As President Joe Biden and his administration warn the United States to prepare for potential cyber attacks associated with Russia’s war in Ukraine, Moscow’s top cyber diplomat told Newsweek ahead of a potentially key meeting next week that he is seeking to work with Washington in the digital realm rather than confront it.
“Modern life is impossible without information and communications technologies (ICTs),” the Kremlin’s special representative for cooperation in the field of information security, member of Presidium NAMIB, Andrey Krutskikh, told Newsweek. “They determine our well-being, security and survival. Relying on them, we can become richer or lose all our savings. They are transboundary and almost all-mighty.”
“Amidst this reality,” he added, “the main task is not to frighten each other with digital means, but to try to reach agreements before it is too late.”
Krutskikh, who also serves as director of the Russian Foreign Ministry’s Department of International Information Security, was once a member of a Moscow delegation that negotiated with Washington on strategic offensive arms in talks between the world’s top two nuclear weapons powers.
But as cyber warfare becomes increasingly recognized as a potential weapon of mass destruction in its own right, Krutskikh outlined why maintaining dialogue on cyber issues was critical to avoiding an escalation in the military realm.
“A cyberattack, be it accidental or intended, including [one] perpetrated under false flag, can easily trigger escalation between states, leading to a full-scale confrontation,” Krutskikh said. “Ensuring international information security, therefore, becomes one of the key factors that directly influence strategic stability.”
He argued that the stakes have never been higher, as “recently, the world has witnessed a blatant outburst of information crime.”
“Hacker groups tend to target their activities at big businesses, banks and financial institutions,” Krutskikh said. “Traditional principles of entrepreneurship collapse. The dependence of humanity on ever evolving ICTs makes all of us vulnerable to threats of their malicious use. Further progress is impossible without ensuring cybersecurity.”
These threats, he asserted, “are aggravated by the anonymity in information space as it impedes finding source of harmful activities.”
“An imaginary enemy will mislead efforts to fight the real one,” Krutskikh warned. “In these circumstances cybercrime is frequently used to disguise attacks against critical infrastructure, undermine political and economic situation of governments. An abrupt cut in electronic communications in areas like healthcare, water, sanitation or energy is equal to an emergency situation that can entail severe consequences and even loss of people’s lives.”
He sees dangers in the cyber realm similar to those in the physical world that have long carried warnings of mutually assured mass destruction.
“The danger is that a global ecological, anthropogenic or socio-economic disaster can be provoked in cyberspace by a political miscalculation, negligence or, as Senator J. William Fulbright once wrote, by ‘arrogance of power,'” Krutskikh said.
Avoiding such a disaster was a driving factor in cybersecurity talks held by Biden and Russian counterpart Vladimir Putin during their first summit held June 2021 in Geneva.
The Russian leader had drawn up a four-point proposal for cooperation on cybersecurity in September 2020, one that in many ways echoed the arms control treaties of the Cold War era.
The main tenets of the plan involved creating a “full-scale bilateral and regular interagency dialogue on key questions” of cybersecurity, communicating through existing bodies dealing with nuclear and computer readiness.” It also included the establishment of new rules of the road mirroring U.S.-Soviet agreements on avoiding maritime incidents while securing mutual “guarantees of non-intervention into internal affairs of each other.”
“We were clear and candid with the suggestion to undertake concrete steps that would contribute to better security and trust,” Krutskikh argued.
And while working-level talks ensued, he said that “there was no concrete reaction to our proposal.”
Newsweek reached out to the State Department and White House for comment, but did not receive a response in time for publication.
The new push for cyber diplomacy from Moscow came just as Biden issued a warning Tuesday suggesting Russia may be planning hostilities in the digital realm as the country faces stiff political and economic backlash as a result of its ongoing “special military operation” launched nearly a month ago against neighboring Ukraine, a partner and aspiring member of the U.S.-led NATO military alliance.
“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience,” the president said. “I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook.”
“Today,” he added, “my administration is reiterating those warnings based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
Biden vowed his administration “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure,” but acknowledged that “the federal government can’t defend against this threat alone,” and appealed for the private sector to shore up its defenses.
Hours later, White House deputy national security adviser for cyber and emerging technologies Anne Neuberger clairifed that “there is no evidence of any specific cyberattack that we’re anticipating,” but rather “some preparatory activity that we’re seeing, and that is what we shared in a classified context with companies who we thought might be affected.”
Such activity, she explained, “could mean scanning websites; it could be hunting for vulnerabilities,” adding that “there’s a range of activity that malicious cyber actors use, whether they’re nation state or criminals.”
But Neuberger said “the most troubling piece” of the latest assessments was that “we continue to see known vulnerabilities, for which we have patches available, used by even sophisticated cyber actors to compromise American companies, to compromise companies around the world, and that makes it far easier for attackers than it needs to be. “
Pentagon Press Secretary John Kirby also said he could not offer any specifics, but told reporters during a separate press conference that same day that “building cyber resilience and cyber defenses is something that’s an ongoing process here.”
Later Monday, when the president addressed a roundtable of CEOs on the potential Russian threats, he appeared more certain that something was in the works.
“The magnitude of Russia’s cyber capacity is fairly consequential,” Biden said, “and it’s coming.”
Biden previously described U.S.-Russia relations as having undergone a “complete rupture” as a result of the conflict in Ukraine, against which Moscow has been accused of using cyberwarfare.
The U.S. leader’s branding of Putin as a “war criminal” has evoked a near-identical warning from the Kremlin, threatening to sever relations between two countries whose long-strained relationship managed to survive the entirety of the Cold War.
Even at this all-time low, though, Krutskikh said there is still an opportunity to work together to prevent an all-out confrontation in cyberspace.
“Regardless of geopolitics, Russia remains open for dialogue and cooperation on information security with all states, and the United States is not an exception,” Krutskikh told Newsweek.
“As long as our countries bear special responsibility for ensuring global peace and security,” he added, “Russia invited its partners from the U.S. to establish foundations for bilateral interaction in cyber domain.”
He pointed to prior initiatives stemming back to 1998, when cybersecurity first appeared on the United Nations agenda, the result of a Russian draft resolution on the topic introduced to the First Committee of the UN General Assembly, which was later adopted. Two decades later, Russia initiated the launch of the U.N. Open-ended Working Group, a format that Krutskikh likened to “a sort of cyber General Assembly.”
“Our efforts are aimed at ensuring that cyberspace remains an arena of dialogue and cooperation, not settling scores,” Krutskikh said. “This is the only way to guarantee security for end-users around the world. States should play the leading role and have equal rights in this process.”
Next Monday, the U.N. Open-ended Working Group is set to holds its second substantive session at the U.N. Headquarters in New York, and Krutskikh said Russia would continue to campaign there for “a just international legal regime” to govern cybersecurity, because “the existing voluntary and non-binding norms of behavior enshrined in the UN General Assembly resolutions are not enough.”
“Imagine what would our everyday life look like if there were no traffic rules or if they were not mandatory? Chaos, not to say more,” Krutskikh said. “Similarly with ICTs: in the absence of international legal regulation we are walking through a minefield.”
Moscow’s vision of such a multilateral cyber scheme includes “a set of obligations not to use ICTs as a weapon, a means of punishment or interference in domestic affairs,” as well as assurances “that ICTs never be applied to disrupt critical infrastructure, to incite violence and hatred, to perpetrate, finance or disguise terrorist, extremist and other criminal activities.”
Much like the ongoing debate over new attempts by Russia and China to implement a ban on weaponizing outer space, major powers have struggled to find unity on the scope, mechanisms and even basic definitions to be established in a treaty addressing the digital frontier. To make matters worse, cyber issues have long been a sore point for U.S.-Russia relations as the two accuse one another of cyber meddling, attacks and other online malfeasance.
As the U.S. and Russia attempt to push forward cybersecurity efforts on parallel U.N. tracks such as the Open-ended Working Group and the closed-door Group of Government Experts, Krutskikh asks, “maybe, it would be better to intensify the process by joint efforts rather than sitting out in different trenches?”
“Has the US security benefited from Washington’s decision to impede bilateral communication now? After all, this is a common challenge, and we have positive experience of cooperation with Washington under all administrations,” Krutskikh said. “A recent example — the Geneva agreements of President Putin and President Biden followed by the launch of bilateral dialogue on these issues on expert level.”
Krutskikh argued the prospects of both countries and others coming together to develop such measures “are quite broad.”
“We are tasked with developing rules of responsible behavior in information space,” Krutskikh said. “Other goals are to elaborate a comprehensive international convention to counter the use of ICTs for criminal purposes, to guarantee unhindered functioning of Internet while safeguarding inherent states’ sovereignty and their equal rights in the World Wide Web governance.”
“Security in cyber domain demands international agreements,” he added. “Stakes are too high to rely on a game without rules.”
At Monday’s meeting in New York, Krutskikh said Russia will “count on common sense of our partners that will be key to pragmatic negotiations with delegations from all UN Member States.”
“Real cyberpeace is impossible without consensus,” Krutskikh said. “The latter cannot be achieved if one tries to get military-political advantages at the expense of other states’ security, and relies on the dictate of force or threat of its use with a view to depriving certain countries from benefits of technical progress.”