Threat Intelligence Blog

Posted June 9, 2016

By Emilio Iasiello, LookingGlass CTIG

In late March 2016, the governments of the Russian Federation and the United States agreed to resume their discussions on cyber security cooperation, progress that had been threatened after the commencement of the Ukrainian crisis in 2014, and Western imposition of sanctions against Russia. The goal of the two governments re-engaging in these discussions was to accelerate the agreements in cyber defense first set forth in their 2013 talks. Additionally, in April 2016, Russia reached out to the United States for assistance in combatting Internet crimes, although no details have been offered as of this writing.

In 2013, Russia and the United States had come to a consensus on certain areas designed to increase transparency and reduce misunderstanding that could inadvertently impact relations between the two governments. An agreement would ultimately build greater trust and foster better cooperation in cyberspace. These areas include:

  • Facilitating closer working relationship between national computer emergency response teams.
  • Using Nuclear Risk Reduction Centers to quickly and reliably contact the appropriate authorities to reduce misperception and escalation due to cyber-related incidents. Early These centers have already been using during Russian preparation for the 2014 Winter Olympics.
  • Creating a direct White House-Kremlin hotline to directly manage a crisis as a result of a cyber incident.

Russia already has a similar plan in place with China; a signed pact in which both governments agreed to not carry out cyber attacks against each other, as well to jointly prevent terrorists from using technology to interfere with internal affairs that might destabilize internal political and socio-economical situations of both countries. The pact solidifies both governments’ views as to their perceptions of the threats in the digital domain to their respective national interests, which are in contrast and serve as a counterbalance to the U.S. and several other Western nations’ positions.

While it’s unlikely that the Russian/U.S. talks will address the same issues as covered in the China pact, it is nonetheless a positive development in continued confidence-building measures between the two cyber powers, particularly given the tenuousness of the current geopolitical climate.

Russian hackers, suspected of acting under the direction or support of the Russian government, are strongly suspected as being the orchestrators of the cyber attacks that disrupted Ukrainian infrastructure. After the U.S. imposed sanctions on Russia in March 2015 for Russia’s involvement in annexing Crimea, the U.S. government and White House networks, as well as those of some businesses, were targets of Then in September 2015, press accounts revealed that the U.S. was considering leveling economic sanctions against Russian companies and individuals for cyber attacks against U.S. commercial targets. Following this, the Pentagon released a statement in November 2015 regarding the intention of the U.S. to wargame cyber scenarios against China, Iran, North Korea, and Russia. An April 2016 statement by the Commander of U.S. Cyber Command specifically identified Russia, as well as China, as possessing the requisite cyber warfare capabilities to inflict harm on U.S. critical infrastructures. Seeing the potential action-reaction of these events, it’s evident why there is a need for transparency, and why a way to combat rapid risk escalation in cyber space is so imperative.

Russian and U.S. reengagement on cyber issues comes at a time when governments are actively seeking to establish cooperative ties with one another. The U.S. and Germany are currently seeking avenues from which to deepen their cooperation, including promoting norms for state behavior in cyberspace and increasing training in developing countries. Russia, too, has been working to collaborate with those governments that share mutual interests. Earlier this year, Russia was in discussions with India on formalizing a “Memorandum of Understanding on Information Security” and perhaps swaying the largest democracy in the world to support their view of how security in cyberspace should be governed.

A restart between the U.S. and Russia is a positive development, if for nothing else than to ensure that incidents in cyberspace aren’t mischaracterized and escalated to a point that involves kinetic responses. In 2015, the United Nations’ Group of Government Experts on cyber-related issues, which includes the U.S. and some of its allies as well as adversaries such as China and Russia, agreed that the international law of armed conflict applies to cyberspace. This, along with the recent G20 no-hack pledge, are important building blocks toward codifying acceptable nation-state behavior in cyberspace.

While fundamental definition differences are not likely to be overcome in the near future, any progress that further enhances the transparency between these two governments will inherently build confidence, reduce aggravated risk, and aid in the stability of cyberspace. Multilateral cooperation requires finding common ground on issues that benefit all states in the global domain, including opposing nations, and cannot be restricted to regional or ideological interests alone.

Therefore, increased cooperation and coordination is a significant step forward, and if agreements are reached, will likely meaningfully impact the growth rate of organic, independent cybercrime, putting unaffiliated criminal groups and entrepreneurial ventures targeting financial targets at much greater risk of exposure and prosecution. Russian law enforcement, and the Russian economy as a whole, have strong motivation to stem the economic loss propagated by cybercriminals. A recent report indicates that Russia lost approximately $3.3 billion USD to cybercrime activities in 2015 – $2 billion in direct losses and the elimination of the consequences associated with the attacks costing $1.3 billion. Thus, increased information flow of any kind will be tremendously useful for Western efforts to identify, predict, and protect against new cyber threats.

That said, one must respect the matrix organization of Russian society, whereby some of the most powerful organizations that employ cyber threat tools may be further shielded and strengthened by increased cross-border cyber cooperation. While increased Russian-U.S. cyber cooperation could result in the capture of many more “small fish,” it may also contribute to a reduction in the ability to correctly identify and protect against the most sophisticated cyber threat actors that live or work throughout Russia.

Additional Posts

Weekly Phishing Report: June 14, 2016

PHISHING REPORT: TOP TARGETS Week of June 5 – June 11, 2016 Being the top industry that is ...

Weekly Threat Intelligence Brief: June 7, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...