Sen. Angus King. Al Drago-Pool/Getty Images Deterrence, no matter the domain, hinges on credibility. The SolarWinds hack, a months-long effort reportedly by the Russian government to compromise core U.S. government agencies and critical infrastructure, has laid bare what many of us have known for years: Despite persistent efforts to protect and defend U.S. interests from malicious cyber activity, the United States lacks the credibility we need to deter our enemies in cyberspace below the level of armed conflict. While some will argue that the SolarWinds campaign is merely espionage and deterrence is not the right approach to counter espionage, one thing is clear: Our adversaries are not sufficiently concerned with the United States hitting them back, either in cyberspace or other domains. There’s little doubt that when the Russian intelligence agencies propose operations to hack into U.S. critical infrastructure, nobody around the table in the Kremlin says, “Wait a minute. If we do this, we’re liable to get whacked.” There’s also no sign that Xi Jinping in Beijing hesitates when Chinese cyber forces set out to steal American intellectual property. America’s adversaries are not sufficiently deterred in cyberspace because we don’t have a track record that changes their calculus.