The Times nails it…:
[…] Ciaran Martin, formerly of the GCHQ intelligence agency and now at Oxford University, says that instead of “grandiose visions of covert digital combat”, we need a “towel-round-the-head rethink of markets and regulation”. In short, this attack worked because our systems do not. SolarWinds customers did not act under duress. They bought its products because they were cost-conscious and trusting. Now they are paying the price. Since the dawn of the internet, we have consistently prized convenience, cheapness and capability over security. That works in the short term. It also makes life easier for those who want to attack the availability, confidentiality and integrity of our data.