US Sanctions on Russia Rewrite Cyberespionage's Rules

Less than four months after the revelation of one of the biggest hacking events in history--Russia's massive breach of thousands of networks that's come to be known as the SolarWinds hack--the US has now sent the Kremlin a message in the form of a punishing package of diplomatic and economic measures. But even as the retribution for SolarWinds becomes clear, the question remains: What exactly is that message? By most any interpretation, it doesn't seem to be based on a rule that the United States has ever spelled out before. On Thursday, the Biden administration fulfilled its repeated promises of retaliation for both the SolarWinds hacking campaign and a broad array of other Russian misbehavior that includes the Kremlin's continuing disinformation operations and other interference in the 2020 election, the poisoning of Putin political adversary Aleksey Navalny, and even older Russian misdeeds including the NotPetya worm and the cyberattack on the 2018 Winter Olympics. The Treasury Department has leveled new sanctions at six cybersecurity companies with purported ties to Russian intelligence services, as well as four organizations associated with its disinformation operations.