The December 2020 revelations of a cyber espionage campaign targeting multiple government and private sector organisations in the United States highlighted the continuing challenge of cyber-enabled espionage. The so-called SolarWinds compromise was not the first time that a foreign nation had successfully infiltrated U.S. government networks to steal data and will likely not be the last. In the aftermath of the compromise, policy-makers and lawmakers called for various response actions but with little concept of what forms of response might be effective and appropriate in the context of cyber-enabled espionage.

This study, conducted from March to November 2021, examines prior examples of state-sponsored cyber espionage to see what forms of response the U.S. government considered, what actions it took, and whether those actions changed adversary behaviour or affected other actors’ behaviour. The authors conclude that except in the unique circumstances surrounding the compromise of the Office of Personnel Management in 2015, response actions have had little effect on adversary behaviour, including that of other actors. The report concludes by recommending the use of more-active forms of under-utilised responses, such as counter-intelligence. This research should be of interest to policy-makers in the Executive Branch and analysts in the intelligence community.

The research reported here was completed in January 2022 and underwent security review with the sponsor and the Defense Office of Prepublication and Security Review before public release.