Chesney Discusses the Solarwinds Campaign & U.S. Sanctions
May 12, 2021 | Cybersecurity
Professor Robert Chesney, Director of the Strauss Center, James A. Baker Chair in the Rule of Law and World Affairs, and Associate Dean for Academic Affairs at the University of Texas School of Law, recently published a piece on U.S. sanctioning of Russian entities in light of last year’s SolarWinds Orion attack. The sanctions, Chesney explains, resulted from President Biden’s invocation of the Emergency Economic Powers Act to issue an executive order. This order empowers the Treasury Department to identify individuals and entities who were involved in the various activities identified by the executive order, which include election interference, assassinations, and most prominently, “malicious cyber-enabled activities.” After discussing the specific Russian entities who have thus far been identified, Chesney notes that the Treasury Department’s statement on the order is not limited to the SolarWinds Orion campaign and that it encompasses a range of malicious cyber activities conducted by the Russian government. Chesney then dives into the normative aspect of the sanctions, highlighting that the treasury department’s statement does not condemn cyber espionage generally as wrongful. Chesney then highlights the variables identified in the treasury department’s statement which cumulatively appear to have justified the sanctions; the scale of infection, the attacker’s track record, the particular attack vector, the nature of the ultimate targets, and the ultimate financial cost of remediation. Chesney notes that in addition to these five factors, the prominence of this attack in U.S. news cycles throughout the past few months may also have contributed to the Biden administration’s decision to take action. Chesney concludes by discussing the possibility of similar sanctions being placed on China in response to the exploitation of the Microsoft exchange systems. Read the full article here.