Just how the White House actually plans to respond to the SolarWinds campaign remains far from clear. In comments to CNBC correspondent Eamon Javers, a White House official partially contradicted the Times' story, particularly its description of a "cyberstrike" that was later removed from the article's headline. (The White House didn't respond to WIRED's request for comment.)
That confusion may partly stem from internal debate over potential responses, suggests Jacqueline Schneider, a cybersecurity-focused Hoover Fellow at Stanford University. If so, Schneider says, she hopes it's not too late to steer the White House away from a punitive counterstrike. "My biggest critique would be their framing of SolarWinds as something that was 'unacceptable,'" says Schneider. Biden, for instance, has described the operation as a "cyber assault" and vowed that he won't "stand idly by" in its wake. "I think that norm is going to be almost impossible for them to actually build and really, really hard to enforce," Schneider adds. "And it binds the US's hands in places where we might otherwise have advantages."
Instead of retaliation intended to "signal" something to Russia or define a rule that the US won't want to abide by itself, Schneider suggests that any counterstrike for the SolarWinds campaign should target the hackers' ability to carry out that sort of operation again. It would look less like an effort to punish the Kremlin—such as an equivalent hack of Russian infrastructure or even economic sanctions—so much as a targeted disruption of the machines or networks used by the SolarWinds hackers themselves. Past examples of that sort of counterstrike would be US Cyber Command's retaliation russia solarwinds spying answer
