Solar Winds attack confirms fears of cyber professionals about nation-state threats

The recent SolarWinds attack that released sensitive data from multiple Federal and local government entities confirmed the worst long-held fear of cybersecurity experts: that organized hacks supported by the resources of nation states were no longer the stuff of dystopian science fiction. This change in attitude was confirmed by a 5% rise in nation-state hacking concerns in the Index of Cyber Security, maintained by the NYU Center for Cybersecurity (CCS) at the Tandon School of Engineering.

The Index of Cyber Security collects sentiment estimates via direct polling of practicing security experts around the world on cybersecurity threat-related issues. Updates are published on a monthly basis on the CCS website,

“When we saw this rise, we immediately connected it to the recent massive third-party software attack involving SolarWinds,” said NYU Tandon Distinguished Research Professor Edward Amoroso, who leads the ICS research team. “The experts who provide data for our index clearly saw this threat as increasing in intensity.”

Amoroso also pointed to another risk indicator that rose during the month, which was a greater concern about attacks specifically aimed at counterparties. That is, instead of targeting devices, systems, or other non-human actors, these attacks are aimed at specific human parties, a change Amoroso notes, “is consistent with the motivation inherent in most nation-state campaigns.”

The December trends cited by Amoroso are illustrated on the website at An article drafted by NYU about these trends can be read here.