The extent of the damage done during the months-long assault on some of the nation’s most sensitive government and private computer systems is still unknown. But it appears to be bigger, and more dangerous, than even the huge security breaches at the Office of Personnel Management, Equifax, and thousands more.

According to Microsoft President Brad Smith, it was more than just espionage. It was a stark reminder that the battlefields of the future are online:

It’s critical that we step back and assess the significance of these attacks in their full context. This is not “espionage as usual,” even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency. While the most recent attack appears to reflect a particular focus on the United States and many other democracies, it also provides a powerful reminder that people in virtually every country are at risk and need protection irrespective of the governments they live under.

Even so, the roots of the most recent attack point to Russia, which has sponsored or directly authored previous hacks. How do we combat them? Smith calls for a stronger partnership between “governments and technology companies, primarily to “share information, strengthen defenses and respond to attacks.”

The government may not be the most reliable partner in such an effort. The Government Accountability Office has been sounding the alarm for years about known and serious gaps in federal cybersecurity.

The most recent attack exposed just how big those gaps are – and how they contributed to the recent attack’s apparent success.

Image Credit: Marco Krohn [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)]