By Pieter-Jan Dockx *
In December 2020, the US government revealed that it had been the victim of a cyber offensive that compromised agencies such as the Pentagon and the State Department. The SolarWinds hack, as it came to be known, was allegedly carried out by Russia’s intelligence services and was one of the largest breaches in US history. As a response to the incident, the Biden administration expanded its sanctions against Russia and announced retaliatory cyber action. Yet, despite the severity of the breach, cyber experts view the White House’s response as disproportionate. They argue that the intrusion was not destructive in nature but was instead a targeted espionage campaign, traditionally accepted by American administrations who conduct similar operations. Rather than following the set norms on espionage, President Biden took countermeasures driven by political and experiential factors as well as Russia’s cyber prowess.
The Trump Factor
The first factor that explains Biden’s reaction is the need to differentiate himself from his predecessor, President Trump. The former president was considered soft on Russia and seen as an admirer of authoritarian figures like President Vladimir Putin. By contrast, Biden has emphasised the importance of democratic values, including taking a more adversarial stance towards Russia. Thus, when the SolarWinds breach was made public, and Trump downplayed Russia’s involvement, President-elect Biden promised retribution to underscore his position.
Biden’s hawkish approach to Russia is also a consequence of the Democrats putting the Kremlin at the centre of its reservations about Trump during his presidency. Since the 2016 US election, when Russia interfered in favour of Trump, the Democrats have pushed a narrative of collusion between the two—launching investigations, lawsuits, and media campaigns. By doing so, the party has narrowed the current president’s policy options vis-à-vis Moscow.
President Biden is also looking to move away from the cybersecurity policy of the Obama administration, in which he served as vice president. President Obama’s cybersecurity legacy was tainted by his inability to deter major breaches by strategic rivals such as China and Russia. By retaliating publicly, a strategy often eschewed by Obama, the current White House intends to dissuade Russia from targeting its networks.
Additionally, Biden’s policy is shaped by his experience of the Obama era’s miscalculated strategy of appeasing Russia. Obama sought to improve the bilateral relationship by making foreign policy concessions to promote cooperation. Russia, on the other hand, annexed Crimea and interfered in the 2016 US presidential election, exposing the failure of a policy of accommodating the Kremlin.
The third element informing Biden’s chosen course of action is the increasing salience of Russia’s information warfare tactics. During the 2016 US election, Russia hacked and leaked emails to damage Hillary Clinton’s presidential bid—weaponising information to destabilise American democracy. Since then, ‘information warfare’ has become the prevailing lens through which the Kremlin’s cyber operations are viewed. Despite there being no evidence that SolarWinds was anything other than classic espionage, the intrusion has been framed as part of this new mode of warfare, thereby requiring countermeasures.
Russia’s election interference has also led to higher press coverage of its cyber activities, making it harder for Biden not to respond to the intrusion. Since then, the American press has adopted the ‘information warfare’ frame, and has increasingly portrayed the Kremlin as a national security threat. As a result, the SolarWinds breach was extensively reported; more so than other incidents like China’s targeting of Microsoft Exchange servers—a more reckless campaign that took place several weeks later.
The Cyberpower Balance
The need to respond to an act of espionage is also an indication of the changing balance of cyberpower between the US and Russia. Historically, the US has been the dominant force in cyberspace. This superiority is being challenged by the Russian government’s innovative cyber strategy. Rather than attempting to match Washington’s capabilities, it has turned to operations below the threshold of war aimed at exploiting its opponent’s comparative weaknesses. This includes influence operations that take advantage of the US’ open information space, like the 2016 election interference. Ransomware attacks by non-state actors targeting the US digitised economy, while providing deniability to the Kremlin, is also included.
By retaliating to Russia’s SolarWinds campaign, the White House has diverged from international norms on espionage. This departure from traditional US policy is a result of several factors, including Biden’s desire to set himself apart from Trump, and his experience of Obama-era cybersecurity and Russia policy. Moscow’s unconventional cyber operations, such as influence campaigns, have also raised Washington’s threat perception. This is disrupting the cyberpower balance between the two rivals.
*Pieter-jan Dockx, Researcher, Centre for Internal and Regional Security (IReS)