WASHINGTON — President-elect Joe Biden on Thursday said the United States under his leadership would join with allies to impose "substantial costs" on adversaries who engage in cyberattacks like the massive breach of U.S. government agencies and corporations revealed earlier this month.
"A good defense isn't enough; We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place," Biden said in a statement issued by his transition team.
"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation."
The statement is Biden's first formal response as President-elect to news of the sweeping monthslong cyberattack, which experts say bears the hallmarks of a Russian state-sponsored operation.
It also signals a potential shift to a tougher stance against Russian cyber-warfare tactics than that of the current Trump administration.
Biden noted that his incoming national security team has been briefed on the attacks by career officials at relevant government agencies.
On Wednesday night, the three lead agencies responsible for investigating the attack and protecting the nation from cyber-threats, the FBI, the Cybersecurity and Infrastructure Security Agency, or CISA, and the Office of the Director of National Intelligence, announced the formation of a joint command to respond to what they called "a significant and ongoing cybersecurity campaign" against the United States.
"This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the agencies said in a joint statement.
Both government agencies and private-sector companies targeted in the attack are racing to develop a clearer picture of the full extent of the breach and of the potential damage to U.S. cyber-infrastructure and critical information systems.
The initial investigation suggests the breach was carried out via malicious code hidden in a software update from the widely used IT management company SolarWinds. Russia has denied any involvement in the attack.
In a briefing with congressional staffers this week, CISA officials "warned that the perpetrator of this attack is highly sophisticated, and that it will take weeks, if not months, to determine the total number of agencies affected by the attack and the extent to which sensitive data and information may have been compromised."
The CISA warning was revealed in a letter that Democratic committee chairs in the House sent to top officials at the FBI, CISA and ODNI on Thursday, seeking more details about the attack.
This timeline suggests that it will be Biden, not outgoing President Donald Trump, who is ultimately responsible for determining what retaliatory actions, if any, are warranted against those behind the attacks. Biden will take office on Jan. 20.
Trump has yet to personally respond to the latest attack. White House spokeswoman Kayleigh McEnany said Tuesday that the administration is "taking a hard look on this."
But Utah Republican Sen. Mitt Romney, a frequent Trump critic, called the tepid White House response to the attack "inexcusable."
Trump has maintained an unusually warm relationship with Russian President Vladimir Putin during his four years in office, despite the Kremlin's repeated attempts to undermine U.S. elections and democratic processes and its cyber-warfare campaign.