By early fall, only the ongoing investigation into the REvil case reminded one of the achievements in the U.S.-Russian cybersecurity collaboration. Despite concerns in the U.S. that Russia would halt proceedings against the Group’s members, the defendants were not released after the conflict broke out.
Russia’s return to full-fledged bilateral contacts with the United States on information security, as well as many other topics, is unlikely until the conflict in Ukraine is over and once the situation normalizes. Until then, Moscow and Washington should focus on multilateral talks, preventing incidents in cyberspace, and maintaining their dialogue on an informal level.
Despite the challenging international environment, negotiations within the Open-Ended Working Group (OWG) in the UN proved relatively stable, its members succeeding to agree on an interim report in July. The OWG was not held hostage to U.S.-Russia disagreements, thanks to the involvement of dozens of countries interested in advancing the cybersecurity debate and achieving tangible results. Russia and the United States should make an effort to keep this format operational for the duration of its mandate until 2025.
Preventing incidents in cyberspace has been the key task on the radar of Russian and U.S. diplomats as well as the military for several years. Yet, no functional mechanisms have been on the table. The 2013 ICT arrangements on confidence-building measures are poorly adapted to the current conflict environment. And attempts to use the 1972 Agreement on the Prevention of Incidents on the High Seas and in the Airspace Above as the analogy have failed. To prevent incidents and possible escalation, Russia and the United States need to exercise restraint in cyberspace. In particular, they need to revisit their permissive attitude toward “friendly” non-government actors.
Since 1998, the UN has annually adopted a Russia-sponsored resolution titled Developments in the Field of Information and Telecommunications in the Context of International Security. A year ago, however, Russia and the U.S. for the first time submitted a joint draft resolution on information security negotiations to the First Committee of the UN General Assembly. According to Andrey Krutskikh, the Russian President’s special envoy for international information security cooperation, the document was one of the high points in the bilateral dialogue between Moscow and Washington on the topic of cyber threats, which resumed in 2021.
The period referred to by Western experts as cyber detente began with preparations for the Russia–U.S. summit in Geneva. Despite certain achievements, it was short-lived and ended with the outbreak of hostilities in Ukraine in February 2022.
Today, cyberspace is a realm of rivalry instead of dialogue between the U.S. and Russia. Even symbolic cooperation in the UN is a thing of the past, and, as was already the case in 2018-2020, this October the General Assembly will discuss not one general, but two competing documents on information security. Russia entered the next draft annual resolution without American assistance, but with the support of a dozen of friendly countries. And the U.S. joined the French-Egyptian initiative to create a UN Program of Action to Promote Responsible Behavior of States in Cyberspace.
Conditions for a renewed dialogue
Throughout Donald Trump’s presidency, U.S.-Russia bilateral talks on information security remained frozen despite repeated proposals coming from Moscow. The topic of Russian interference in presidential elections had been toxic to the Trump administration for all four years, closing off any opportunities for diplomacy. The U.S. President’s HR policy, such as the appointment of John Bolton—an opponent of arms control and U.S. international security obligations in general—as national security adviser, did not help the negotiations either. According to Deputy Foreign Minister Sergey Ryabkov, during Bolton’s visit to Moscow, the Russian side’s attempts “to launch a probing dialogue” on the topic of information security were “flatly rejected.”
The opportunity for renewed dialogue between Moscow and Washington opened up with the change of administration in the White House. Joe Biden’s team is devoid of the political constraints that hampered his predecessor. It has also emphasized its competence in diplomacy, seeking to demonstrate the ability to more skillfully resolve international issues via negotiations.
Although the new administration continued its sanctions policy against Russia based on allegations of cyberattacks and imposed new restrictive measures as early as April 2021, it has taken a more differentiated approach. In May, amid the attack on Colonial Pipeline that sparked a regional fuel crisis on the U.S. East Coast, American officials suggested that the miscreants might be based in Russia, while stressing that they did not believe the Russian government was involved. President Biden informed on his contacts with Moscow about the incident, in effect offering to discuss cooperation on combating cybercrime.
The successful conclusion of multilateral talks on cyber threats in the UN also set a positive tone in preparations for the summit. In 2018, at the behest of Russia and the U.S., two parallel formats for discussing the rules of conduct in cyberspace were launched—the Open-Ended Working Group and the Group of Governmental Experts. Contrary to fears that competition between these groups would cripple the negotiations, the participants managed to adopt consensus reports in both cases. This was due in no small part to mutual understanding between Russian and U.S. diplomats.
The Russia-U.S. summit on June 16, 2021 in Geneva gave a formal start to cyber detente. According to New York Times, the meeting was the first summit of the great powers with cyber instead of nuclear weapons on the agenda. Information security issues featured prominently in the talks between President Vladimir Putin and President Joseph Biden, which led to the launch of bilateral consultations in a working group format.
Working Group on Information Security
The working group was established under the auspices of Russia’s Security Council and the U.S. National Security Council. On the Russian side, it was headed by Deputy Security Council Secretary Oleg Khramov, and by Deputy National Security Adviser for Cyber Issues Ann Nyberger on the U.S. side. The group included diplomatic and law enforcement representatives from both sides. Working without much publicity, by mid-July the group had held four online meetings, in addition to an exchange of emails and phone calls.
Surely, some problems did arise, such as disagreements on the agenda. The U.S. side prioritized the fight against cybercrime, especially the threat coming from crypto jackers. Attacks of encryption viruses had become a tangible problem for U.S. companies, city and hospital administrations in the previous years. The U.S. has pushed for Russia to step up the fight against criminal groups whose members are based in the territory of Russia. Moscow, for its part, was interested in broader discussions, building on Vladimir Putin’s September 2020 proposals to restore U.S.-Russia cooperation on international information security. For example, Mr. Ryabkov called the attention to Vladimir Putin’s September 2020 proposals to restore U.S.-Russia cooperation on international information security. For example, Mr. Ryabkov urged to discuss the prevention of malicious impact on military command and control systems.
The U.S. side needed a broad discussion within the intelligence community to determine what information about suspects of interest should be handed over to their Russian counterparts. According to Mr. Khramov, Moscow believed that the Americans were not guided by the general goal of making the information sphere more secure, but primarily by political logic and the desire to show the domestic audience: “we made the Russians do it [arrest cyber criminals].” Russian law enforcers were also unhappy with the Americans’ failure to provide all the information needed to investigate various crimes.
Nevertheless, the dialogue had borne fruit: Russian and U.S. agencies intensified their contacts on information security and anti-crime issues. In January 2022, based on a request from Washington, the FSB joined hands with the Investigative Committee to conduct an operation against members of REvil, a group known for high-profile attacks using encryption viruses—in particular, against JBS, a major meat-processing company—two weeks before the Geneva summit; and against Kaseya, a software producer, two weeks after the summit. The White House welcomed the action of Russian law enforcement agencies, noting that one of the 14 people arrested was also responsible for the attack on Colonial Pipeline.
However, the main challenge for the working group was not the disagreement between its members, but what was happening outside the consultations – the escalation of tensions around Ukraine in late fall and winter 2021.
Cyber dimension of the conflict
Already during the January operation against REvil, it was not difficult to predict that the armed conflict in Ukraine would bring cyber detente to a halt. Since last December, the U.S. had been signaling through the media that, together with its allies, it was helping the Ukrainian authorities to strengthen their cyber defense and discussing plans for joint action in the event of devastating attacks. After February 24, the Americans channeled all their effort to the support of Ukraine. Cooperation with Russia on cyber issues was terminated: the White House withdrew from the negotiation process and closed the communication channel created after the Geneva summit, without responding to the Kremlin’s proposals to develop joint measures for safeguarding against attacks on critical infrastructure.
The confrontation between hacker groups has not resulted in catastrophic consequences, but it has accompanied hostilities throughout the eight months of the conflict. It is characterized by a wide range of actors with varying skill levels and capabilities, a variety of attack targets, a lack of clear rules, and high intensity.
For U.S.-Russian relations, cyberspace is increasingly becoming a major area of confrontation. In March, Joe Biden issued a warning about possible Russian cyberattacks in response to economic sanctions, which included a message to Moscow: “My administration will continue to use all means to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure. Shortly thereafter, the Russian Foreign Ministry called the large-scale attacks against Russian government institutions, media outlets, and critical infrastructure a cyber aggression by the United States and its allies. This was accompanied by a response to Washington: “No one should have any doubt that cyber aggression unleashed against Russia will have severe consequences for its instigators and perpetrators.”
In fact, the sides exchanged warnings to refrain from escalation in cyberspace. In June, after the Head of the U.S. Cyber Command, Paul Nakasone, spoke about conducting offensive operations in support of Ukraine, the Russian Foreign Ministry once again urged the United States not to provoke Russia to retaliate in cyberspace.
It is difficult to judge how effective these warnings have been, but both Russia and the U.S. turn a blind eye to the crimes of non-government actors attacking the other side. In May, the Russian Foreign Ministry called Killnet, a group that has been attacking the United States and other NATO nations, a “community of Russian programmers.” Washington, on the other hand, does not pay attention to the attacks against Russia by various pro-Ukrainian groups, primarily the IT army, in which citizens of Western nations are involved.
By early fall, only the ongoing investigation into the REvil case reminded one of the achievements in the U.S.-Russian cybersecurity collaboration. Despite concerns in the U.S. that Russia would halt proceedings against the Group’s members, the defendants were not released after the conflict broke out. On the contrary, their detention has already been extended three times. Nevertheless, whatever the role of the arrested members, cybersecurity experts noticed in summer 2022 that REvil had actually got reset and restarted its attacks, albeit on a smaller scale thus far.
Vague prospects
Russia’s return to full-fledged bilateral contacts with the United States on information security, as well as many other topics, is unlikely until the conflict in Ukraine is over and once the situation normalizes. Until then, Moscow and Washington should focus on multilateral talks, preventing incidents in cyberspace, and maintaining their dialogue on an informal level.
Despite the challenging international environment, negotiations within the Open-Ended Working Group (OWG) in the UN proved relatively stable, its members succeeding to agree on an interim report in July. The OWG was not held hostage to U.S.-Russia disagreements, thanks to the involvement of dozens of countries interested in advancing the cybersecurity debate and achieving tangible results. Russia and the United States should make an effort to keep this format operational for the duration of its mandate until 2025.
Preventing incidents in cyberspace has been the key task on the radar of Russian and U.S. diplomats as well as the military for several years. Yet, no functional mechanisms have been on the table. The 2013 ICT arrangements on confidence-building measures are poorly adapted to the current conflict environment. And attempts to use the 1972 Agreement on the Prevention of Incidents on the High Seas and in the Airspace Above as the analogy have failed. To prevent incidents and possible escalation, Russia and the United States need to exercise restraint in cyberspace. In particular, they need to revisit their permissive attitude toward “friendly” non-government actors.
The freezing of official contacts increases the demand for dialogue at the informal (expert) level. Unfortunately, here, too, Russian-American ties have been broken. For example, this year there was a single US representative among the speakers at the international forum “Partnership between the state, business and civil society in ensuring international information security” launched in the 2000s as a platform for interaction between Russia and the West. Moscow and Washington should invest more in the development of such informal platforms and ensure the participation of independent experts to prepare the ground for settling information security disputes in the future.