US, Russia Cyber Hotline Brings Back That Cold War Feeling
For those who remember the Red Phone in the White House as the last bulwark against nuclear catastrophe, the news that the U.S. and Russia have agreed to set up a cyberhotline to prevent an accidental cyberwar may come as a relief. Or it may just seem laughable. "This seems like it has more PR value than practical value," observed Tripwire CTO Dwayne Melancon.
06/19/13 2:31 PM PT
The United States and Russia are going to cooperate more closely on cybersecurity, the White House has announced.
They are setting up a new working group under the auspices of the Bilateral Presidential Commission, set up in 2009 by President Obama and then-Russian president Dmitry Medvedev, to assess emerging threats to information and communications technology and propose concrete joint measures to address them.
The two countries will also use the Hot Line set up between Washington and the Kremlin in 1963 to exchange information.
"It's interesting that these two superpowers are interested in this level of investment between the two nations to deal with cybersecurity issues," Ken Pickering, director of engineering at Core Security, told TechNewsWorld.
"I wonder, though, if it's a concern over stopping cybercrime, dealing with cyberattacks from other nations with established cyberwarfare programs, or both," Pickering continued.
It's also possible that neither of those concerns is the driving force behind the move.
This hotline "will be like the famous Red Phone from the Cold War -- an iconic device that is never used," remarked Dwayne Melancon, chief technology officer at Tripwire. "This seems like it has more PR value than practical value."
The U.S.-Russia working group will begin operations next month.
Washington and Moscow will use the Nuclear Risk Reduction Center -- which was created in 1987 to provide an additional channel of communication apart from the Hot Line and diplomatic channels -- to make formal inquiries about cybersecurity incidents of national concern, so as to reduce the possibility of misperception and escalation, the White House said.
Translation: If there's a cybersecurity attack on our national infrastructure, we'll pick up the phone and call before sending in the troops.
The plan also calls for the exchange of information on threat indicators between the U.S. Computer Emergency Readiness Team, or US-CERT, and its Russian counterpart.
A Little Conversation Goes a Long Way
There's a need for such communications capabilities. The U.S. has repeatedly stated it reserves the right to respond with military force in the event of a cyberattack it deems dangerous. Last year, then-Secretary of Defense Leon Panetta warned of a possible cyber-Pearl Harbor.
The Department of Defense's strategy for operating in cyberspace provides for the possibility of a military strike in retaliation for cyberattacks.
"The one [hotline] scenario I can envision is if U.S. federal or Russian national cyberinfrastructure were to be compromised and used to attack the other country's critical infrastructure," Tripwire's Melancon told TechNewsWorld. "At this point, the result could look like a state-sponsored attack which could trigger counterstrikes or other retaliation."
On the other hand, the hotline could be overkill, suggested Lamar Bailey, director of security operations at Tripwire. The exchange of information between US-CERT and its Russian counterpart would be better because "going through a third party to communicate critical cyberattacks or events is too slow."
Crime and Punishment
Overall, however, the collaboration between the two nations "is of very high value," because "almost all of every nation's critical infrastructure is networked in some way and is therefore a target for rogue nation states, hackers, criminals, activists and terrorists," Bailey told TechNewsWorld.
The vast majority of cyberattacks are financially motivated, and most of them originate in the U.S. or Eastern Europe, particularly Romania, Bulgaria and Russia, according to the 2013 Verizon Data Breach Report. Russian and Eastern European cybercriminals are generally acknowledged to be the most savvy.
Improved U.S.-Russian communications on cyberattacks will let both countries share information on cybercriminal syndicates," noted Core Security's Pickering, and "with the appropriate forensic evidence from the U.S., the Russians may be able to assist in arresting [the cybercriminals] in a timely fashion."