07.07.2021 – 16:36
When US President Joe Biden and Russian President Vladimir Putin held their first summit in Geneva last month, cyber weapons played a larger role on the agenda than the nuclear type.
It is clear that the world has changed since the Cold War, but what has Biden achieved?
For more than two decades, Russia has proposed a United Nations cyber treaty.
But the United States considered such a pact unverifiable.
Unlike nuclear weapons, the difference between a cyber weapon and other computer code may depend solely on the purpose of the programmer.
Instead of a treaty, Russia, the US, and 13 other countries agreed to voluntary norms, outlined by UN-sponsored groups of government experts, prohibiting attacks on each other’s civilian infrastructure and not prohibiting unjust acts of organized by their territory.
Although those rates were reaffirmed at the UN last spring, skeptics note that shortly after it agreed on a 2015 report, Russia attacked Ukraine’s power grid and interfered in the 2016 US presidential election.
Unlike the US, which established a Cyber Command (USCYBERCOM) in 2010, Russia has never formally acknowledged that it has offensive cyber capabilities.
The two countries infiltrate each other’s networks to gather intelligence, but sometimes it is difficult to draw a line between espionage and battlefield preparation. That is why the US complained earlier this year about the Russian attack on the US firm SolarWinds, which is said to have infected at least nine major government agencies and more than a hundred key corporations.
Even if formal arms control treaties are impracticable, it may still be possible to impose restrictions on certain types of civilian targets and negotiate rough road rules.
For example, despite profound ideological changes, in 1972 the US and the Soviet Union negotiated a Maritime Incidents Agreement to limit maritime conduct that could lead to dangerous escalation.
Espionage is not against international law and an agreement to ban it would not be credible.
However, the US and Russia can negotiate the limits of their conduct regarding the extent (not existence) of their cyber espionage. Or they may agree to set boundaries in their interference in each other’s internal political processes.
Even if there is no agreement on precise definitions, they can exchange biased statements about areas of self-limitation and establish a regular consultative process to curb conflict.
This seems to have been the approach explored by Biden in Geneva.
According to the press, Biden submitted to Putin a list of 16 areas of critical infrastructure – including energy, health, information technology, financial services, chemicals and communications – which he said “should be outside the bounds of the period.
In a sense, this was not new.
The list of what Americans consider critical infrastructure has long been posted on the website of the US Cyber Security and Infrastructure Agency.
But it is different when one head of state submits a list to another.
In his post-summit press conference, Biden said: “I told him we have significant cyber capabilities. And he knows it. He does not know exactly what it is, but it is significant. And if, in fact, they violate these basic norms, we will respond. He knows. ” In other words, Biden was implying a deterrent threat if Russia continued to violate voluntary norms prohibiting attacks on civilian infrastructure and the use of its territory for harmful purposes.
Putin is smart, and he certainly listened to the message, but whether Russian behavior will improve depends on Biden’s credibility.
Drawing red lines can be tricky.
Some critics worry that by specifying what was to be defended, Biden could imply that other areas were fair play.
Moreover, red lines must be applied to be effective. Critics argue that the focus of the warning should have been focused on the amount of damage done, not where or how it was done.
By analogy, one does not tell a holiday host to shut down all his music; you warn them that if the noise becomes unbearable, you will call the police.
How Putin interprets Biden’s message remains to be seen in the coming months, but the two presidents agreed to set up a cyber working group that could try to set “tolerable” boundaries.
The US will have to declare rates unilaterally.
When Russia crosses such a line, America will have to prepare for targeted retaliation, such as emptying the bank accounts of some privileged oligarchs, publishing shameful information, or disrupting Russian networks.
The USCYBERCOM strategy for forward protection and ongoing engagement can be helpful for prevention, but it must be accompanied by a smooth communication process.
Criminal groups often act as state representatives to varying degrees, and the U.S. will need to make it clear that acting as a haven for cybercriminals will lead to retaliation.
And because road rules will never be perfect, they must be accompanied by a regular consultation process that creates a framework for warning and negotiation.
Whether Biden managed to launch such a process in Geneva, or whether Russian-American cyber relations will remain their bad normal, may become clearer in the coming months.
Joseph S. Nye is a professor at Harvard University and the author of several books.
Translated and adapted by Project Syndicate / konica.al