Jayant Gandhi
Total Page:16
File Type:pdf, Size:1020Kb
Jayant Gandhi Russia-US Cyber Relations
Introduction
Diplomatic relations between Russia and the United States have been tumultuous at best since the end of the Second World War, even after the fall of the Soviet Union. Throughout most of this history the key issue has been nuclear weapons control and how to come to some sort of agreement when neither side felt they could trust the other. Suspicions fueled the friction between the two states and made diplomatic negotiations between the two on nuclear arms control all the more difficult.
In the beginning, any attempt at a nuclear non-proliferation treaty was flat out rejected by
Russia.1 Eventually, through a long process of learning, it was realized by both sides that nuclear weapons should never be used. “A nuclear war cannot be won and must never be fought” was the joint declaration of Ronald Reagan and Mikhail Gorbachev in 1985.
Though it took many years of barely averted catastrophes, a somewhat stable international norm on the use (or rather disuse) of nuclear weapons was reached. Interestingly enough, it seems as though the United States and Russia are once again entering into this uniquely rival diplomatic relationship concerning the issue of cyber security.
In the ongoing debate over how to handle the issue of cyber security on the international stage there have been many competing opinions from across the world, but nowhere is the difference of opinions more starkly illuminated than that between the United States and Russia.
1 The first attempt in 1946, the Baruch Plan, was swiftly rejected by the USSR because they were suspicious of the Western powers pushing for it. Later attempts met with similar fates even after the USSR broke the American monopoly on nuclear technologies. It is important to note this because of the role suspicion played in delaying diplomatic efforts. While the tension between the two countries is not anywhere near the level it was during the
Cold War, it is nevertheless intriguing that the United States and Russia should once again find themselves on opposite sides of a diplomatic argument. However, this time around the two find their roles somewhat reversed.
The United States was normally the one pushing for international treaties controlling nuclear weapons during the Cold War, but this time Russia has been taking the lead. Believing information security to be one of the most important issues facing the international community today, Russia has presented proposal after proposal to the United Nations in order to create some kind of meaningful resolution on how issues of cyber security are dealt with. The United States, on the other hand, has favored inaction due to, in part, a suspicion that Russia’s eagerness to
“secure” the Internet is fueled by a desire to censor it.
Both sides recognize the importance of cyber security, but have been unable to come to any agreement because of this tension between Internet “security” and “freedom”. Events like the cyber attacks on Estonia and Georgia by supposed Russian nationalists undermines American trust in Russian intentions, but Russia has remained stalwart on its position to push forward with an information security regime.
The philosophical differences between the United States and Russia have led us to this difficult diplomatic situation. Only recently has the United States begun to consider Russian proposals, but even this process has been a slow one. If a mutually agreed upon set of cyber norms is to be created and some semblance of security on the international scale achieved then it is of paramount importance that both sides understand the competing philosophies at work and try to reconcile their suspicions. By examining each player’s pattern of behavior on the international stage and comparing this with their espoused philosophical beliefs, a path for cooperation may be carved out yet, without the long arduous learning process experienced in the nuclear history.
Russia and the United Nations
Since 1998, Russia has submitted a draft resolution on information security every year in the First Committee of the United Nations, which concerns itself with issues of disarmament and international security. The original draft submitted entitled “Developments in the field of information and telecommunications in the context of security” served as the basis for all future proposals (changing only slightly over time) and was adopted without vote by the General
Assembly as Resolution 53/70 on 4 January 1999.2
The goal of the resolution according to Sergei Ivanov, a high ranking Russian official who served as Minister of Defense from 2001 to 2007, was to develop “international law regimes for preventing the use of information technologies for purposes incompatible with missions of ensuring international stability and security.”3
The proposal itself requests that member states of the United Nations begin to recognize
Information Warfare as a legitimate security threat to international stability. It also calls for the need to define key concepts. In particular it mentions the “unauthorized interference with or misuse of information and telecommunications systems and information resources.”4
2 “Cyber Norm Emergence at the United Nations – An Analysis of the UN‘s Activities Regarding Cyber-security?”; Maurer, Tim; Discussion Paper 2011-11; Cambridge, Mass.: Belfer Center for Science and International Affairs, Harvard Kennedy School; September 2011; http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011- 11-final.pdf
3 “The Trouble with Cyber Arms Control”; Ford, Christopher A.; The New Atlantis; 2010; http://www.hudson.org/files/publications/20110301_TNA29Ford.pdf
4 “Developments in the field of information and telecommunications in the context of security”; Fifty-third session, Agenda item 63; 4 December 1998; http://daccess-dds- ny.un.org/doc/UNDOC/GEN/N99/760/03/PDF/N9976003.pdf?OpenElement At first glance the proposal seems to be a rather benign call for awareness of a possible threat to international security and stability, but the United States and other Western powers were skeptical that the definitions Russia was proposing to come up with would prohibit censorship of the Internet. This rift was first noted by the United Nations in a discussion held on August 25-26,
1999. The meeting noted that the main divide lies between states that believe cyber crime and terrorism to be the greatest threats to the international community while others believe information operations (defined essentially as propaganda) and its use by the militarily advanced states to be the biggest threat.5 More generally that is increased enforcement (the American stance) versus disarmament (the Russian stance).
Russia continued to submit these proposals and have them adopted without vote until
2005 when it was put to vote for the first time. The resolution was adopted, but this marked the first time that the United States voted against the proposal. This vote against the proposal marked the United States taking a much stronger stance than it had for the past decade. However, this opposition did not have the effect the United States was hoping for.6
The American opposition may have made clear the doubts the United States was having about Russia’s intentions, but it inadvertently caused an increase in support for the proposal. The next year, 2006, saw the addition of eight co-sponsors to the proposal including China, Armenia,
5 “Developments in the field of information and telecommunications in the context of security”; Private Discussion Meeting hosted by DDA and UNIDIR; Geneva, August 25-26, 1999; http://www.unidir.org/pdf/activites/pdf3-act81.pdf
6 “Cyber Norm Emergence at the United Nations – An Analysis of the UN‘s Activities Regarding Cyber-security?”; Maurer, Tim; Discussion Paper 2011-11; Cambridge, Mass.: Belfer Center for Science and International Affairs, Harvard Kennedy School; September 2011; http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011- 11-final.pdf Belarus, Kazakhstan, Kyrgyzstan, Myanmar, Tajikistan, and Uzbekistan.7 This number would continue to grow each subsequent year.
(It is important to note that the states that initially co-sponsored the proposal generally came from the former Soviet sphere and therefore have a closer relationship with Russian than the United States. Additionally this period of American opposition was also a period of uneasy relations with the UN in general. A policy shift occurred after the administrations changed, Bush to Obama, and a new policy with Russia and the United Nations was adopted.)
In 2009, as a part of the “reset” policy for Russo-American relations, the United States began talks with Russia on cyber security. Recognizing the need for international cooperation to help combat the misuse of cyber space, American officials began to talk with Russian officials in order to find common ground for the first time. However, this cooperation did not mean the
United State had come around to Russia’s way of thinking.
On the issue of “cyber terrorism” the Russians have called for a complete ban in order to protect state sovereignty. American officials, however, describe this as a Russian effort to restrict
“politically destabilizing speech.”8 While cooperation was beginning to appear between the two sides, the fundamental philosophical differences were still proving to be the biggest impediment towards any meaningful outcome.
However much Americans officials doubt Russian intentions when it comes to protecting the freedom of the Internet Russians officials have their own concerns about American intentions. Gen. Vladislav P. Sherstyuk, undersecretary of the Russian Security Council, voiced anxiety that the United States was completely leaving out cyber-warfare from the conversation in
7 ibid
8 “In Shift, U.S. Talks to Russia on Internet Security”; John Markoff & Andrew E. Kramer; The New York Times; December 12, 2009; http://www.nytimes.com/2009/12/13/science/13cyber.html order to protect the American “hegemony” over the Internet and specifically the United States potential power to shut off the Internet in certain states.9
In 2011, Russia, along with China, Tajikistan, and Uzbekistan, penned a letter to the
General Assembly outlining a cyber code of conduct. Within this code of conduct are several things that could alarm an American policy maker. It calls for an effort to stop the dissemination of information that could “undermine other countries’ political, economic and social stability.”
Additionally it states that freedom in “information space” should comply with “relevant national laws and regulations.”10
This letter can be interpreted to be calling for a restriction of freedom of speech if it goes against a state’s agenda. A disturbing sentiment to the United States who seeks to promote
Internet freedom. But this is not the only interpretation. Oppressive regimes or terrorist organizations could use the same tools to spread propaganda of their own. At the very least it shows an effort on Russia’s part to open the dialogue on information security.
The United States and International Information Security
The United States has found itself in a peculiar position when it comes to information security and the United Nations. Years of abstaining from taking any action, and even opposing it at some points, have caused the United States to lose any momentum they could have had in achieving an international agreement. The main reason for this is that the United States for over a decade has stated that an international treaty is unnecessary, opting instead for increased cooperation between law enforcement organizations.
9 “At Internet Conference, Signs of Agreement Appear Between U.S. and Russia”; John Markoff; The New York Times; April 15, 2010; http://www.nytimes.com/2010/04/16/science/16cyber.html
10 “Annex to the letter dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General: International code of conduct for information security” ; United Nations – General Assembly; 14 September 2011; http://blog.internetgovernance.org/pdf/UN-infosec-code.pdf The United States has succeeded in creating a global network of law enforcement agencies in 50 nations, which have agreed to collect and share data relating to information security.11 This increase in cooperation has been the goal of the United States since the discussion on information security began.
However, besides these efforts to coordinate law enforcement across the world, the
United States has been relatively silent. This has allowed Russia to emerge as the international leader in information security. Now, as the United States tries to make its way back into the conversation, it is finding it increasingly difficult to bring its own ideas to the forefront.
In January of 2010, the Obama administration released a set of recommendations to the
United Nations. The recommendations dealt with issues of anonymity, proxies and how increased dialogue and sharing of information can help eliminate these problems, but the central notion put forward by the report was the idea that “the same laws that apply to the use of kinetic weapons should apply to state behavior in cyberspace.”12
This doctrine shows that American concerns are concentrated on criminal and terrorist uses of information technologies. A Russian official concerned about cyber-warfare could argue that this idea is overly simplistic since it would allow for military use of cyberspace, in the case of an armed conflict, and information operations, which do not necessarily behave in the same way as kinetic weapons (propaganda can be very powerful, but it is not exactly the same thing as a bomb).
11 “At Internet Conference, Signs of Agreement Appear Between U.S. and Russia”; John Markoff; The New York Times; April 15, 2010; http://www.nytimes.com/2010/04/16/science/16cyber.html
12 “Step Taken to End Impasse Over Cybersecurity Talks”; John Markoff; The New York Times; July 16, 2010; http://www.nytimes.com/2010/07/17/world/17cyber.html Even though involvement by the United States in this conversation has increased it is still clear that there is a philosophical divide preventing agreement. Both sides are mistrusting of the other’s intentions in part because they let their suspicions stop them from fully examining the foundation of the other’s beliefs.
The United States’ Philosophy
The pillar of the United States’ philosophy on cyber issues has been its dedication to the protection of internet freedom. In a speech at the Newseum on January 21, 2010, Secretary of
State Hillary Clinton reaffirmed “the American people’s commitment to internet freedom.” She states that this stems from the belief that “the more freely information flows, the stronger societies become” and how this freedom “helps citizens hold their own governments accountable, generates new ideas, [and] encourages creativity and entrepreneurship.”13
This concept of freedom is very fundamental to the American way of thinking and has defined much of the United States’ history. Of course a critic could argue that the same freedom that enables this empowerment of the people could be used by terrorists or authoritarian governments to further their own goals. However, the American stance does not view this potential risk as a reason to completely ban the use of this technology. Secretary Clinton addressed this point rather nicely: “just as steel can be used to build hospitals or machine guns, or nuclear power can either energize a city or destroy it, modern information networks and the technologies they support can be harnessed for good or for ill.”14
The fear of censorship of the Internet by authoritarian governments has been a motivator for the American philosophy as well. Similarly to how a free internet helps people keep their
13 “Remarks on Internet Freedom”; Hillary Rodham Clinton; January 21, 2010; http://www.state.gov/secretary/rm/2010/01/135519.htm
14 ibid government in check, an agreement that could legitimize the censorship of the Internet is seen as a major victory for authoritarian regimes. This fear has been fed by what Russia has been proposing.
The letter to the General Assembly from 2011 on establishing an international code of conduct for information security describes information operations as a type of behavior that should be curbed.15 While the bullet point clearly indicates criminal or terrorist activities as the target of the ban, it is conceivable to see how an authoritarian regime could use this to defend the silencing of public dissent. For example, during the protests of the Arab Spring there was a degree of support (although probably not game changing) from Western citizens and companies for the protestors via websites like Twitter and Facebook. If the proposed code of conduct existed a country like Egypt could have claimed its stability was being undermined by Western terrorists and legitimately censored their internet.
Freedom of expression and how it can be defended are not the only concerns of the
American philosophy of information security. On the more practical side there is a strategic concern that arises from a straightforward demilitarization of cyberspace. Professor Joseph Nye of Harvard’s Belfer Center explains this worry:
For more than a decade, Russia has sought a treaty for broader international oversight of the Internet, banning deception or the embedding of malicious code or circuitry that could be activated in the event of war. But Americans have argued that measures banning offense can damage defense against current attacks, and would be impossible to verify or enforce.16
15 “Annex to the letter dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General: International code of conduct for information security” ; United Nations – General Assembly; 14 September 2011; http://blog.internetgovernance.org/pdf/UN-infosec-code.pdf
16 “Cyber Power”; Joseph S. Nye Jr.; Belfer Center for Science and International Affairs, Harvard; 2010; http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf As mentioned earlier, the United States has opted to focus its efforts on promoting cooperation between law enforcement agencies across the globe. The reason for this lies in this way of thinking. The difficulty of attribution makes the idea of banning any aggressive strategy a weak one. A strategy of active defense is necessary not only to help deal with current threats, but also to deter future ones.
A free internet, in the opinion of the United States, is beneficial to everyone. It opens up a pathway for soft power to potentially work its wonders and undermines the grip of authoritarian regimes. Keeping the option of cyber offense allows for a strategy of active defense and will bring about a more stable equilibrium. These may seem like noble and reasonable beliefs
(especially coming from an American background), but when the Russian philosophy behind their decisions is taken into account the issue becomes less black and white.
Russia’s Philosophy
The key difference between the Russian and American philosophies on information security comes down to the definitions of terms. The most important of these terms is
“information operations.” Whereas the United States conception of “information operations” is limited to the dissemination or planting of information (true or false) the Russian definition is much broader. George Sadowsky, a United States representative to ICANN, said that when it comes to the Russian definition of information security “it’s a broader notion, and they really mean state security.”17
Russian doctrine for information security, instead of focusing on just the offense and defense of computer systems like the American doctrine, emphasizes the psychological aspect of information warfare. There is a “totalistic ideal of information warfare as a contest between
17 “At Internet Conference, Signs of Agreement Appear Between U.S. and Russia”; John Markoff; The New York Times; April 15, 2010; http://www.nytimes.com/2010/04/16/science/16cyber.html whole societies.”18 This idea that information, in the form of thought, is a significant threat to state security has been a part of Russian doctrine since the formation of the Soviet Union and has endured in Russian philosophy even after its collapse.
In 2000 the Kremlin created the Information Security Doctrine which listed the potential threats to Russian information security as the “degradation of spiritual values, propaganda of models of mass culture based on the cult of violence, and on moral values contradictory to values accepted in Russian society; weakening the spiritual, moral, and creative potential of the Russian peoples; [and] obstruction of the state mass-media’s efforts to inform Russian and foreign audiences.”19
From an American perspective this doctrine comes off as authoritarian by design and made to ensure that freedom of expression is limited to what the state believes is appropriate. But when viewed in the context of Russia’s “warring societies” model it is understandable as to how this conclusion was reached.
Another main thread of Russian information security philosophy is the fear of a cyber arms race with the United States. This fear has been the major impetus for the call for an all out ban of cyber weapons. Russian officials are concerned that they would not be able to win an arms race with the United States.20
The easiest way to stop an arms race would be to ban the militarization of the Internet altogether. This would leave the realm of “technical” information attacks to non-state actors,
18 “The Trouble with Cyber Arms Control”; Ford, Christopher A.; The New Atlantis; 2010; http://www.hudson.org/files/publications/20110301_TNA29Ford.pdf
19 ibid
20 ibid such as the patriot Russian hackers accused of conducting cyber attacks on Estonia in 2007 and
Georgia in 2008.
The playing field would be essentially leveled. The enormous technical advantage of the
United States would no longer matter as much because the only way they could carry out a cyber attack would be vicariously through a non-state organization, which would not have the same capacity as the American government.
While American interests would say that this solution would end up leaving the world more vulnerable, it would give Russia a sense of security knowing that it would not have to worry about a growing gap between itself and the United States. This situation combined with
Russia’s tight control on Russian “spirit” would make patriot hackers a very powerful tool for
Russia.
The Russian doctrine also tends to focus more on the negatives than the American philosophy. The United States recognizes that good can come out of information operations by giving people a forum for free exchange. However, Russia has included these types of information operations as part of the behavior to be avoided. This type of activity is consistently listed as being criminal or terrorist in nature.21
In his book The Net Delusion, Evgeny Morozov22, gives many examples of how authoritarian regimes have used this “liberating” technology to oppress their people. He cites
Hugo Chavez’s use of Twitter to solidify his rule, China’s Fifty-Cent Party and their role in
21 “Annex to the letter dated 12 September 2011 from the Permanent Representatives of China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations addressed to the Secretary-General: International code of conduct for information security” ; United Nations – General Assembly; 14 September 2011; http://blog.internetgovernance.org/pdf/UN-infosec-code.pdf
22 Morozov was born in Belarus, but has spent his career in the United States writing as a skeptic of the Internet Freedom Agenda. driving all internet conversations towards pro-government topics, and he even talks about
Russia’s use of entertainment to distract its populace from “subversive thoughts.”23
Morozov’s book is critical of Russian censorship and is not written by a pro-Russian thinker, but it highlights the skepticism of the benefits of a free internet that Russian officials have demonstrated in their proposals to the United Nations. I bring up the example of his book to demonstrate this emphasis on the disadvantages of a free internet.
The Russian mindset on information security is much more focused on fear than the
American outlook. From the very existential threat of a societal war to the more practical fear of getting tangled in an expensive and, ultimately, futile cyber arms race, Russian officials drafted their proposals with these fears at the forefront. The fact that Russia has been so adamant about reaching an agreement for over a decade only highlights the severity of the Russian fears.
Conclusion
So whose fears are more accurate? Are the Russians simply trying to censor the Internet?
Or is the United States laissez-faire approach going to lead to a potentially destructive cyber arms race? The answer is that both sides’ fears are valid.
Russia’s desire to maintain control over its society’s psyche means that it has to support censorship of the Internet. While Russia will probably not come out and say it supports direct censoring of the Internet, pushing for a limitation on foreign state’s ability to disseminate information within their country under the guise of information security will achieve the same goal.
Meanwhile, the United States’ goal to promote free Internet use across the world may be noble, but is bound to run into hurdles. For starters, it is still unclear whether or not the soft
23 The Net Delusion: the Dark Side of Internet Freedom; Evgeny Morozov; PublicAffairs, New York, NY, 2011 power of the Internet actually plays a role in causing democratic revolutions. It also leaves a variety of tools available to authoritarian regimes.
The philosophical differences between the United States and Russia may not be as big now as they were during the Cold War, but they still serve to impede the process of diplomatic negotiations. The Russian-led draft of a cyber code of conduct is an excellent starting point for future cooperation. As it is right now it would not be beneficial to the international community due to its harsh stance on information operations, but the general idea is correct.
The more the United States and Russia agree to sit down to talks on these issues the more likely fears will subside and cooperation achieved. The United States’ idea for cooperation and sharing of information between law enforcement organizations holds the most promise, but this initiative needs the momentum of Russia’s leadership on this issue in order to be successful. This is not something that will occur overnight, but I see every reason to be optimistic. Bibliography
“Cyber Norm Emergence at the United Nations – An Analysis of the UN‘s Activities
Regarding Cyber-security?”; Maurer, Tim; Discussion Paper 2011-11; Cambridge,
Mass.: Belfer Center for Science and International Affairs, Harvard Kennedy School;
September 2011; http://belfercenter.ksg.harvard.edu/files/maurer-cyber-norm-dp-2011-
11-final.pdf
“The Trouble with Cyber Arms Control”; Ford, Christopher A.; The New Atlantis; 2010;
http://www.hudson.org/files/publications/20110301_TNA29Ford.pdf
“Developments in the field of information and telecommunications in the context of
security”; Fifty-third session, Agenda item 63; 4 December 1998; http://daccess-dds-
ny.un.org/doc/UNDOC/GEN/N99/760/03/PDF/N9976003.pdf?OpenElement “In Shift, U.S. Talks to Russia on Internet Security”; John Markoff & Andrew E.
Kramer; The New York Times; December 12, 2009;
http://www.nytimes.com/2009/12/13/science/13cyber.html
“At Internet Conference, Signs of Agreement Appear Between U.S. and Russia”; John
Markoff; The New York Times; April 15, 2010;
http://www.nytimes.com/2010/04/16/science/16cyber.html
“Annex to the letter dated 12 September 2011 from the Permanent Representatives of
China, the Russian Federation, Tajikistan and Uzbekistan to the United Nations
addressed to the Secretary-General: International code of conduct for information
security” ; United Nations – General Assembly; 14 September 2011;
http://blog.internetgovernance.org/pdf/UN-infosec-code.pdf
“Step Taken to End Impasse Over Cybersecurity Talks”; John Markoff; The New York
Times; July 16, 2010; http://www.nytimes.com/2010/07/17/world/17cyber.html
“Remarks on Internet Freedom”; Hillary Rodham Clinton; January 21, 2010;
http://www.state.gov/secretary/rm/2010/01/135519.htm
“Cyber Power”; Joseph S. Nye Jr.; Belfer Center for Science and International Affairs,
Harvard; 2010; http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf
The Net Delusion: the Dark Side of Internet Freedom; Evgeny Morozov; PublicAffairs,
New York, NY, 2011