Tuesday, June 30, 2015

U.S.-Russian cybersecurity talks face uncertainty amid Ukrainian crisis

Posted: March 13, 2014
Bookmark and Share

The turmoil in Ukraine has cast a shadow of uncertainty over the next chapter of U.S.-Russian cybersecurity talks, which last year led to the creation of a White House-Kremlin cybersecurity crisis hotline -- thus far, never used, according to U.S. officials.

White House cybersecurity coordinator Michael Daniel told Inside Cybersecurity in a brief interview that the Ukrainian crisis had complicated bilateral relations on cybersecurity and other issues. The Obama administration recently announced it was suspending some bilateral meetings on various matters on a case-by-case basis. President Obama met Wednesday with Ukraine's president and again urged Russia to respect Ukraine's territory.

"At this point in time, it is premature to tell how the crisis might affect our efforts to cooperate with the Russia Federation on cybersecurity," a State Department spokesman said. Prior to the crisis erupting, U.S. officials were in the process of attempting to schedule the next round of bilateral cybersecurity meetings sometime this spring, but no firm dates had been agreed on. The prospect for arranging the talks has yet to come into focus and the White House has not announced any decisions about upcoming bilateral cyber meetings.

The White House-Kremlin direct secure voice communications line became operational last November, the spokesman said. Plans for the hotline were announced months earlier as part of a bilateral agreement on information and communications technology security. The pact also called for creating a new U.S.-Russian cyber working group, under the auspices of the Bilateral Presidential Commission; working on confidence-building measures; building links between computer emergency response teams (CERTs); and exchanging notifications through the Nuclear Risk Reduction Centers.

"The communication links covered in this agreement, with the exception of the CERT-CERT link, are intended to address cyber incidents of concern appearing to emanate from the territory of either the United States or Russia," the State Department spokesman said. "To date, neither country has identified activity that meets the threshold for the use of the direct secure voice communication line," the official said on March 7.

U.S. and Russian officials are in the process of completing the implementation of the links to exchange technical information between the U.S. and Russian CERTs. Both sides are also working to implement the exchange of notifications through the Nuclear Risk Reduction Centers. "Test messages have been exchanged," the spokesman said.

Vice Adm. Michael Rogers, the White House's nominee to lead the National Security Agency, said this week that Ukraine is facing cyber "challenges," but he declined to say whether U.S. officials think the Russian government is responsible. "We clearly see that there's an ongoing cyber element to the challenges in the Ukraine at the moment," he said at his confirmation hearing. The specifics ought to be discussed in a "classified setting," he said. Rogers agreed that Russia has very sophisticated cyber capabilities capable of doing considerable damage to Ukraine's critical infrastructure.

Also this week, in a speech at the State Department, National Security Adviser Susan Rice underscored the international scope of cybersecurity concerns, noting they "can only be met with a global effort -- one that marshals the resources and resolve of both the public and private sectors."

U.S. and Russian officials held the first cyber working group meeting on Nov. 21–22, 2013, in Washington. Daniel and Russian Deputy Secretary of the Security Council Nikolay Klimashin chaired the meeting, and State Department Coordinator for Cyber Issues Christopher Painter and Russian Special Coordinator for Political Affairs in the Use of Information Communication Technologies Andrey Krutskikh served as the co- coordinators. A key part of the discussion concerned the implementation of the bilateral confidence-building measures announced last June by Obama and Russian President Vladimir Putin.

At the December Ministerial of the Organization for Security and Cooperation in Europe, the 57 participating states, including the United States and Russia, announced the first ever cyber confidence-building measures for a regional security organization. The measures seek to boost interstate cooperation, transparency, predictability and stability. "Over the coming year, the participating states will work to implement these initial CBMs while also developing additional cooperative measures," the State Department spokesman said.

But the norms are voluntary -- and in December, Russia added interpretative guidance stating that Russia will be "guided in its implementation by a firm commitment to the principles of non-interference in the internal affairs of States, their equality in the process of Internet governance and the sovereign right of States to Internet governance in their national information space, to international law and to the observance of fundamental human rights and freedoms." -- Christopher J. Castelli (This e-mail address is being protected from spambots. You need JavaScript enabled to view it )


Free Trial

Inside Cybersecurity is a subscription-based premium news service for policy professionals who need to know about evolving federal policies to protect cyberspace.

Sign up for a free one-month trial to Inside Cybersecurity. You'll get a morning email Daily Report each business day, news alerts throughout the day, access to hard-to-find policy documents and reports, and our exclusive Weekly Analysis every Monday.

Subscribe now and save 50%. Your free trial will include this special introductory offer: You'll save 50% off the first-year subscription price for Inside Cybersecurity. You'll pay just $447.50 for a full twelve months of service for a single-reader license. This is an unbeatable deal for exclusive news on the hottest issue in federal policymaking.

Additional readers can be added to a single-reader license for just $200 each, up to five. The 50% discount will be applied to the entire cost of the license. If you have more than five readers, or would like an organization-wide site license, even further discounts will apply. Contact steve.reilly@iwpnews.com or call 703-562-8992.

Form for a free trial

Get exclusive news on the cybersecurity debate in Congress and more.

Sign up for a free one-month trial to Inside Cybersecurity for daily news and analysis on emerging federal standards for cybersecurity, including the debate over information sharing, liability waivers and privacy protections.

Form for a free trial

Already a subscriber? Click here to log in.