top of page

Rethinking U.S. Cybersecurity Systems Against Russia

The U.S. has responded to Russia’s aggressiveness in cyberspace. Citing the massive cyber attacks of 2020 linked to Russia against the U.S. Federal Government, President Joe Biden imposed a set of economic sanctions on Russia in the very early months of his presidency. Additionally, he signed an executive order on improving the nation's cybersecurity to “identify, deter, protect against, detect and respond to [cyber attacks] and actors.” 

However, the effectiveness and scale of U.S. policies against Russian aggression remain questionable. The U.S. relies on a combination of hollow public economic sanctions and diplomatic talks and faces deficiencies in patching the vast amount of existing security vulnerabilities. Russia, on the other hand, has been increasingly engaged in exploiting cyber vulnerabilities of not only the U.S. but other countries as well and shows no sign of slowing down. 

Firstly, the effectiveness of economic sanctions has been heavily criticized in political science literature. Myriad studies assert that economic sanctions are not as effective as advertised or they are effective only under certain conditions. 

Russia has been hard at work making international sanctions ineffective against it, from domesticating its economy to fostering illicit trade. Moreover, Russia has historically proven dishonest, frequently breaking international agreements. Relying on diplomatic talks to force Russia to stop its cyberattacks is a mistake.


Overall, the scale and implementation of the U.S. response to Russia’s aggressive cyberspace behaviors are inadequate and weak. There exists a fundamental mismatch in U.S. offensive and defensive cyber capacities. 

Offensively, the U.S. has the capacity to launch some of the most sophisticated cyber attacks against any target. Given this, some have even questioned why the U.S. has engaged more in passive defensive activities rather than actively retaliating by similar acts of aggression against Russia. 

Moreover, defensive U.S. cyberspace systems are often incapable of detecting and preventing Russian attacks due to the poor design of U.S. cyberspace infrastructure. U.S. defensive systems fail against Russia’s attacks because the U.S. prioritizes offensive over defensive tactics. 

With the current policy in action, the U.S. allocates less resources and investment to its cyber defense systems than its offense systems. As long as the offense-defense ratio is unbalanced, one sector will continue flourishing and the other will fail to maintain a similar pace of progress.

The opinions expressed in this article are those of the individual author.

Sayyed Hadi Razmjo was an FPD intern for ONC during the Spring 2022 semester. 


Haass, Richard. "Economic Sanctions: Too Much Of A Bad Thing". Brookings, 2022,

Schneier, Bruce. "The US Has Suffered A Massive Cyber Breach. It's Hard To Overstate How Bad It Is | Bruce Schneier". The Guardian, 2020,

Recent Posts

See All


bottom of page