Biden administration preparing to sanction Russia for SolarWinds hacks and the poisoning of an opposition leader
The Biden administration is preparing sanctions and other measures to punish Moscow for actions that go beyond the sprawling SolarWinds cyber espionage campaign to include a range of malign cyber activity and the near-fatal poisoning of a Russian opposition leader, said U.S. officials familiar with the matter.
The administration is casting the SolarWinds operation, which hacked government agencies and private companies, as “indiscriminate” and potentially “disruptive.” That would allow officials to claim that the Russian hacking was not equivalent to the kind of espionage the U.S. also conducts, and to sanction those responsible for the operation.
Officials also are developing defensive measures aimed at making it harder for Russia and other sophisticated adversaries to compromise federal and private sector networks, said the officials, several of whom spoke on the condition of anonymity because of the matter’s sensitivity.
Part of the administration’s response, too, will be an attribution statement stronger than the one the intelligence community released in January saying that Moscow “likely” was behind the SolarWinds operation. A White House official said last week that the Russian campaign hit nine U.S. government agencies and about 100 private companies.
But the aim of the various measures, officials said, is to convey a broader message that the Kremlin for years has used cyber tools to carry out an array of actions hostile to the interests of the United States and its allies: interfering in elections, targeting coronavirus vaccine research and creating a permissive atmosphere for criminal hackers who, among other things, have run ransomware botnets that have disrupted American public health facilities.
In a speech to the Munich security conference last week, President Biden said that “addressing . . . Russian recklessness and hacking into computer networks in the United States and across Europe and the world has become critical to protecting our collective security.”
National security adviser Jake Sullivan said Sunday that the response, expected in the coming weeks, “will include a mix of tools seen and unseen, and it will not simply be sanctions.” The bottom line, he told CBS’s “Face the Nation,” is that “we will ensure that Russia understands where the United States draws the line on this kind of activity.”
The administration is also working on an executive order that will improve the Department of Homeland Security’s ability to ensure the resilience of government networks. Part of that is deploying a new technology, a senior administration official said, that gives federal defenders at the department’s Cybersecurity and Infrastructure Security Agency “visibility” into networks that was missing in the SolarWinds hacks.
The punishment for the cyber hacks is intended to be part of broader measures aimed at holding Moscow accountable for other actions, such as its use of a banned chemical weapon against anti-corruption activist Alexei Navalny.
Politico on Monday reported on the administration’s plan to impose sanctions for the poisoning and jailing of Navalny, in coordination with European allies. On Monday Secretary of State Antony Blinken welcomed the European Union’s decision to sanction Russia in response to actions taken against Navalny and his supporters.
The government in January characterized the Solar Winds operation as “an intelligence-gathering effort.” Espionage is an activity the United States and virtually every other country conducts against its adversaries — and even allies. But senior Biden administration officials have said they view the Russian activity as more than just classic espionage.
Last week, Anne Neuberger, deputy national security adviser for cyber and emerging technology, said at a news briefing that “when there is a compromise of this scope and scale, both across government and across the U.S. technology sector . . . it’s more than a single incident of espionage. It’s fundamentally of concern for the ability for this to become disruptive” — damaging computers or undermining their operation.