Cybersecurity
Founder & Executive Director, National Security Institute


Dr. Erica Borghard
Senior Fellow, Atlantic Council
Senior Director, U.S. Cyberspace Solarium Commission


Michael Daniel
President & CEO, Cyber Threat Alliance
Member, Aspen Cybersecurity Group


Tiana Demas
Cooley LLP


Michael Garcia
Senior Policy Advisor
National Security Program, Third Way


Trey Herr
Director, Cyber Statecraft Initiative
Atlantic Council


Herb Lin
Senior Research Scholar
Stanford University


Brad Maiorino
Executive Vice President and Chief Strategy Officer, FireEye
Member, Aspen Cybersecurity Group


Katie Moussouris
Founder & CEO
Luta Security


Greg Rattray
Co-Founder & Partner, Next Peak
Member, Aspen Cybersecurity Group


Devon Rollins
Senior Director, Cyber Intelligence
Capital One


Bruce Schneier
Chief Security Architect, Inrupt
Fellow and Lecturer, Harvard University
Member, Aspen Cybersecurity Group


Camille Stewart
Cyber Fellow, Belfer Center Cyber Project
Harvard Kennedy School


Lt. Gen. (Ret.) Vince Stewart
Chief, Innovation and Business Intelligence, Ankura
Former Director, Defense Intelligence Agency


Corey Thomas


Kiersten Todt
Managing Director, Cyber Readiness Institute
Former Executive Director, Presidential Commission on Enhancing National Cybersecurity


“Cuckoo’s Nest” by Ivana Troselj is licensed under CC BY 4.0 / Cropped from original.