Russia is no longer afraid of the United States.

Despite the ties of recently resigned National Security Advisor Michael Flynn to Russia and uncertainty over contacts between the Trump Campaign and Russian officials during the election, neither the FBI nor the House Oversight committee seem interested in pursuing a formal investigation into a potential shadow relationship between members of the Trump administration and Russia. Earlier this week, Russia both secretly deployed a cruise missile, in direct violation of the 1987 Intermediate-range Nuclear Forces treaty, and positioned a spy ship off the coast of Connecticut. Furthermore, Donald Trump’s most recent phone call with Vladimir Putin was spent slamming Obama’s New START nuclear arms reduction treaty while boasting about his perceived popularity, which, righteously, has left national security experts worried. But in the aftermath of Russia’s digital interference in the United States election, does Mutually Assured Destruction still guarantee safety and security in a world where Russia is emboldened and cyberweapons are more prevalent and opaque in both their intent and scope of damage? How the White House treats Russia could shape the future of the international security apparatus.

As President, Barack Obama recommended “developing international norms, protocols, and verification mechanisms around cybersecurity” and agreements of mutual restraint in the use of cyberweapons with other sophisticated state actors. These norms, traditionally drafted through the United Nations, would establish the appropriate international use, escalation, and security of cyberweapons. However, mistrust in international institutions and the global liberal order, precipitated by the rise of nationalism across the globe, has muddled that hope and threatened the future of international security.

Both Donald Trump’s transactional foreign policy agenda and Vladimir Putin’s expansionist desire to build a sphere of influence in Eurasia could spell not only the end of America’s reign as the lone world hegemon, but also undermine the institutions and framework that shape global cooperation and stability: assured trust via NATO, peaceful conflict resolution via the World Trade Organization, and collective security via the United Nations. The global world order may soon transition towards a collection of hotly disputed regional spheres of influence over a cosmopolitan liberal democracy.

Nationalist sentiment tends to frame international relations as zero-sum, escalating tensions between countries and inducing military modernization. This increases the risk for miscalculation and conflict–chiefly among neighboring states–exemplified by the Balkans in the 1990s. Growing discontent with the European Union and the threat of a ‘Frexit’ in France could induce the fragmentation of the Eurozone and balkanization of the region. Conflict, however, is less likely to be prevalent on traditional battlefields, but rather shift towards psychological and asymmetric engagement, that is, rogue acts of terror and cyberweapons targeting citizens and critical infrastructure with the primary aim of disrupting normal governmental and societal functions, including inciting internal conflicts between religious, ethnic, and political groups.

This transition to nonlinear forms of conflict makes it imperative that the United States lead the international community to define a framework for responding to cyber threats. The challenge is that the potential danger posed by cyber threats is difficult to measure, which makes it difficult to set a red line. A legal framework for evaluating the potential or incurred impact of a cyber attack, known as Schmitt Analysis, has frequently been used to decide if a state-sponsored cyber attack constitutes a ‘use of force’. While inherently subjective, this framework includes measuring criteria such as severity of the attack, the immediacy of the resulting danger and damage of the attack, how direct there is of causation between the attack and resulting damage, the measurability of the damage done, and the ability to determine responsibility for the attack.

Traditionally, this type of framework would be useful in gauging the impact and retaliatory options for a hypothetical cyber threat, and could, in some capacity, be adopted as international law. Many government and non-state actors launch cyber attacks at other countries and may be deterred from doing so if the resulting consequences were made clear and transparent. The distinction–and problem–in this instance is the nature and damage of Russia’s tactical cyber hacking approach.

Put plainly, Russia hacked their way into DNC emails via a phishing scam, extracted select information they found useful to tilt the election in favor of Donald Trump, and passed it on to Wikileaks to release, which they did without any verification of its authenticity. In other words, Russia initiated an information operation. Russia’s attack on the Democratic National Committee shows that, even within current legal frameworks to evaluate cyber threats, there isn’t a clear bright line for evaluating the extent of damage and responsibility of a digital information operation.

Looking at the magnitude of the attack alone, an information operation is more damaging than traditional espionage. Russia functionally weaponized the information in the DNC emails and, in releasing it, attacked our democratic voting system. Russia’s aim was clear: disrupt societal cooperation and coexistence to secure a psychological and geopolitical advantage in a world order trending towards nationalism.

The U.S. government has multiple options to respond, one of which, sanctions against Russian intelligence agencies, were already passed via executive order by President Obama in January prior to leaving office. Other options include retaliatory cyberwarfare on Russian foreign intelligence–an unlikely and unfavorable situation given that the United States is much more dependent on digital critical infrastructure relative to the rest of the world–or releasing damaging information regarding Putin, his allies, or members of his staff–our own information operation. The latter, like Russia’s attack, is irreversible.

The United States needs to take a hard line against Russia, if only to avoid a potentially catastrophic escalation in cyberspace based off a poor national security precedent. If we don’t, other countries will notice that Russia got away with undermining the democratic process of the world’s most powerful country scot-free, and might use that precedent to justify their own cyber operations, each with their own motives and targets, as well. This slippery slope is why effective cyberdefense policy, as John Carlin, former Assistant Attorney General for National Security, says, rests on placing blame, negotiating agreements of mutual restraint, and establishing a framework, or at least options, for retaliatory measures. However, Trump’s failure to acknowledge Russia’s role during the election and his mistrust in our own intelligence agencies is a sign to state-sponsored hackers that they can stay safely concealed under the veil of information uncertainty. His next steps, including the final content of an already-delayed executive order on cybersecurity, will be watched closely by both our allies and enemies.

With both offensive cyber operations and nationalistic sentiment on the rise, the risk of interstate conflict, intentional or not, is increasing. If we don’t take substantial action against Russia for hacking the foundation of our own democracy, what confidence will NATO member states have that the U.S. will bother to defend them?