WASHINGTON, Dec 20 (Reuters) – The White House’s new chief of staff said on Sunday President-elect Joe Biden’s response to the massive hacking campaign uncovered last week would go beyond sanctions.

Ron Klain said Biden was looking for ways to fend off suspected Russian hackers who broke into half a dozen US government agencies and left thousands of US businesses exposed. Read more

“These aren’t just sanctions. These are steps and things we could do to degrade the ability of foreign actors to engage in this kind of attack,” Klain said on CBS’ “Face the Nation.”

Options the Biden administration is considering to punish Moscow for its alleged role include financial sanctions and retaliatory hacks on Russian infrastructure, people familiar with the matter told Reuters.

The Kremlin denies any role in the hack. Speaking at an event commemorating the 100th anniversary of Russia’s foreign intelligence agency SVR, Russian President Vladimir Putin praised its work, saying he was impressed by the “difficult professional operations that have been carried out”. Read more

Biden, who becomes president on January 1. 20, would likely have bipartisan support for a tough response to the spy campaign, lawmakers said Sunday.

Republican Senator Mitt Romney said the data breach was “extraordinarily damaging” on NBC’s “Meet the Press.”

“It demands a response,” he said. “It’s something we need to sort out as soon as possible.”

US Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, told ABC that the hack could still continue and that officials have yet to determine its full extent. But he stopped before the aggressive language used by Romney, who called the hack “an invasion.”

“It’s in that gray area between espionage and an attack,” Warner said. Still, he backed Romney’s call for retaliation, saying Washington needed to impress upon adversaries “that if you take this kind of action, we and others will retaliate.”

Adam Schiff, Democratic chairman of the House Intelligence Committee, also said the United States “should deter and respond” – but also invest more in cyber defense.

He told MSNBC that, in some cases, digitally sanitizing US networks “may mean burning down the whole system to make sure that when we rebuild it, they won’t be there.”

Cybersecurity officials and professionals across the US are still struggling to understand the scale of the hacking campaign, which used US tech company SolarWinds (SWI.N) as a springboard to infect the Texas firm’s customers – including the Treasury, Commerce and Energy departments.

Up to 18,000 customers have been left open to hackers, but CEO Kevin Mandia – whose company FireEye (FEYE.O) helped uncover the hack – told CBS he estimated “only about 50 organizations or businesses somewhere in this area” were “genuinely affected.”

Klain told CBS that a lot is still unknown.

“I think there are still a lot of unanswered questions about the purpose, nature and extent of these specific attacks,” he said.

Reporting by Idrees Ali and Susan Heavey, writing by Scott Malone Editing by Sonya Hepinstall

Our standards: The Thomson Reuters Trust Principles.