[Governance] Fwd: Cyber détente in Geneva: Can Biden and Putin ease cyber tensions?

[Stephanie Borg Psaila]

Dear colleagues,

In view of Wednesday's summit, this article by Diplo Executive Director
Jovan Kurbalija may be of interest. It deals with the possibilities of the
meeting leading to a cyber detente, or the start of one.

Link:
https://www.diplomacy.edu/blog/cyber-detente-geneva-can-biden-and-putin-ease-cyber-tensions
The text is right below this email.

All the best,
Stephanie

Cyber détente in Geneva: Can Biden and Putin ease cyber tensions?
JOVAN KURBALIJA

Despite the recent cyberattacks on SolarWinds, the Colonial Pipeline, and
the meat producer JBS, there is plenty of room for optimism for a cyber
deal at the upcoming summit in Geneva between US President Joe Biden and
Russian President Vladimir Putin. It could very well slow down – if not
bring to an end – the cyber tensions between the two countries.

The Biden–Putin summit could also turn the page from these protracted
hostilities towards a more stable and cooperative global digital policy
with the active participation of governments, businesses, and civil society
worldwide.

[image: The 16 June Biden-Putin summit and what it means for the US-Russia
cyber relations]

There are three main reasons for this cyber optimism ahead of the summit in
Geneva.

First, while the attacks have taken up all the headlines on cyberspace, *the
two countries have been cooperating on several fronts via multilateral
processes*. In March, *they both endorsed the report of the UN Open-Ended
Working Group on Cybersecurity*
<https://www.diplomacy.edu/blog/new-landmark-global-cybersecurity-negotiations-un-cyber-oewg-numbers>,
and just last week, the report of *the UN Group of Governmental Experts*
<https://dig.watch/processes/un-gge>. Russia and the USA both agreed to
develop a more predictable global cybersecurity regime built on 11 norms on
how governments should behave in cyberspace and on cooperative measures to
address cyberthreats.

Even at the highly divisive e-commerce negotiations at the World Trade
Organization (WTO), Russia and the USA belong to the same group of
countries that are arguing for new e-commerce rules.

Second, *a ‘cyber hotline’ between Washington and Moscow* is now open as
the two countries directly address recent cyber incidents, according
to the *White
House *
<https://www.whitehouse.gov/briefing-room/press-briefings/2021/06/01/press-gaggle-by-principal-deputy-press-secretary-karine-jean-pierre-aboard-air-force-one-en-route-tulsa-ok/>
and *Russia’s Deputy Foreign Minister Sergei Ribakov*
<https://www.bbc.com/news/world-us-canada-57318965>.

Third, in the past two months, we have seen *a shift both in rhetoric and
actions.* The animosity between the two countries only grew as the US
security apparatus *officially attributed *
<https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/>the
SolarWinds cyberattacks to the Russian government. President Biden issued
an *Executive Order*
<https://www.whitehouse.gov/briefing-room/presidential-actions/2021/04/15/executive-order-on-blocking-property-with-respect-to-specified-harmful-foreign-activities-of-the-government-of-the-russian-federation/>
 sanctioning *40 Russian individuals and companies*
<https://home.treasury.gov/news/press-releases/jy0127> over their
involvement in the SolarWinds cyberattack.

But US rhetoric has softened recently. After *the Colonial Pipeline attack*
<https://dig.watch/updates/ransomware-attack-colonial-pipeline> in May,
Biden emphasised that the attack was launched by a *Russian group, rather
than by the Russian government*
<https://thehill.com/policy/cybersecurity/553386-biden-says-colonial-pipeline-hackers-based-in-russia-but-not-government>.
Last week saw a further de-escalation of rhetoric as US officials focused
on cooperating with Russian authorities while dealing with the JBS
cyberattack. Russia was not mentioned explicitly in what were otherwise
tough statements on cybersecurity by US Commerce Secretary *Gina Raimondo*
<https://abcnews.go.com/Politics/commerce-secretary-gina-raimondo-hardwire-deadline-infrastructure-deal/story?id=78105983>,
Energy Secretary *Jennifer Granholm*
<https://edition.cnn.com/2021/06/06/politics/us-power-grid-jennifer-granholm-cnntv/index.html>,
and Transportation Secretary *Pete Buttigieg*
<https://www.cbsnews.com/news/transcript-pete-buttigieg-face-the-nation-06-06-2021/>
.

All in all, the stage for a cyber détente between the two countries has
been set. In addition to bilateral cooperation, they can also engage into
more effective multilateralism by taking *the ‘ready-to-use’
confidence-building measures of the Organization for Security and
Co-operation in Europe (OSCE)* out of the ‘diplomatic fridge’. On a global
level, Russia and the USA could accelerate the UN process towards* a
Cybersecurity Compact *that should regulate the current cyber arms race,
with at least *50 countries *
<https://dig.watch/processes/un-gge#view-7541-2>that already have or are
close to having offensive cyber capabilities. The two countries can also
strengthen coordination in the fight against cybercrime, currently underway
in two separate tracks: (a) the USA-led approach to globalise the
ratification of the Budapest Convention on Cybercrime, and (b) the
Russian-led quest for a new UN cybercrime convention.

Further along  this cyber journey, Russia and the USA should anchor
cybersecurity in *a wider digital agenda *covering e-commerce, human
rights, development, standardisation, and other policy issues. For example,
e-commerce regulations cannot be effective without addressing
standardisation, data, privacy, and security perspectives. The tech sector
needs to provide details on cyber components and services to their
governments for drawing up a global cyber-harmonised nomenclature system,
the basis of the global trading system. Russia will have additional
incentives towards developing a holistic approach to global digital policy
as it will be hosting the Internet Governance Forum (IGF) in 2025, a
landmark global gathering that addresses digital issues in a cross-cutting
way.

Although there are several reasons to feel optimistic about the Geneva
summit, *caution is still advised as cyber issues are not – and cannot be –
treated in isolation.* Cyber issues are a part of a wider agenda between
the two countries, ranging from nuclear weapons to the situation in and
around Ukraine, relations with China, human rights, the Middle East, and so
on.

For the USA, cyber issues will feature prominently on the Geneva summit
agenda. As the US society is highly dependent on digital technologies,
cyber stability will increase the security of critical infrastructures
domestically and support the economic interests of Google, Microsoft,
Amazon, and other tech companies internationally.

While the outcome of the Geneva negotiations will be *the result of complex
trade-offs*, it is certain that fewer cyber tensions and more digital
cooperation would be greatly beneficial to the modern world. Through a
cyber détente, Biden and Putin can make an important contribution to global
cyber stability and overall digital development.

*Many times in history, on the shores of Geneva’s Lake Leman, diplomacy and
cooperation prevailed over war and conflict. Next week, there’s reason to
hope that history will repeat itself in the cyber realm.*


------------------------------

*For more context on the possibilities of a cyber detente, and the cyber
relations between the USA and Russia over the years, read the Geneva
Internet Platform’s analysis at **https://dig.watch/trends/cyber-detente*
<https://dig.watch/trends/cyber-detente>

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20210614/e29cdd8a/attachment.htm>