US-Russia Diplomacy – The “Reset” of Relations in Cyberspace

Aug 5, 2011

By Joshua McGee

Through the expansion of the Internet, cyber security has become increasingly an international issue. Many international organizations and agreements could be used in order to address cybersecurity issues. Historically, the US and Russia have discussed with each other how to address cybersecurity, cyber governance, cybercrime, and cyber warfare. However since 2009, there has been a dramatic shift in the relationship, leading to increased cooperation and bilateral talks. Through this shift, the United States and Russia show that cooperation and progress are still possible in cyberspace despite differences.

It is important for the United States and Russia to cooperate on cyber issues. Russian organized crime is known for being heavily involved in cybercrime that affects many internet users. Through phishing, DDOS, viruses, and Trojans, Russian hackers are able to collect banking information and gain control of personal computers in order to conduct future attacks. Russian law enforcement is largely ineffective in investigating cybercrime because often, elements in the Russian government profit from the highly lucrative business. Russian cybercrime directly affects many US Internet users. Because of these effects, it is in the best interest of the United States to engage with Russia to tackle cybercrime and broader cyber issues. As a permanent member of the UN Security Council, a member of the G8, and a member of the BRICS grouping, it is apparent that Russia is important in the international stage. Because of both countries prominence on the international stage, Russia and the US should constantly have discussions about cyber security, cybercrime, and cyberwarfare.

Overall, Russia has been concerned with creating international regimes to deal with cyber issues. In Russia’s perspective, the absence of a treaty justifies an arms race between nations. Russia has been promoting this “regime” approach through organizations like the United Nations (UN), and more specifically the International Telecommunications Union (ITU). Through the UN and ITU, Russia has promoted organizations such as the World Summit on the Information Society, the ITU High Level Expert Group on Information Security, and the International Multilateral Partnerships Against Cyber Threats (IMPACT). Political implications and protection have always been focal points for Russia when dealing with cyber issues. The Russian Information Security Doctrine from 2000 characterized information security as the “protection of its national interests in the information sphere defined by the totality of balanced interests of the individual, society, and the state.” This “international security” perspective of cyber issues can be seen in their priorities to secure support of state activities, counter destructive ideologies, and counter disruptions of stability and safety and functioning of national information infrastructure.

The United States, however, has traditionally favored a defensive approach and improved cooperation among international law enforcement actors as the central element in international cooperation. The Budapest Convention on Cybercrime Treaty (2001) has been considered to be a major multilateral effort to deal with cybercrime by addressing international law enforcement cooperation. The United States is a signatory of this treaty and has ratified it; Russia is not a signatory. The United States actively coordinates activities between national Computer Emergency Response Teams (CERT’s) to further this defensive approach. While the United States is on the cutting edge of offensive capabilities, this has not been a focal point of its international cooperation. The United States has also very much against the idea of “cyberspace borders” (which Russia supports), and sees it as a direct challenge to democratic principles. The United States is a part of multilateral initiatives such as the ITU, but has had little bilateral interaction with Russia.

In May 2009, the Obama Administration released its set of cyber security policy goals. With many findings based off of CSIS’s report “Securing Cyberspace for the 44th Presidency,” the administration realized that increased participation in international efforts was needed in order to tackle cyber issues. A more focused report on international strategy was released by the administration in May 2011. This was the first step in changing the US’s position in the international community on cyber issues.

In November 2009, the Deputy Secretary of the Russian Security Council met in Washington DC with representatives from the National Security Council, and Departments of Defense, State, and Homeland Security. The meeting was the beginning of bridging the divides that had long separated the two countries on cyber issues. In December 2009, the Russian-backed UN resolution “The Developments in the Field of Information and Telecommunications in the Context of International Security” passed the General Assembly with US support. The resolution successfully addressed both Russian and US concerns and further showed that Russia and the US were on the right track to strengthening relations. Also in December 2009, the New York Times reported that the United States had agreed to discuss cyberwarfare and cyber security with representatives from the UN Committee on Disarmament and International Security. Such talks showed that the US was willing to discuss cyber issues not just on strictly economic and law enforcement terms.

While multiple positive steps were made in the relationship, disagreements persist. In April 2010, Russia proposed a treaty for cybercrime during the 12th pentennial UN Crime Congress, which ultimately failed to be approved because of American and European disagreements concerning national sovereignty and human rights. Instead, the US stated that it still supported the Budapest Convention on Cyber Crime Treaty (2001) as a framework for dealing with cybercrime. Russia’s proposed treaty was very much grounded on the country’s traditional stance on the cyber issues. While there was increased cooperation between the US and Russia, the two countries did not agree entirely with each other’s position.

After a call for a US-Russian bilateral high-level cyber security working group from Moscow in February 2011, US and Russian Delegations met in June with the goal of “preventing misunderstanding and inadvertent escalation of cybersecurity incidents.” The heads of the delegations were the US Cybersecurity Coordinator Howard Schmidt and Russian National Security Council Deputy Secretary Nicolay Klimashin. In a joint statement, the two delegations agreed to exchange military views on cyberspace, implement regular information exchanges between CERT’s, and establish protocols to communicate about cybersecurity issues. The delegations hoped that this increased communication would “[deepen] mutual understanding on national security issues in cyberspace.” Schmidt commented after the meetings that Russia and the US would lead “the way in developing pro-active bi-lateral measures that use cyberspace to more broadly enhance our national and international security.”

Since the Obama Administration’s Cybersecurity Policy Paper in 2009, there has been a clear shift in how the US and Russia discuss cyber issues bilaterally. Not only are high-level officials from both countries now talking to each other on the issue, but also the US and Russia are discussing and cooperating in international organizations such as the UN and expanding the scope of discussions. While there is much work to be done in this relationship, both countries seem to be headed in the right direction to ensure that international cooperation on cyberspace is a flagship initiative for both countries.