For the next months (at least), the focus will be on assessing the damage done, patching up any remaining vulnerabilities, and rooting out hackers who may have used the initial breach to gain “persistent” access to sensitive networks. Rather than downloading all the critical data immediately, the attackers used their access to install additional backdoors and cover their tracks, allowing them to monitor developments over the course of the year. In other words, the hack remains “ongoing”.

The next goal will be to determine the actual purpose of the cyberattack, which will be critical in forming the official response of the U.S. government. If it’s decided this was a more classic attempt at espionage—albeit updated for our 21st century reality—then more defensive cyber tools (like beefed-up firewalls) will be deployed in response to shore up network defenses. A Biden administration would also try do this as part of a coordinated international effort, which makes sense as SolarWinds—a publicly-traded company—has multiple international corporations and other governments as clients as well. The overall U.S. response in this scenario will be measured, part of the business of 21st century politics, and will focus on targeting individuals and entities responsible for the attack, but nothing sweeping against Russia (or whatever state) perpetrated it.

Why not more aggressive? Two critical reasons—the first is that the U.S. has never had solid responses to existing cyberattacks given the amount of confusion inherent in them, and things can quickly escalate unintentionally in the cyber realm. The second, and arguably more critical reason, is that the U.S. engages in similar activities, and escalating the response also runs the risk of exposing covert U.S. activities under way.