The turmoil in Ukraine has cast a shadow of uncertainty over the next chapter of U.S.-Russian cybersecurity talks, which last year led to the creation of a White House-Kremlin cybersecurity crisis hotline -- thus far, never used, according to U.S. officials.
White House cybersecurity coordinator Michael Daniel told Inside Cybersecurity in a brief interview that the Ukrainian crisis had complicated bilateral relations on cybersecurity and other issues. The Obama administration recently announced it was suspending some bilateral meetings on various matters on a case-by-case basis. President Obama met Wednesday with Ukraine's president and again urged Russia to respect Ukraine's territory.
"At this point in time, it is premature to tell how the crisis might affect our efforts to cooperate with the Russia Federation on cybersecurity," a State Department spokesman said. Prior to the crisis erupting, U.S. officials were in the process of attempting to schedule the next round of bilateral cybersecurity meetings sometime this spring, but no firm dates had been agreed on. The prospect for arranging the talks has yet to come into focus and the White House has not announced any decisions about upcoming bilateral cyber meetings.
The White House-Kremlin direct secure voice communications line became operational last November, the spokesman said. Plans for the hotline were announced months earlier as part of a bilateral agreement on information and communications technology security. The pact also called for creating a new U.S.-Russian cyber working group, under the auspices of the Bilateral Presidential Commission; working on confidence-building measures; building links between computer emergency response teams (CERTs); and exchanging notifications through the Nuclear Risk Reduction Centers.
"The communication links covered in this agreement, with the exception of the CERT-CERT link, are intended to address cyber incidents of concern appearing to emanate from the territory of either the United States or Russia," the State Department spokesman said. "To date, neither country has identified activity that meets the threshold for the use of the direct secure voice communication line," the official said on March 7.
U.S. and Russian officials are in the process of completing the implementation of the links to exchange technical information between the U.S. and Russian CERTs. Both sides are also working to implement the exchange of notifications through the Nuclear Risk Reduction Centers. "Test messages have been exchanged," the spokesman said.
Vice Adm. Michael Rogers, the White House's nominee to lead the National Security Agency, said this week that Ukraine is facing cyber "challenges," but he declined to say whether U.S. officials think the Russian government is responsible. "We clearly see that there's an ongoing cyber element to the challenges in the Ukraine at the moment," he said at his confirmation hearing. The specifics ought to be discussed in a "classified setting," he said. Rogers agreed that Russia has very sophisticated cyber capabilities capable of doing considerable damage to Ukraine's critical infrastructure.
Also this week, in a speech at the State Department, National Security Adviser Susan Rice underscored the international scope of cybersecurity concerns, noting they "can only be met with a global effort -- one that marshals the resources and resolve of both the public and private sectors."
U.S. and Russian officials held the first cyber working group meeting on Nov. 21–22, 2013, in Washington. Daniel and Russian Deputy Secretary of the Security Council Nikolay Klimashin chaired the meeting, and State Department Coordinator for Cyber Issues Christopher Painter and Russian Special Coordinator for Political Affairs in the Use of Information Communication Technologies Andrey Krutskikh served as the co- coordinators. A key part of the discussion concerned the implementation of the bilateral confidence-building measures announced last June by Obama and Russian President Vladimir Putin.
At the December Ministerial of the Organization for Security and Cooperation in Europe, the 57 participating states, including the United States and Russia, announced the first ever cyber confidence-building measures for a regional security organization. The measures seek to boost interstate cooperation, transparency, predictability and stability. "Over the coming year, the participating states will work to implement these initial CBMs while also developing additional cooperative measures," the State Department spokesman said.