It strikes me that how we respond to the #SolarWindsHack strategically, in public messaging, and in some ways, even tactically, would be vastly difference had we believed it was GRU, and not SVR intelligence service who was behind it 1/

The reason being that SVR, unlike GRU, has no post Soviet history of conductive destructive attacks or attacks that violate established norms (in cyber or physical worlds).

Another reason probably being that SVR is a civilian intelligence agency, not a military one 2/

This yet again highlights the critical importance of attribution for both strategic and tactical decision making in government and private sector alike.

And the importance of specificity of attribution on multiple levels. Nation State vs Criminal, RU vs CN, GRU vs SVR 3/

A lot of the people currently making unhelpful and dangerous comments such as “this is war” or “we need to punch back” are not making the GRU vs SVR distinction and are treating attribution as simply “The Russians” 4/

This also should serve as an important reminder for Western governments about selection of the right agency for specific offensive cyber missions (ex NSA/CIA vs USCYBERCOM) so as not to send the wrong signal to the adversary about the goal of the operation 5/5