Biden Vows Forceful Response to Suspected Russian Hack of Government Agencies

“The question of the damage done remains to be determined,” Mr. Biden said of the SolarWinds hack, which has compromised at least six cabinet departments and an unknown number of corporate networks. But addressing the fallout would be an “overwhelming focus for my administration,” he said.

The hackers “can be assured that we will respond and probably respond in kind,” the president-elect said. Mr. Biden declined to elaborate, saying he didn’t want to telegraph options for the adversary.

A White House National Security Council spokesman didn’t immediately respond to a request for comment on Mr. Biden’s remarks. Mr. Trump said on Saturday on Twitter that the news media was exaggerating the hack’s severity, and said without elaboration that China rather than Russia could be behind it.

Several Republicans and Democrats in Congress, as well as Secretary of State Mike Pompeo and Attorney General William Barr, have accused Russia of the hack. Moscow has denied responsibility. Mr. Biden said that the attack “certainly fits Russia’s long history of reckless and disruptive cyber activities.”

Speaking during a press conference in Wilmington, Del., Mr. Biden said that he believed Russia was responsible for the hack, which involved corrupting a software update provided by the network-management company SolarWinds that enabled hackers to infiltrate scores of computer systems without detection. Austin-based SolarWinds boasts customers across the federal government and major U.S. businesses, giving the hackers a range of lucrative espionage targets. The hack is widely viewed as a cyber espionage campaign rather than one intended to damage or corrupt computer systems.

The president-elect blamed Mr. Trump for an insufficient focus on cybersecurity, noting the elimination two years ago of a White House cybersecurity coordinator position and another effort to downgrade cybersecurity efforts at the State Department. Last month, Mr. Trump fired Chris Krebs, the top cybersecurity official at the Department of Homeland Security, who would have had a central role in responding to the hack, because Mr. Krebs said the presidential election had been protected from tampering.

“The Trump administration failed to prioritize cybersecurity,” Mr. Biden said. “This happened on Donald Trump’s watch.” Significant compromises of federal systems also occurred during the Obama administration that were linked to both Russia and China, which pilfered more than 20 million background investigation records from the Office of Personnel Management.

For the past several years, intelligence officials have warned that nation-state cyberattacks are a principal national security threat to the country and were being insufficiently addressed. Echoing policies that were pursued during the Obama administration, Mr. Biden pledged to reengage allied partners in a bid to “establish clear international rules and mechanisms to enforce them,” and consult with security experts to better protect his administration.

Mr. Biden also emphasized the need to “impose costs” on nations and criminals who launch cyberattacks against the U.S. to deter them from malicious activity—something both the Obama and Trump administrations attempted with a mix of sanctions, criminal indictments and public accusations that many experts have said had little effect. Officials also say it is more difficult to retaliate against cyber espionage campaigns like the SolarWinds hack because the U.S. engages in similar activity.

While he didn’t articulate detailed or new policy approaches to handling the cyber threats, Mr. Biden’s forceful rhetoric deviated significantly from Mr. Trump’s discussions of the issues. During the 2020 presidential campaign, Mr. Trump once stated “nobody gets hacked” in an apparent attempt to minimize concerns about possible Russian interference in the election.

“Cyber threats are among the greatest threats to our global security in the 21st century,” Mr. Biden said. “I believe we have to treat them with the same seriousness of purpose that we treated threats of other unconventional weapons.”

Write to Dustin Volz at [email protected]