The Department of Justice says hackers accessed emails in its agency during the SolarWinds breach. The Cybersecurity and Infrastructure Security Agency says hackers guessed passwords to gain entry into government systems.
Elisabeth Braw, Visiting Fellow at the American Enterprise Institute, is writing about the SolarWinds breach in Defense One and joined Government Matters to discuss her piece.
She writes, “a massive chorus of voices is calling on Joe Biden, once he takes office, to hit back hard. Deterrence is needed, we’re told … Here’s the thing: we already have deterrence.”
“All countries have deterrence all the time,” Braw told Government Matters. “It’s what they communicate to the world that they are likely to do in case of an attack.”
She explained that as of now, we know the SolarWinds hack was an espionage operation but did not go beyond that. Therefore, we can assume U.S. deterrence is working, because the hacker seems to have chosen not to go any further.
“On the basis of what we know now, if we retaliate massively, we don’t have a way of stepping up in case something even worse happens,” Braw said.
“The reality is, in espionage you try to get as much information as you can. The U.S. is … trying to do the same thing; other countries try to do the same thing,” Braw pointed out. She said if the U.S. were to retaliate, it could provoke similar retaliation from Russia or other countries if they were to find out about a U.S. espionage attempt.
Asymmetric punishment can be used in deterrence, explained Braw, which means responding in an unpredictable way to attacks to increase uncertainty in the adversary and reduce the chance that they will attack to begin with.