[bestbits] An overview of latest IG events

[Veni Markovski]

Marila's message reminded me to let you know about latest developments
at the UN, on cyber...

In case you've missed these articles, published on March 27th and March
28th, accordingly by the Russian cyber "tzar" Krutskikh, and by
Washington Post columnist David Ignatius.  

They cover a lot of what's happening around the UN (and also US-Russia)
cyber negotiations. They describe both the Open-Ended Working Group and
the Governmental Group of Experts (the latter one membership is expected
to be announced any moment), which will be discussing cyber for the
coming years at the UN General Assembly. Mr. Krutskikh is former
diplomat and current cyber advisor to President Putin. His piece was
published first in the Kommersant Daily, and then posted (in English) on
the official Facebook page
<https://www.facebook.com/RusEmbUSA/photos/a.493759737501088/990105344533189/?type=3> of
the Embassy of the Russian Federation to the US - a clear sign that
Russia is sending a message.  

*"Russia Has Nothing To Hide, Nor Has It A Reason To Fear" *

 In the report of the US Special Prosecutor Robert Mueller, partially
released recently, was again affirmed that the Russian special services
intervened in the US elections of 2016. Russia proposed to the United
States to publish the closed communication between the Russian and US
government agencies about the investigation of this incident, but the US
refused. The Special Representative of the President of the Russian
Federation for International Cooperation in Information Security,
Ambassador-at-Large Andrey Krutskikh explained in the article, written
exclusively for the Kommersant, why Moscow considers it important to
resume the dialogue with Washington on cyberspace.

 Against the backdrop of the habitual – even ritual – anti-Russia
propaganda, some voices of reason have been heard lately among American
experts. Of particular interest in this regard is the recent article by
the The Daily Beast titled "This Hotline Could Keep the U.S. and Russia
from Cyberwar". No doubt, for the professionals who have closely
followed the development of the situation this publication will hardly
be an eye-opener. What is important is that the article openly admits
that the absence of a depoliticized expert dialogue between Russia and
the U.S. on international information security is not only a road to
nowhere but also a dangerous course fraught with further
misunderstanding and a risk of a large-scale conflict.

 Those are not emotional conclusions, but rather plain facts cited by
American security officials who have formerly worked or still work at
the administration, overseeing the issues of cyber security, i.e. by
those who know the situation on the ground and, by virtue of their
occupation, are bound to be utterly pragmatic.

 If security officials and the expert community in the U.S. actually
share this opinion, this is the case when it is hard to argue with the
colleagues, even though they are "on the other side of the fence". 

Six years ago, in 2013, we managed to reach agreement on establishing a
direct line of communication between Russia and the U.S. in the event of
cyber incidents. Basically, the system was modelled on a similar
mechanism that had been in place during the Cold War for dealing with
traditional military incidents and enables a prompt information exchange
at all levels from institutional to political.

 Since its establishment, the communication channel has been used, and
more than once. In fact, during the Obama administration, we maintained
a vibrant dialogue on cyber issues both at the routine technical level
and in the format of full-fledged consultations. Physical meetings of
experts enabling them to engage in direct discussions on emerging issues
were held. Even a special high-level bilateral working group was
established under the Russian-American Presidential Commission.

 As for the operation of the “hotlines”, the most vivid example is the
address of the American side during the U.S. presidential campaign in
autumn 2016, in which the U.S. expressed concerns over the intrusion
into its electronic infrastructure. Our response was prompt as usual,
and an exchange of the relevant technical information took place. Our
National coordination center for computer incidents, which is in charge
of the line, as early as last December, announced its readiness to
reveal the content of the correspondence to general public, subject to
consent of the American side. We sent the relevant proposal to
Washington through diplomatic channels early this year. The response was
in the negative.

 The Russian Foreign Ministry's spokesperson offered an exhaustive
explanation on the issue at her briefing last week. For my part, I can
only add to this that our proposal to publish the above-mentioned
correspondence was an unprecedented step, an example of true
transparency, which our partners tend to invoke so often. Russia has
nothing to fear – nor do we have anything to conceal. We are ready to
open the correspondence for examination by the general public both in
Russia and the U.S., the mass media, and experts, so that they could
draw their own conclusions on what really happened. But at the moment,
we cannot publish this data because of the refusal of the American side.
The pretext for the refusal was the so-called "sensitivity" of the data.
It is highly unlikely, however, that any information that is more
"sensitive" for the U.S. than for Russia could be found there. Frankly
speaking, this approach rather shows that they unsure of their position,
since it would be much harder to disseminate information accusing Russia
of "having a hand" in cyber intrusions if true facts were made public.

 However this is not the end of this absurd story. We decided to
directly address the US audience about the Moscow view on the situation
around the “hotlines” and proposed a number of the leading US mass media
to publish this article. We told them: we just give you “direct speech”
and you comment on it in any way you like. If you don’t like our
proposals, if you don’t believe us - put it on paper and let the readers
judge.

 First, these media showed the interest in the matter, asked us for the
details, claimed that they were ready to publish the article. However,
then they apparently got a stop light and refused, giving no
explanation. They got cold feet maybe.

 This is a matter of emotion while we want to be pragmatic. I once again
agree with our U.S. colleagues (Michael Daniel, Chris Painter and Luke
Dembosky), whose opinions were referred to in the article, that it is
not enough just to set up emergency hotlines. For them to work
effectively there should be a dialogue between those who maintain their
day-to-day operation as well as a broader conversation on issues related
to international information security.

 Officials in Washington often say that, allegedly, there is "not enough
trust" for this. The question is why would there be any trust if you
keep avoiding any discussion on the matter? We have repeatedly proposed
to hold bilateral consultations, but all our proposals have been
rejected. At times things get absurd, as a year ago in Geneva, when the
U.S. canceled a bilateral meeting two hours before it was supposed to
begin, even though the delegations were already there. One might think
that talking face to face seems so appalling to our partners that they
would rather transmit their grievances through the media.

 However, this issue is beyond routine politics, mutual poking or any
subjective factors. Today, just as 50 years ago, we talk about
preventing a cyberincident from escalating into a full-scale military
conflict between Russia and the United States. If the established
emergency “hotlines” bolstered with dialogue between experts stall for
political reasons, we will face the risk of another Cuban Missile
Crisis, only this time it will be triggered by information and
communication technologies, not warheads, and events will unfold

in a matter of minutes, leaving little time for both sides to make their
decisions. It sounds like a science-fiction film, but actually it has
long been our reality.

I want to believe that the U.S. recognizes this as well as Russia does.
At least, the opinions expressed by the U.S. experts provide us with
reasons for hope.

 We also seek the same openness, democracy and constructive dialogue as
we cooperate with the U.S. on cyber issues at multilateral fora. This
year, two dedicated negotiating mechanisms are expected to be
established to deal with international information security: the
Open-ended Working Group (OEWG), which all the UN Member States can
join, and the Group of Governmental Experts (GGE). It is interesting to
note that even though the first one is being established on Russia's
initiative, and the other, de jure, on America's; in fact, both groups
were first proposed and sponsored by Russia, while Western countries
were sceptical about the UN track and took every opportunity to
criticise it. Nonetheless, the reality is that the UNwill now have two
groups working in parallel, and it is essential that we define today the
principles of their interaction.

 We do not believe that getting into "gladiator fights" on international
information security is the right option to pursue at the UN. Russia,
just like any other state, is interested in ensuring that these groups
work in a complementary, non-adversarial, constructive and cooperative
manner.

 Out of common sense we suggest that it would be best to “share the
burden”. According to this plan the OEWG is to focus on major political
tasks concerning the majority of the international community: the rules
of responsible behavior of states in the information space,
confidence-building measures in this field, assistance to developing
states and the future format for the negotiations on this matter (a
standing committee of the UN General Assembly or Security Council, or
some other option).

 As for the GGE, it could in its turn address, as a matter of priority,
an equally important, yet more specialized issue of applicability of the
existing norms of international law to the information space.

 Harmonization of efforts is the second pivotal principle of coexistence
of the two groups. Their discussions should be non-politicized and
pragmatic, and there should be complementarity rather than competition
between their outcomes. The mandate of both the OEWG and the GGE
demonstrate that the groups are to address an enormous set of issues,
which can only be achieved with constructive engagement of all participants.

 I would like to stress that back in November 2018, we offered such plan
- a kind of programme of joint actions - to the United States. We
suggested, as we had done many times before, that we should meet and
discuss these matters. As before, we have not received any reply. There
is not much time left before both groups set to work. We can only hope
that our partners' common sense prevails and they will take advantage of
this window of opportunity before it closes. We stand ready to engage in
the dialogue.

 [End of the Facebook publication]

 

*The Washington Post writes about the same issue in an article, titled
“Moscow shouldn’t misjudge the Mueller moment
<https://www.washingtonpost.com/opinions/moscow-shouldnt-misjudge-the-mueller-moment/2019/03/27/5b6544e6-50fb-11e9-8d28-f5149e5a2fda_story.html>”*

 Russian claims this week that they’ve been exonerated by special
counsel Robert S. Mueller III’s final report make my skin crawl. But
they highlight the critical question of how the United States and Russia
can begin to move back toward a saner relationship.

Frankly speaking (as Russians like to say), the first step is for Russia
to stop pretending that it didn’t interfere in the 2016 presidential
election. The Kremlin got caught red-handed, one could say, and if it
keeps claiming otherwise, it obstructs the dialogue it says it wants.

Moscow shouldn’t misjudge the moment. The special counsel’s
report affirmed the judgment
<https://www.nytimes.com/interactive/2019/03/24/us/politics/barr-letter-mueller-report.html#g-page-2> of
the U.S. intelligence community that Russia interfered during the 2016
race. Mueller’s strongest cases, in fact, were the indictments
<https://www.lawfareblog.com/russia-indictment-20-what-make-muellers-hacking-indictment> that
detailed
<https://www.washingtonpost.com/world/national-security/how-the-russians-hacked-the-dnc-and-passed-its-emails-to-wikileaks/2018/07/13/af19a828-86c3-11e8-8553-a3ce89036c78_story.html?utm_term=.3cf2f1ba493b> how
13 operatives from Russia’s Internet Research Agency manipulated social
media, and how 12 GRU <x-apple-data-detectors://4> intelligence officers
hacked Democratic Party information and passed stolen emails to WikiLeaks.

Russian commentators were nearly as jubilant
<https://www.washingtonpost.com/world/europe/russia-joins-trump-in-post-mueller-report-victory-lap/2019/03/25/7a5bc442-4e76-11e9-bdb7-44f948cc0605_story.html?utm_term=.742b9b5db112> as
the White House, after Attorney General William P. Barr released his
summary
<http://www.washingtonpost.com/context/read-attorney-general-barr-s-principal-conclusions-of-the-mueller-report/> of
the special counsel’s findings. “Significant taxpayer resources went
into disproving an obvious fake,” crowed a Foreign Ministry statement.
“The agents of conspiracy have been discredited,” tweeted Alexey
Pushkov, a foreign-policy expert in Russia’s parliament.

President Trump may enjoy the Kremlin fist pumps. But they’re the wrong
way to restart a serious dialogue between Moscow and Washington. A
restart won’t work unless it is founded on mutual trust between the two
nations, as opposed to mutual back-scratching by Trump and Russian
President Vladimir Putin.

Andrey Krutskikh, the Kremlin’s leading cyber expert, dropped a hankie
in an article this week in the Moscow newspaper Kommersant. He said that
“some voices
<https://www.facebook.com/RusEmbUSA/photos/a.493759737501088/990105344533189/?type=3&theater>”
were reemerging in the United States, as opposed to ritual “anti-Russian
propaganda.” He proposed that the two nations resume “depoliticized
expert dialogue” about cybersecurity, like the quiet conversations that
took place during the Obama administration.

“Russia has nothing to fear — nor do we have anything to conceal,”
Krutskikh said. He said the United States should agree to disclose the
secret pre-election contacts between the United States and Russia in
2016 about U.S. “concerns over the intrusion into its electronic
infrastructure
<https://www.facebook.com/RusEmbUSA/photos/a.493759737501088/990105344533189/?type=3>.”

This sounds dubious; Russia was conducting a covert action against the
United States, which means that it was deniable. Moscow’s statements in
2016 would reinforce its claim that it didn’t do what both U.S.
intelligence and Mueller’s indictments say it did.

Chris Painter, who was the Obama administration’s top cyber diplomat,
told me Wednesday that a resumption of working-level contacts about
cyber would be fine. But he cautioned against any top-rank contacts
about cyber issues now, because they might allow Russia to pretend the
2016 cyberattacks didn’t happen.

“If you resume high-level dialogue, that says everything’s okay — no
harm, no foul,” explains Painter. This would be a mistake, he argues,
because it would allow Moscow “to white wash what has happened.” A
policymakers’ discussion about cyber and other issues “has to have
clearly defined goals and outcomes that advance our interests.”

What about a broader conversation between the United States and Russia —
dealing with big, potentially explosive problems such as Ukraine, Syria
and nuclear arms control? As with cyber issues, the answer is that the
two sides need to talk, but they need to build a solid foundation.

“We should begin in a modest way, not with a full-up arms-control
negotiation, but by starting an ongoing dialogue about strategic
stability” argues Stephen J. Hadley, who was national security adviser
for President George W. Bush. He suggests a range of confidence-building
measures that might seek to avoid confrontations in outer space and
cyberspace.

Hadley argues the basic rationale for a reset: “The lack of dialogue
between the two countries is not in either country’s interest. It is
also potentially dangerous.”

A warier view comes from Thomas Donilon, who served as national security
adviser under President Barack Obama. He thinks the United States
shouldn’t engage Russia until its own house is in better order — with
full disclosure of the Mueller report on what the Russians did in 2016,
better protection for U.S. election security and repair of the United
States’ damaged alliances in Europe.

Trump administration officials argue that their Russia policy is based
on U.S. interests. It has imposed sanctions when necessary, but has also
tried to keep open channels between Trump and Putin. If officials have
plans for any major post-Mueller opening, they don’t say so.

If Russia wants lasting improvement in its relations with the United
States, it should stop its Trumpian gloating about the Mueller report
and start rebuilding the basics of trust. Mueller’s apparent affirmation
that there was “no collusion” creates some space for better relations,
but if Trump supporters are Moscow’s only champions, any reset with
Russia will blow a fuse.

 

[End of Washington Post article]

 
If you have any questions, let me know.

On 04/17/19 06:21, Marilia Maciel wrote:
> Hello everyone, 
>
> The last few weeks have been very intense, packed with several
> meetings of interest to the Internet governance community, such as the
> WSIS Forum, UNCTAD eCommerce week and the Western Balkans Digital
> Summit. For those who did not have the chance to follow discussions,
> the just-in-time reporting from these meetings produced by the Geneva
> Internet Platform and DiploFoundation could be handy. The links can be
> found below. 
>

-- 

Best regards, 
Veni
https://www.veni.com
pgp:5BA1366E veni at veni.com

The opinions expressed above are those of the 
author, not of any organizations, associated 
with or related to him in any given way. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20190417/7d1bf400/attachment.htm>