Lawfare: How Should the U.S. Respond to the SolarWinds and Microsoft Hacks?

Photo: Michael Dziedzic

Over the past two months, news has broken that Russia and China, the United States’s two primary geopolitical adversaries, have both executed major cyber operations against the networks of American companies and government agencies. Though the strategic goals of the two operations might be similar, the execution of the two attacks could not be more different—and when it comes to the United States’s response, these differences matter.

In a new piece for Lawfare, Silverado's Dmitri Alperovitch and Ian Ward analyze the differences between the SolarWinds campaign and and Microsoft Exchange Hacks and argue for a U.S. response that accounts for those differences:

As strange as it may seem, the SolarWinds/Holiday Bear campaign is the sort of cyberespionage campaign that the U.S. should be willing to acknowledge as acceptable under existing international norms: limited in scope, carefully executed, and not designed to destroy, manipulate, or otherwise disrupt data. If the U.S. responds too forcefully to this campaign, it risks removing any incentive for adversaries to adopt such a measured approach in the future.

Read the full piece here.