Research & Analysis

Russia’s SolarWinds Hack: Explaining President’s Biden Retaliatory Measures


In December 2020, the US government revealed that it had been the victim of a cyber offensive that compromised agencies such as the Pentagon and the State Department. The SolarWinds hack, as it came to be known, was allegedly carried out by Russia’s intelligence services and was one of the largest breaches in US history. As a response to the incident, the Biden administration expanded its sanctions against Russia and announced retaliatory cyber action. Yet, despite the severity of the breach, cyber experts view the White House’s response as disproportionate. They argue that the intrusion was not destructive in nature but was instead a targeted espionage campaign, traditionally accepted by American administrations who conduct similar operations. Rather than following the set norms on espionage, President Biden took countermeasures driven by political and experiential factors as well as Russia’s cyber prowess.


The Trump Factor

The first factor that explains Biden’s reaction is the need to differentiate himself from his predecessor, President Trump. The former president was considered soft on Russia and seen as an admirer of authoritarian figures like President Vladimir Putin. By contrast, Biden has emphasised the importance of democratic values, including taking a more adversarial stance towards Russia. Thus, when the SolarWinds breach was made public, and Trump downplayed Russia’s involvement, President-elect Biden promised retribution to underscore his position.

Biden’s hawkish approach to Russia is also a consequence of the Democrats putting the Kremlin at the centre of its reservations about Trump during his presidency. Since the 2016 US election, when Russia interfered in favour of Trump, the Democrats have pushed a narrative of collusion between the two—launching investigations, lawsuits, and media campaigns. By doing so, the party has narrowed the current president’s policy options vis-à-vis Moscow.


Obama’s Legacy

President Biden is also looking to move away from the cybersecurity policy of the Obama administration, in which he served as vice president. President Obama’s cybersecurity legacy was tainted by his inability to deter major breaches by strategic rivals such as China and Russia. By retaliating publicly, a strategy often eschewed by Obama, the current White House intends to dissuade Russia from targeting its networks.

Additionally, Biden’s policy is shaped by his experience of the Obama era’s miscalculated strategy of appeasing Russia. Obama sought to improve the bilateral relationship by making foreign policy concessions to promote cooperation. Russia, on the other hand, annexed Crimea and interfered in the 2016 US presidential election, exposing the failure of a policy of accommodating the Kremlin.


Information Warfare

The third element informing Biden’s chosen course of action is the increasing salience of Russia’s information warfare tactics. During the 2016 US election, Russia hacked and leaked emails to damage Hillary Clinton’s presidential bid—weaponising information to destabilise American democracy. Since then, ‘information warfare’ has become the prevailing lens through which the Kremlin’s cyber operations are viewed. Despite there being no evidence that SolarWinds was anything other than classic espionage, the intrusion has been framed as part of this new mode of warfare, thereby requiring countermeasures.

Russia’s election interference has also led to higher press coverage of its cyber activities, making it harder for Biden not to respond to the intrusion. Since then, the American press has adopted the ‘information warfare’ frame, and has increasingly portrayed the Kremlin as a national security threat. As a result, the SolarWinds breach was extensively reported; more so than other incidents like China’s targeting of Microsoft Exchange servers—a more reckless campaign that took place several weeks later.


The Cyberpower Balance

The need to respond to an act of espionage is also an indication of the changing balance of cyberpower between the US and Russia. Historically, the US has been the dominant force in cyberspace. This superiority is being challenged by the Russian government’s innovative cyber strategy. Rather than attempting to match Washington’s capabilities, it has turned to operations below the threshold of war aimed at exploiting its opponent’s comparative weaknesses. This includes influence operations that take advantage of the US’ open information space, like the 2016 election interference. Ransomware attacks by non-state actors targeting the US digitised economy, while providing deniability to the Kremlin, is also included.



By retaliating to Russia’s SolarWinds campaign, the White House has diverged from international norms on espionage. This departure from traditional US policy is a result of several factors, including Biden’s desire to set himself apart from Trump, and his experience of Obama-era cybersecurity and Russia policy. Moscow’s unconventional cyber operations, such as influence campaigns, have also raised Washington’s threat perception. This is disrupting the cyberpower balance between the two rivals.


The article first appeared on the website of IPCS and views are of author.


Support Ethical Journalism. Support The Dispatch

The Dispatch is a sincere effort in ethical journalism. Truth, Accuracy, Independence, Fairness, Impartiality, Humanity and Accountability are key elements of our editorial policy. But we are still not able to generate great stories, because we don’t have adequate resources. As more and more media falls into corporate and political control, informed citizens across the world are funding independent journalism initiatives. Here is your chance to support your local media startup and help independent journalism survive. Click the link below to make a payment of your choice and be a stakeholder in public spirited journalism


The Dispatch is present across a number of social media platforms. Subscribe to our YouTube channel for exciting videos; join us on Facebook, Intagram and Twitter for quick updates and discussions. We are also available on the Telegram. Follow us on Pinterest for thousands of pictures and graphics. We care to respond to text messages on WhatsApp at 8082480136 [No calls accepted]. To contribute an article or pitch a story idea, write to us at [email protected] |Click to know more about The Dispatch, our standards and policies   

About the author

Pieter-jan Dockx

The author is Researcher, Centre for Internal and Regional Security (IReS)

Add Comment

Click here to post a comment