Conflict and Leadership
The One Who Stands in Our Way Will Help Us: Cybersecurity Issues at the Putin-Biden Summit

Cybersecurity is a pressing issue in bilateral relations. In order to interact efficiently in this area, it is important to break down the wall of misunderstanding in Russian-American relations, writes Valdai Club expert Pavel Sharikov.

In early May, Colonial Pipelines, a major US energy company, suffered a cyberattack: hackers stole data from the company’s information network and demanded a ransom in exchange for control of the lost data. To avoid further incidents, the company suspended its operation of the pipeline for five days. Unlike recent high-profile cyberattacks such as election meddling or SolarWinds, the Colonial Pipelines hack was not tied to the so-called activities of Russian state security agencies. Despite the fact that non-political cybercrimes involving Russian hackers occur on a regular basis in the United States, it is the Colonial Pipelines hack that got special attention from the American government.

American officials, including President Biden himself, have repeatedly emphasised that the suspected hackers are not affiliated with state security agencies. In particular, President Biden began his speech on the development of the American economy by discussing the Colonial Pipelines hack. He announced that he intends to discuss cybersecurity issues with President Putin during their upcoming meeting. President Biden said that “so far, there is no evidence based on — from our intelligence people that Russia is involved. Although there is evidence that the actors — ransomware — is in Russia. They have some responsibility to deal with this.” Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, also confirmed that the DarkSide hacker group is not affiliated with the Russian authorities.

In Russia, Washington’s statements were perceived by many as another round of the “Russophobic campaign.” But one fundamental point remains worthy of attention: the hacker attack is not linked to the activities of the Russian government or special services.

On the contrary, it is alleged that the attack was carried out by an independent hacker group with no ties to the Russian military or special services. Moreover, a statement was circulated on the Internet on behalf of the DarkSide group hackers that their goals are not political, and are solely related to financial ransom. The American press circulated DarkSide’s statement that their goal was “to make money and not create problems for society”. It was argued that “next time hackers will be more careful in choosing their victim”. Interestingly, the DarkSide group had previously been mentioned in reports by various cybersecurity services as “Robin Hood-style ransomware”. In particular, in October 2020 it was reported that DarkSide donated some of the money to charity.

The incident attracted a lot of attention. Government agencies have issued guidelines to counter threats related to monetary extortion. Major cybersecurity companies have also published their investigations about the DarkSide. It was confirmed that its participants were Russian-speaking, but there was no evidence of their connection with Russian state structures.

Interestingly, this is not the first time the United States has accused Russian hackers of cybercrime. The Russian hacker is a new stereotype about Russia in the United States, and this isn’t simply due to the scandal surrounding alleged interference in US elections. There is a high demand for Russian specialists in the American IT sector. However, there is also a negative side: many Russian citizens are on the wanted list, charged or convicted of cybercrimes. Reports of such crimes appear in the American media literally every week, which, of course, creates a negative background and image.

A special feature of the Colonial Pipelines incident is increased attention from the White House. Less than a week after the incident, Biden signed an executive order on cybersecurity. The document contains updated language related to the requirements for software used in government agencies and in critical infrastructure. The focus is on supply chains, which is obviously aimed at preventing incidents like SolarWinds. But the decree pays special attention to cooperation between the state and business in the field of cybersecurity.

Noteworthy is the fact that the attack against Colonial Pipelines took place during the preparation of the first summit between the president of Russia and the new president of the United States, during which, apparently, issues of cybersecurity will be also discussed.

If we do not find new approaches to discuss this problem, we risk again getting, at best, an exchange of tough statements about interference in internal affairs, and at worst — another round of escalation and sanctions.

Obviously, the interference is understood in different ways in Russia and the United States, so it is impossible to work out a mutually acceptable solution to this problem. Moreover, the options offered by one side are unacceptable to the other.

The United States is in favour of a free market which provides opportunities for the development of the commercial sector. The responsibility of the government is limited only to the protection of government information resources. In recent decades, the United States has been in search of an optimal model for interaction between the state and business in the field of information security. The IT sector, being the locomotive of the national economy, demanded state protection, but has resisted excessive regulation and control. With the Biden administration in power, the United States continues to form a unique system of public-private partnerships in the field of cybersecurity.

The Russian authorities have a different view of the very nature of the information security threat. In this regard, the solutions proposed by the Kremlin imply a strengthening of state control over the information sphere. Americans believe that such a policy impedes economic growth, and that excessive state control over the information sphere is a threat to information security.

In order to get out of the vicious circle of mutual accusations, one can propose an approach that has already been used many times in Russian foreign policy, and even in Russian-American relations: to divide the whole range of issues into several baskets.

In the first basket, it is logical to discuss ways to reduce risks in bilateral relations. The accusations that we present to each other are very serious. The stakes are constantly increasing, and the Russian and American expert communities have sounded the alarm: an incident in cyberspace could provoke a military escalation. This basket can be called “military-political” and discussed in the context of the arms control agenda.

In another basket, it is logical to discuss joint interaction at the state level against cyber threats from third actors (state and non-state). In this basket it is logical to discuss countermeasures against the DarkSide hacker group. If the crime was indeed committed by a hacker group operating within of Russia, Moscow could have no reason to obstruct the investigation of this crime, not to mention America. This basket can be called “legal”. Objectively, Russia and the United States are not the only actors in cyberspace that pose a threat to each other’s national security. The system of international relations will become more stable and safer if Moscow and Washington join forces against this threat.

Within the framework of the third, “international” basket, it is logical to continue the development of international legal norms that ensure the security of the information space. Russia and the United States have already achieved successful results in the Open-Ended Working Group, and the Government Experts Group is expected to complete its work in late May. It would be wrong not to mention this at the meeting of the two presidents.

Cybersecurity is a pressing issue in bilateral relations. In order to interact efficiently in this area, it is important to break down the wall of misunderstanding in Russian-American relations.

It is important to recognise that Russia is unlikely to be able to find out what data has compelled the United States to consider the GRU and the SVR responsible for cyberattacks. At the same time, it is worth recognising that Russia hasn’t been able to find arguments to convince the United States that Moscow’s intentions are not aggressive.

It is important not to miss the current chance that Washington is avoiding accusations against the Kremlin in the context of the attack on Colonial Pipelines. A discussion on cybersecurity issues at the historic bilateral summit is inevitable, so in order not to repeat traditional reproaches, it is possible to discuss joint measures to counter threats such as DarkSide. Moreover, in the past, there have already been examples of cooperation in this area.

On May 13, Colonial Pipelines resumed operations. We can assume that the crisis has passed and been resolved without significant losses. This episode should be seen as an opportunity for dialogue with the United States on cybersecurity. The Biden administration’s emphasis on the fact that Russian special services were not involved in hacking provides an opportunity for the parties to come up with initiatives to counter cybercrimes jointly.

Russia and Global Security Risks
Information Threats and Arms Control: Is Russian-US Dialogue Possible?
Pavel Sharikov
Russia’s negative image as a “cyber aggressor” makes it more difficult for it to suggest arguments on the peaceful use of information technology to the Americans. The search for a common denominator is complicated by the fact that Moscow and Washington have completely different interpretations of interference, writes Valdai Club expert Pavel Sharikov.

Expert Opinions
Views expressed are of individual Members and Contributors, rather than the Club's, unless explicitly stated otherwise.