Biden avenges Russian grayzone aggression


In the grayzone between war and peace, the targeted country always struggles with the dilemma of when and how to respond to aggression. In the United States, neither the Obama administration nor the Trump administration managed to find effective ways of avenging Russian aggression in the grayzone. When the massive SolarWinds hack was discovered, the Trump administration appeared to do nothing, and initially the Biden administration did too. Now, however, Biden has responded with measures that demonstrate the potential for innovative action.

When the extent of the SolarWinds hack became known, there were calls for Trump and then Biden to hit Russia with a major blow. A cyber intrusion that extends across the US government and reaches the top echelons of the US private sector and even foreign governments can’t be tolerated, right? US cyber warriors could, for example, have struck Russian power plants. But from what’s known in the public domain, nothing much happened. Now Biden has presented his response to the SolarWinds attack, which is also a response to Russian election meddling: a mix of predictable diplomat expulsions and sanctions of Russian companies, but also financial punishment. All debt issued by Russia after June 14 will be under US sanctions, meaning US banks are not allowed to buy Russian government bonds.

U.S. President Joe Biden speaks in the East Room of the White House in Washington, D.C., U.S., on Thursday, April 15, 2021. The Biden administration imposed a raft of new sanctions on Russia, including long-feared restrictions on buying new sovereign debt, in retaliation for alleged misconduct including the SolarWinds hack and efforts to disrupt the U.S. election.

“I chose to be proportionate,” Biden said when announcing the measures. “We want a stable, predictable relationship.” Though the measures are clearly more muscular than the standard expulsion of diplomats, they’re far from a massive blow. But in the grayzone, a massive blow is extraordinarily risky because it can lead to escalation all the way to kinetic violence. While Israel is the first to have kinetically avenged cyber aggression — which it did by bombing a Hamas building two years ago — it’s far from certain to be the last. Countries should signal before aggression that they may retaliate with massive blows, but improvisedly doing so after an attack brings enormous risk.

Indeed, the targeted country can’t know whether the original perpetrator will be intimidated by its punishment — or whether the punishment will instead cause the perpetrator to likewise hit back. The lack of rules of engagement in the grayzone makes it so different from traditional — armed — conflicts, where the aggressor knows that a military attack is likely to cause a military response. In the grayzone, the targeted country can ignore the aggression because it usually doesn’t kill anyone and because responding to it brings risks. And remember, the SolarWinds hack was intelligence-gathering, not destruction. All countries engage in intelligence-gathering, in the digital world and the real one. A massive blow against Russia over SolarWinds would practically force Russia to avenge large-scale US cyber espionage in a similar manner.

Biden’s response cocktail demonstrates what targeted countries can do beyond the standard diplomat expulsions. Blocking Russia from access to US capital will also cause the country trouble on international capital markets, but the move is hardly so offensive that Russia would feel compelled to retaliate. In fact, precisely because there are no rules of engagement in the grayzone, targeted countries have a rare opportunity to create new ways of responding. If your country is targeted by cyber aggression, why not retaliate in a completely different area, using only legal tools?

The best example to date is Britain’s response to Russia’s attempted poisoning of Sergey and Yulia Skripal three years ago. Yes, the UK government expelled Russian diplomats and assembled an international coalition of friends who did the same. But it did more. As then-National Security Advisor Mark Sedwill later explained: “We will use different techniques. We need to play to our strengths and focus our attention on their vulnerabilities. We are not going to conduct illegal operations, but there are things we can do. There are some vulnerabilities that we can exploit too.”

“There are some vulnerabilities that we can exploit too” — that’s the recipe for defenders in the grayzone.

Be the first to comment

Leave a Reply