Twenty-five years ago, a DoD-led joint cybersecurity exercise sounded the alarm of the growing threat faced by ICT. Eligible Receiver #ER97 is the most influential wargame ever. (1/16)

Good chat on the #NCF yesterday with @DrAndrewDwyer @eborghard @tgrossman_ @RichardHarknett @tcstvns #offensivecyber

My new piece on #cyber power and #ukrainerussiawar at Council on Foreign Relations. Cyber experts, policymakers, and practitioners are striving to understand how cyber capabilities have been used since the Russian invasion of Ukra… https://t.co/jiNXBnoT9N

Join us tomorrow!

Great history to capture and appreciate the effort it took to pull this together. This incident helped frame a lot of issues that would be key lessons learned to drive improvements in future responses. https://t.co/laT8QnMCTw

For more on #SOLARSUNRISE, check out the phenomenal resources @NSArchiveCyber, and also read the account in #AFierceDomain by @Jason_Healey. (17/17)

Since the dawn of #SOLARSUNRISE, we’re 25 years older, but are we 25 years wiser? (16/17)

…but there does need to be an operational mechanism that is empowered to coordinate the activities of all the relevant agencies, international partners, state and local governments, and private sector entities.” (15/17)

Vatis: “It’s striking to me that this lesson seems to have to be relearned continually—that there is no single agency that can handle all aspects of detection, warning, investigation, and response…” (14/17)

Michael A. Vatis, first director of the NIPC, revealed that although PPD-63 offered a “presidential imprimatur...the NIPC was stood up by DOJ/FBI in February [1998] – right as #SOLARSUNRISE was happening,” providing the new entity with a trial by fire. (13/17)

Later in 1998, the Clinton White House would release PPD-63, which helped centralize the Federal Government’s cyber response capabilities, including the formal establishment of the National Infrastructure Protection Center [NIPC]. (12/17)

#SOLARSUNRISE confirmed the findings of ER97, and raised a now ubiquitous question: “Who’s in charge here?” (11/17)

This revelation was not very reassuring, as the Clinton White House began asking: if kids can do this, what can determined and sophisticated hackers do? (10/17)

After three weeks of fevered investigations the real perpetrators were identified: two teenagers from Cloverdale, California, under the guidance of an older Israeli teenager, Ehud “The Analyzer” Tenebaum (9/17)

Investigators discovered that Emirnet, an ISP in the UAE – and one of the only internet gateways into Iraq – had been used to facilitate the SOLAR SUNRISE breaches. Pentagon leaders began asking: was the United States the victim of a cyber attack from Iraq? (8/17)

The intrusions into DOD systems coincided with the deployment of roughly 2,000 Marines to Iraq to enforce post-Gulf War negotiated weapons inspections, following the expulsion of US inspectors. (7/17)

Investigators from the FBI, DISA, and DOD were unable to immediately identify the origin of the intrusions. However, a node was identified in the UAE which set off major alarm bells in the Pentagon (6/17)

Other non-military systems were also targeted, including Harvard, Notre Dame, and a commercial entity called Maroon dot com. The variety of intrusion points also made determining the origin difficult (5/17)

The focus of the hackers was on unclassified DOD systems. Intrusions or attempted intrusions were detected at major military installations such as Andrews Air Force Base and the Army Research Lab (4/17)

Coming rapidly on the heels of ELIGIBLE RECEIVER 1997 (ER97), #SOLARSUNRISE looked quite similar, including the breaching of DOD networks by presumed international actors with possible geopolitical motives. But this was no drill (3/17)

Check out the new posting @NSArchiveCyber, “SOLAR SUNRISE After 25 Years: Are We 25 Years Wiser?,” by @Monahan_cyber – https://t.co/tpiUsCk7pC (2/17)