Russian Hackers: The shadowy world of US and Gulf hacks just got murkier
The covert Qatar-United Arab Emirates cyberwar that helped spark the 13-month-old Gulf crisis that pits a Saudi-United Arab Emirates-led alliance against Qatar may have just gotten murkier with the indictment of 12 Russian intelligence agents by US Special Counsel Robert Mueller.
Mr. Mueller’s indictment provided detail on website DCLeaks that was allegedly registered by Russian intelligence officers. The website initially distributed illicitly obtained documents associated with people connected to the Republican Party and later hacked emails from individuals affiliated with the election campaign of Democratic presidential candidate Hillary Clinton.
“Starting in or around June 2016 and continuing through the 2016 U.S. presidential election, the Conspirators used DCLeaks to release emails stolen from individuals affiliated with the Clinton Campaign,” the indictment reads.
The indictment focusses exclusively on hacking related to the US election that in 2017 brought Donald J. Trump to office. It makes no mention of hacking related to the 13-month-old Gulf crisis that pits a UAE-Saudi-led alliance against Qatar.
Yet, the indictment’s repeated references to DCLeaks raises the question whether there may also be a Russian link to the hacking last year of Yousef al-Otaiba, the UAE’s ambassador to the United States.
Mr. Otaiba’s revealing and potentially damaging emails that seemed to help Qatar in its public diplomacy campaign were distributed to major media and analysts, including this writer, by an entity that identified itself as Global Leaks.
Questions about a potential link between Global Leaks, DCLeaks and Russia stem not only from Global Leak’s use of a Russian provider that offers free email service but also by the group’s own reference to DCLeaks. The group’s initial email had ‘DCLeaks’ in its subject line.
It remains unclear whether the use of a Russian provider was coincidental and whether the reference to DC leaks was meant to mislead or create a false impression.
Global Leaks initially identified itself in en email as “a new group which is bringing to limelight human right violations, terror funding, illegal lobbying in US/UK to limelight of people to help make USA and UK great again and bring justice to rich sponsors of crime and terror.”
When pressed about its identity, the group said that “we believe that (the) Gulf in general has been crippling the American policy by involving us in their regional objectives. Lately it’s been (the) UAE who has bought America and traditionally it was their bigger neighbour (Saudi Arabia). If we had to hurt UAE, we have so much of documents given by source that it will not only hurt their image and economy but also legally and will for sure result in UN sanctions at the least. But that is not our goal.
Our goal is plain and simple, back off in playing with American interests and law, don’t manipulate our system, don’t use money as a tool to hurt our foreign policy…. It may be a coincidence that most things (we are leaking) do relate to UAE but in times to come if they continue and not stop these acts, we will release all the documents which may hurt all the countries including Bahrain and Qatar,” the group said.
Global Leaks’ allegation that the UAE was seeking to suck the United States’ into Gulf affairs predated reports that Mr. Mueller, the special counsel, was beside Russia also looking into whether George Nader, a highly paid Lebanese-American advisor to UAE Crown Prince Mohammed bin Zayed, had funnelled funds to the Trump campaign.
Mr. Mueller is further investigating a meeting in the Seychelles between Blackwater founder Erik Prince and Kirill Dmitriev, CEO of the Russian Direct Investment Fund, the country’s sovereign wealth fund, that was brokered by the UAE. Messrs. Prince and Dmitriev have denied that the meeting had anything to do with Mr. Trump.
Mr. Trump has not publicly addressed reports that his election campaign may have received Gulf funding but at a news conference with Russian President Vladimir Putin on Monday, Mr. Trump declined to endorse his government’s assessment that Russia interfered in the 2016 presidential election, saying he doesn’t “see any reason why Russia would be responsible.”
A British public relations watchdog, Spinwatch Public Interest Investigations, said, in a report published this week detailing UAE lobby efforts, that the Emirates since the 2011 popular Arab revolts had tasked public relations companies in the United States and Britain with linking members of Qatar’s ruling family to terrorism.
The lobbying effort also aimed to get the Qatar-backed Muslim Brotherhood banned, involved UAE threats to withhold lucrative trade deals from Britain if allegedly pro-Brotherhood reporting by the BBC was not curtailed, and targeted journalists and academics critical of the Gulf country, according to the report.
US intelligence officials said the UAE had last year orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani. The hacking provided the pre-text for the UAE-Saudi led economic and diplomatic boycott of the Gulf state. The UAE has denied the assertion.
US and Qatari officials said earlier that Russian hackers for hire had executed the attack on the Qatari websites. Cybersecurity experts said at the time that the hackers worked for various Gulf states. They said the methods used in the hacking of the Qatari website and Mr. Otaiba’s email were similar.
“They seem to be hackers-for-hire, freelancing for all sorts of different clients, and adapting their skills as needed,” said security expert Collin Anderson.
Two cybersecurity firms, ThreatConnect and Fidelis Cybersecurity said in 2016 that they had indications that the hackers who hit the Democratic National Committee were preparing a fake version of the U.A.E. Minis Britaintry of Foreign Affairs website that could be used in phishing attacks.
The UAE-Qatari cyberwar was indeed likely enabled by Russian hackers working for their own account rather than in coordination with the Russian government. It is however equally possible that the same hackers also put their services at the disposal of Russia.
None of what is known about the murky world of Russian hackers is conclusive, let alone produces a smoking gun. The various strands of Mr. Mueller’s investigation, however, suggest grounds to query not only Russian cyber efforts to influence the US election but also the involvement of Russian nationals in the cyber war in the Gulf and potential links between the two operations.
The Failures of Russian Intelligence in the Ukraine War and the Perils of Confirmation Bias
The Russian invasion of Ukraine defied many expectations, not least the Kremlin’s. Prior to the ‘special military operation’ launched by President Vladimir Putin last February, the Russian government expected minimal organised military resistance from the Ukrainians. A quick victory was assured, much like the 2014 annexation of Crimea but on a grander scale, with the decapitation of the Ukrainian government as a likely result. Yet, more than one year later, Ukraine remains very much in the fight, in defiance of Russian expectations. Evidently, the Russian military and political elite launched the invasion based on flawed assumptions. The question now, is what role did Russia’s intelligence services play in forming these false assumptions and why did they go unchallenged?
Much of the blame may rest on Putin himself according to a paper published in The British Journal of Politics and International Relations in December last year. Before the invasion, it was widely assumed that the Russian President’s ability to use strategic intelligence was virtually unrivalled on the world stage. Unlike other world leaders, Putin possesses a professional background in intelligence, having been both an officer in the KGB and director of the Federal Security Service (FSB), between 1998 and 1999. Russia’s swift and surprising annexation of Crimea and ability to disrupt targets with hybrid warfare was further evidence of Putin’s strategic acumen. However, the events leading up to and during the war in Ukraine cast the Russian President in a different light, as a deeply flawed intelligence manager and consumer.
One issue highlighted by the paper’s authors is that intelligence agencies within authoritarian regimes are blindsided by ‘a frequent inability to accept dissenting judgements as being offered in good faith.’ This appears to have been true of the Russian intelligence agencies prior to the invasion of Ukraine. Instead of offering their primary intelligence customer an intellectually honest assessment of the situation in Ukraine, the intelligence services appear to have disseminated intelligence that merely confirmed his biases. As explained by a group of experts in May last year, ‘Putin believes Ukraine is or ought to be Russian and whatever passed for intelligence preparation for the invasion may have confirmed this in his mind… We can infer that Russian intelligence services supported Putin’s view of Ukraine as a state ready to be absorbed.’
Ultimately, the officers of Russia’s intelligence agencies, be it the FSB, Foreign Intelligence Service (SVR), or Main Intelligence Directorate (GU), are dependent on Putin for their advancement, prosperity, and survival. This encourages a culture whereby the intelligence services compete for his approval, which is far from useful in terms of generating dispassionate and unbiased intelligence products. Years before the invasion, in 2017, Professor Brian D. Taylor argued that independent thinkers had largely left the Russian intelligence services, the implication being that they were now staffed by individuals who were content to conform with the dominant viewpoint. This has led to the formation of an institutional culture compromised by groupthink.
A very public example of the Russian intelligence community’s hesitancy to speak truth to power came in February 2022, when Director of the SVR Sergey Naryshkin was humiliated by Putin during a televised meeting of the Security Council. When questioned whether Russia should recognise the two self-proclaimed republics of Luhansk and Donetsk, Naryshkin suggested giving the West one final chance to return to the Minsk agreements. This was evidently not what Putin wanted to hear and he pressed a now visibly nervous and stuttering Naryshkin until the latter agreed that it would be the right course of action for Russia to recognise the two breakaway republics. Of course, this was a clear example of political theatre, but it does not bode well that Putin was willing to publicly humiliate one of his intelligence chiefs. Whilst it is not known what goes on behind close doors, there has been increasing scrutiny of Putin’s behaviour which suggests that the Russian leader has put an unhealthy amount of distance between himself and his top officials.
This is not to say that Putin micromanages the intelligence services or that he predetermines every decision without any recourse to their advice. Indeed, the intelligence services wield a tremendous amount of influence over high-level decision making. The problem is more so that the intelligence services are institutionally incentivised to say what they think Putin wants to hear. His views on Ukraine were well-publicised before the invasion, and no doubt senior intelligence officials would have been familiar with his frame of mind. His dismissal of there being a legitimate sense of Ukrainian nationalism and a belief that Ukrainians would be willing to join Russia and reject Western moral decadence and degradation were hardly secrets. For the intelligence services competing to win approval, there would have been few incentives to contradict this official narrative. Russian intelligence preparation for the invasion therefore likely served to confirm the Russian President’s biases.
There is some evidence to the contrary. According to US intelligence documents leaked in April, the FSB accused Russia’s Ministry of Defence of underreporting Russian casualties in Ukraine. Allegedly, the FSB was critical of the Ministry of Defence for failing to record the losses suffered by the Russian National Guard, the Wagner Group, or fighters under the command of Chechen leader Ramzan Kadyrov. The FSB’s casualty estimates were reportedly roughly double those given by Russian Defence Minister Sergei Shoigu in December. This does indicate a willingness to break bad news and contradict the official narrative. However, in this particular case, the FSB stands to enhance its own standing with Putin by undermining the Russian Ministry of Defence, thus fitting the broader pattern of institutional rivalry.
Naturally, much remains unknown about the activities and procedures of the Russian intelligence services prior to and after the invasion of Ukraine. What the available evidence does suggest however, is that Russia’s intelligence services are burdened by political considerations and biases which interfere with their ability to plan, direct, collect, process, analyse, and disseminate valid and useful intelligence. The Russian President bears much of the blame for the creation of a professional culture which does nor prioritise the truth as the highest good. Consequently, Russia initiated its invasion of Ukraine based on faulty assumptions and was unable to forecast the Ukrainian reaction with much accuracy.
Iran Threat to National Security 2023
The annual Threat Assessment of the U.S. Intelligence Community for 2023, identified Iran as the third greatest national security threat to the United States, after China and Russia. As those two countries have been covered in other reports, this paper will focus on the Iran threat, evaluating it within the framework of a PMESII analysis. PMESII is an acronym used in military and intelligence services which analyses threat countries across six dimensions: Political, Military, Economic, Social, Infrastructure, and Information.
1. Political: This dimension examines political systems, governance structures, institutions, and decision-making within a country, as well as the effectiveness of these systems and institutions. It also considers the stability or instability of the government.
The Islamic Republic of Iran (Jomhuri-ye Eslami-ye Iran), formerly known as Persia, has a population of around 88 million, and is located in Western Asia, bordering on Iraq, Turkey, Azerbaijan and Armenia, the Caspian Sea and Turkmenistan, Afghanistan, and Pakistan, and by the Gulf of Oman and the Persian Gulf. The country is a theocratic republic, with a Shia Islamic legal framework.
Iran regularly holds elections, but the quality of democracy is limited because of the influence of the Guardian Council, an unelected body with the power to disqualify candidates on religious grounds. Iran has a president who is elected by the people, but the president is only the head of government, not the head of state. As head of government, the president oversees the operations and implementation of government. True executive power rests in the head of state, the Supreme Leader, Ayatollah Ali Khamenei. The Supreme Leader controls numerous unelected institutions, including the security forces and the judiciary, which are used to suppress dissent and to restrict civil liberties.
Since the establishment of the Islamic Republic of Iran in 1979, the Supreme Leader has always been an Ayatollah. The founder of the Islamic Republic was Ayatollah Ruhollah Khomeini, who maintained the title of Supreme Leader until his death in 1989. He was succeeded by Ayatollah Ali Khamenei, the current Supreme Leader.
The Supreme Leader presides over the Guardian Council, which interprets legislation and elections to determine if they are consistent with the principles of Islam and the Iranian Constitution. The Guardian Council has twelve members, six of whom are appointed by the Supreme Leader. The remaining six are nominated by the Judiciary and approved by the Parliament (Majlis).
In terms of political rights, Freedom House assigns Iran a score of 4 out of 40 and civil liberties 10 out of 60. Citizens have the right to form political parties, but those parties must be loyal to the current government. Change is unlikely to come within the existing governmental framework because of the influence of the unelected bodies. In 2021, for example, the former vice president Jahangiri, was disqualified from running for president because he was determined to be a reformist.
The government is largely dominated by men from the Shiite Muslim majority. Women hold some appointed positions, but generally not powerful ones. In the parliament, five seats are reserved for recognized non-Muslim minority groups: Jews, Armenian Christians, Assyrian and Chaldean Christians, and Zoroastrians. However, members of these groups would generally not be appointed to high-level government posts.
Corruption is rife in Iran. Transparency International assigns Iran a score of 25/100 for corruption, whereby a lower score denotes higher levels of corruption. Iran ranks 147th out of 180 nations. Much of this corruption is attributable to the Islamic Revolutionary Guard Corps (IRGC) which is above scrutiny in practice, and is protected from criticism by the media and civil society.
The Islamic Revolutionary Guard Corps (IRGC) is a military/paramilitary organization with vast political and economic power. The IRGC was formed immediately after the 1979 Iranian Revolution, tasked with safeguarding the principles of the Islamic Republic and protecting the country’s sovereignty. Under the direct control of the Supreme Leader, the IRGC controls large sectors of the economy helping fund Tehran’s activities. The IRGC also provides military assistance to entities beyond Iran’s borders, as it has done for various groups in Afghanistan, Iraq, Lebanon, Palestine, Syria, and Yemen.
The group’s mandate includes defending the nation against external threats and maintaining internal security. The IRGC is also assigned the duty of preserving the Islamic Republic’s revolutionary ideals and ensuring compliance with Islamic principles. Additionally, it has significant influence on Iran’s foreign policy, including supporting regional proxies and paramilitary groups, by providing training, weapons, and logistics. On the economic front, the IRGC is involved in a broad array of businesses, including construction, infrastructure development, energy, telecommunications, and others. It owns and operates numerous conglomerates and companies which augment the groups financing and influence.
2. Military: The military dimension of PMESII assess a country’s military strength. It is not comprehensive, however, as it mostly considers personnel and hardware. It does not consider alliances, overseas bases, or the quality of equipment or quality and experience of personnel. All of this will be covered in greater detail in a separate report.
The U.S. ranks first in global firepower. Iran ranks 17th. The U.S. population is 337 million, compared to Iran’s 88 million. The U.S. is the world’s number-two nuclear power. While it is widely suspected that Iran is working on a nuclear weapons program, to date, it seems they do not possess any nuclear weapons.
The number of active-duty troops is1.39 million for the U.S. and 575,000 for Iran. Additionally, Iran has about 90,000 paramilitary personnel. Comparing the defense budgets, the U.S. spends $762 billion and Iran $25 billion.
Aircraft – US 13,300 to Iran’s 541
fighter aircraft -1,914 to 196
Transports – 962 to 86
Helicopters – 5,584 to 126
Attack helicopters – 983 to 12
Tanks – 5,500 to 4,071
Armored vehicles – 303,553 to 69,685
Self-propelled artillery – 1,000 to 580
Towed artillery – 1,339 to 2050
Ships – 484 to Iran’s 101
Aircraft carriers – 11 to 0
Helicopter carriers – 9 to 0
Submarines – 68 to 19
Destroyers – 82 to 0
Frigates 0 to 7
3. Economic: Wars are costly to wage. Existing assets have to be deployed, possibly overseas, which is expensive. Factories need to begin churning out exhaustible resources, such as ammunition and artillery shells, as well as replacement vehicles, planes and ships. Uniforms and weapons for new recruits must also be produced en masse. Wars are generally funded by debt, with governments issuing war bonds. The ability to sell those bonds and the interest rate the government has to pay is determined by the nation’s creditworthiness, its economic condition before the war, and whether or not the country is under sanctions. The Ukraine War has underscored the power of sanctions and their ability to prevent dollars from flowing into a country deemed the aggressor. Iran would be incapable of levying meaningful sanctions against the U.S. The U.S., by contrast would be able to bring sanctions against Iran. China would most likely help Iran bypass sanctions, but in the end, the U.S. would be able to reduce the amount of money flowing into Iran, while Iran would not be able to do the same to the U.S.
The size of the potential pool of soldiers is important, as is the number of workers available to produce war materials. The U.S. labor force consists of 163 million workers, while Iran’s comprises only 28 million.
Iran holds foreign currency reserves valued at $21.4 billion, while the U.S. holds about $37.5 billion. Roughly 60% of foreign currency reserves around the world are held in U.S. dollars. The U.S. does not hold as much foreign reserves as countries such as China and Japan, but this is because the U.S. government has access to more-or-less unlimited quantities of U.S. dollars.
Basic Indicators for Iran
GDP = $352.2
GDP Per capita = $5344.96
Inflation rate = 43.3%
Unemployment = 9.7%
Corruption and mismanagement, including price controls and subsidies, weigh heavily on the Iran’s economy. The reliance on oil as well as government domination of numerous industrial sectors further inhibit Iran’s development. There is also a significant brain drain as many of the most qualified people flee the country, in search of a better life abroad.
The Heritage Foundation assigns Iran an overall economic freedom score of 42.2 out of 100, making it the 169th freest country in the world. For business freedom Iran scored 38.9 out of 100, labor freedom of 50.7, monetary freedom of 40.6 and financial freedom of 10.
Investment in new businesses, as well as economic development in general, are directly correlated with the protection of property rights and enforcement of contracts. For property rights, Iran scored 25/100, judicial effectiveness 26/100, and for government integrity 20/100.
4. Social: The social dimension looks at societal and demographic elements, including social unrest, ethnic or religious tensions, and social cohesion which might weaken a country’s ability to fight a war.
Ethnicities: Persians 61% of the population, Kurds (10%), Lurs (6%), and Balochs (2%), Azerbaijanis (16%), Arabs (2%), Turkmens and Turkic tribes (2%), followed by a small number each of Armenians, Assyrians, and Georgians.
Religion: Islam is the official religion, accounting for roughly 99.4% of the population. Shi’a Muslim (89%) and Sunni (10%). The remaining 1% is composed of Christian, Zoroastrian, Baha’i and Jewish. Christians are the largest minority religion with 250,000 to 370,000 followers, mostly of Armenian origin.
The government punishes Shi’a Muslims who they believe have failed to uphold Islamic values, while Sunnis, Christians, Jews, and other non-Muslims have all been victims of repression. Some religious minorities are effectively banned, such as Baha’i and unrecognized Christian groups. Baha’i members have been persecuted, jailed, and banned from attending university.
The Iranian constitution allows freedom of assembly, as long as gatherings are not “detrimental to the fundamental principles of Islam.” Given the state’s interpretation of detrimental, there is effectively no freedom of assembly in Iran. Protests and unauthorized gatherings are generally met with brutal force. In 2022, the government used lethal force to suppress protests against water shortages and poor living conditions in several provinces. Human rights leaders and labor rights advocates have been arrested or punished on an arbitrary basis. Activists can even be arrested without a warrant. The lawyers who defend them can also face jail time.
5. Infrastructure: an analysis of critical systems, such as transportation networks, energy systems, telecommunications, and industrial facilities can help to determine a county’s vulnerabilities, resilience, and potential risks.
The United States has 13,513 airports while Iran has 319. The U.S. has 35 ports, but Iran only 4. In oil production, the U.S. also leads with 18,000,000bbl, compared to Iran’s 3,450,000bbl.
Proven oil reserves – U.S. 50,000,000,000bbl, Iran 210,000,000,000bbl
Natural Gas Production – US 967,144,362,000bbl, Iran 237,561,415,000bbl
Coal Production – 495,130,000bbl, Iran 2,783,000bbl
6. Information: The information dimension analyzes the flow of information, as well as the communication systems, and media within a country. This analysis helps to understand how public opinion is formed and how propaganda and disinformation are disseminated.
In Iran, there is little media freedom either on or off line. Newspapers and other media are heavily censored, and the government directs journalists as to which stories to cover and which to avoid. Critics and opponents of the government are never given a platform. Many foreign websites, including news sites and social media, are blocked. Satellite dishes are illegal, and the police have actually raided homes, confiscating dishes. Persian language journalists working abroad have had their families threatened if the state did not approve of their reporting.
Reporters without Borders Ranks Iran as 177th least free country out of 180. Television is controlled by the state, and Persian language TV broadcasts from outside of the country are jammed. State television often airs confessions extracted from political prisoners by way of torture. Over the past two years, there has been a particular crackdown on journalists with an increased number of arrests and imprisonments. In one case a journalist was sentences to 90 lashes for allegedly making false news reports. The Islamic Republic has been known to target for kidnapping Iranian journalists operating abroad, as nearly happened to journalist Masih Alinejad in July 2021.
Academia is also not free and contains a great deal of indoctrination. The Supreme Leader, Ayatollah Khamenei warned that universities should not become centers for political activities. Students and professors have been jailed for speaking out against the regime or studying or teaching material which the state disapproved of.
Digital communication is monitored by state intelligence agencies. At the same time, the Iranian government utilizes online platforms and social media to disseminate propaganda and to influence the public. To this end, troll farms have been utilized, creating fake accounts and manipulating online discourse to support Tehran’s narratives. State sponsored cyber hacking is another way that Tehran controls the information space. And while the government has access to the most modern technology, the country suffers from a massive urban/rural divide, with much of the rural population unable to access the internet.
Online activism is illegal. And, the government is looking for ways to make accessing forbidden content even more difficult. In July of last year, the parliament began considering criminalizing the use and distribution of virtual private networks (VPNs) and requiring internet users to verify their legal identities. In January, 2023, it was announced that the unauthorized sale of VPNS would be banned.
International Information Security in US-Russian Bilateral Relations
There have been periods of convergence and cooldown in U.S.-Russian relations on issues pertaining to international information security (IIS), the latter being witnessed by us today.
Moscow remains open to dialogue, advocating the rules of responsible conduct for governments, with a view to boosting peaceful development of the ICT environment, both globally and bilaterally. However, Washington is betting on maintaining its leadership and deterrence of Russia in cyberspace, so reaching agreements in the near future seems rather unlikely.
Amid a complex geopolitical environment, communication between the two countries needs to be maintained for managing contradictions and reducing the risk of escalation in cyberspace. Today, bilateral interaction takes place on the platform of the UN Open-ended Working Group on the Safe Use of ICTs (OEWG), which was established at the initiative of Russia. Informal diplomacy of the expert community, business representatives and NGOs can play an important role in determining possible areas of cooperation between the two nations in the long term.
Cybersecurity as a foreign policy priority for Russia and the U.S.
In 1998, Russia turned to the United States with a proposal to sign a bilateral agreement focused on preventing the militarization of the information space. Washington did not endorse Moscow’s peacemaking initiative, willing to keep a free hand in the military use of ICT. In the same year, Russia proposed this issue to the UNGA, which became the starting point of the UN negotiation process on IIS. Since then, at the initiative of the Russian side, a resolution on “Developments in the Field of Information and Telecommunications in the Context of International Security” has been annually adopted at the UNGA. Six groups of government experts were convened to discuss this problem, and four of them managed to pass the final reports.
The most important result of Russia’s diplomatic efforts was the adoption of 13 rules of responsible behavior of states in the global ICT environment, which were outlined in the 2018 UNGA resolution. These include: non-use of force or threat of force in the ICT environment, respect for state sovereignty, peaceful resolution of disputes, inadmissibility of unproven accusations of cyberattacks, etc.
In the early 2000s, this topic, largely due to the efforts of Russian diplomats, entered the agenda of most global and regional forums, including the SCO, CSTO, BRICS and others. IIS is currently one of the key topics.
According to complex expert ratings, Russia and the U.S. (along with China) are the leading cyber powers as of today. Therefore, their relations in the field of cyber security bear critical importance for the whole international community. Russia supports digital multipolarity and peaceful development of the ICT environment, while the United States seeks to preserve its leadership and sees Russia and China among its main strategic rivals in information and real geopolitics. The U.S. National Security Strategy of October 2022 considers deterring Russia and China, including in cyberspace, as one of the national security priorities.
The priority nature of international information security for Russia is enshrined in a number of strategic planning documents, such as the Fundamentals of Russia’s National Policy in International Information Security 2021, National Security Strategy 2021, and others. According to these documents, Russia pursues a policy towards shaping a peaceful and stable ICT environment and an inauguration of the IIS regime.
The U.S. has long been wary of Russia’s proposals, seeing them as an attempt to limit the development of ICT and challenge American leadership. In April 2022, the United States issued a Declaration for the Future of the Internet, proposing to fight for freedom of information transfer, and naming authoritarian states Russia and China as antagonists of the free Internet.
However, vulnerability to cyber threats has repeatedly prompted the U.S. to seek bilateral agreements with Russia.
In 2013, on the sidelines of the G8 Summit in Lough Erne, a Joint Statement of the Presidents of the Russian Federation and the United States of America on a New Field of Cooperation in Confidence Building. It included three documents stipulating the establishment of direct lines of communication between Moscow and Washington to prevent any escalation of cyber incidents, to promote the exchange of information between national security supervisors, as well as to establish incident and emergency response teams. A special working group was supposed to foster such cooperation. However, as a result of the general chill in the relations between Russia and the Collective West after Russia’s reunification with Crimea in 2014, Washington suspended its participation. A direct line of communication was used in October 2016, when President Obama contacted Moscow in view of hacking attacks on U.S. political institutions on the eve of the U.S. presidential election. The conflict was frozen, but it was an important precedent that attested to the importance of responding to various incidents or emergencies and the importance of communication channels between the two countries.
It was much more difficult for Donald Trump to collaborate in this area due to allegations of his ties to “Russian hackers,” which is why discussions on this issue did not result in practical agreements. In July 2017, during a meeting with Trump in Hamburg, Russian President Vladimir Putin proposed to step up engagement in cyberspace. Initially, the head of the White House publicly expressed support for the initiative, backtracking later due to the pressure from the U.S. Congress. During the 2018 meeting between the two leaders in Helsinki, Russia offered cooperation in preventing cyberattacks on critical infrastructure, but Washington rejected that initiative as well.
Collaboration between Russia and the United States to promote information security in historical perspective
The dynamics of negotiations changed under Joe Biden. On September 25, 2020, President Vladimir Putin proposed a project called to normalize U.S.-Russian relations in cyberspace, which included an exchange of “guarantees of non-interference in domestic affairs, such as election campaigns, using the ICT leverage.” The initiative followed a growing number of accusations by various U.S. political forces that Russia had deliberately interfered in the U.S. elections. Moscow has always denied and still denies the very possibility of such interference. The U.S. did not support the proposal, but Russia’s efforts bore fruit later. During the meeting of Putin and Biden on June 16, 2021, the two leaders reached an agreement on cooperation in fighting cybercrime. Besides, a joint U.S.-Russian resolution on international information security was proposed and subsequently adopted as a follow-up to the agreements at the UNGA level.
In 2022, the U.S. unilaterally withdrew from cyber agreements reached in 2021 under the pretext of Russia’s special military operation (SSO) in Ukraine, embarking upon the path of aggressive unilateral action. As Oleg Syromolotov, Russian Deputy Foreign Minister, points out, Washington is supporting Ukraine’s IT army, including for attacks on critical information infrastructure. At present, the largest number of cyberattacks on Russian territory comes from the United States, NATO member states and Ukraine.
Thus, in the short term, the U.S. is not willing to engage in dialogue with Russia as an equal partner, while Moscow will not accept any interactions imposed on it from a position of power. Moreover, as was noted by Andrey Krutskikh, Special Representative of the President of the Russian Federation for International Cooperation in the Field of Information Security, “statements about the need to inflict a strategic defeat on Russia sidetrack any opportunity for dialogue.”
Problems of reconciling the approaches of the two nations to IIS
This situation in bilateral relations is far from new. We can draw parallels with the crises of the Cold War, when the parties saw the need for dialogue in the face of acute mutual contradictions. Today, interaction on cyber issues is carried out on the OEWG platform. During the Cold War, the UN performed the same functions in the area of strategic stability as the OEWG does today in cyber policy and IIS.
In addition to the OEWG, the UN Special Committee on Combating the Criminal Use of ICTs, also established at Russia’s initiative, successfully follows through with its effort.
Despite the fact that Western states have repeatedly tried to divert the OEWG’s discussions—away from the mandated issues of designing rules of responsible conduct for state actors in the ICT environment to the discussion of Russia’s special military operation in Ukraine—the platform has maintained its importance, with Western nations, along with Russia and its partners, actively participating in the proceedings of the platform.
Moreover, there has been a shift in the U.S. position on the regulation of the global ICT environment. The U.S. officially declares the need to develop rules for the behavior of state actors in the information space. Thus, the State Department’s Bureau of Cyberspace and Digital Policy defined the development of rules of responsible conduct for states in cyberspace as one of its goals in 2022. U.S. support for the UN dialogue is related to the fact that the U.S. is becoming more vulnerable in the midst of multipolar digital world order.
Thus, Moscow’s and Washington’s approaches to a potential cybersecurity dialogue at the UN level may seem to be complementary on many issues. No reconciling is to be expected, however. The U.S. and its allies seek to “hijack the agenda” in global forums, orienting the global community towards their own initiatives. As for the rules of responsible conduct for state actors—the area of cooperation traditionally supported by Russia—the U.S. took a stand in favor of the French draft resolution of the UNGA “Program of action to advance responsible State behavior in the use of information and communications technologies in the context of international security” in 2022. This program, as conceived by its authors, should become a permanent UN institutional mechanism for discussing issues related to countering global threats in the field of ICT. It is suggested that the French project should be launched once the OEWG mandate expires in 2025.
The document presents a number of propositions that coincide with Russia’s stance on IIS and that our country has been proactively promoting over the past 20 years. In particular, there is an emphasis on the priority role of the UN in the process of negotiations on those issues. It is also recognized that, taking the specifics of ICT into account, new binding norms might be adopted in the future, and the significance of the results already achieved within the framework of the UN GGE on IIS is also pointed out. The discrepancy has to do with the longer-term prospects of cooperation. In the long run, Russia advocates for an international convention on IIS under the auspices of the UN, while the West insists on non-binding voluntary norms, conditioning the rapid obsolescence of any document on the speed of technological advancement. Non-binding norms are insufficient to deal with the increasing intensity and danger of threats to IIS, and this explains why the Russian vision is backed by many states. In 2023, Russia submitted its draft resolution “Developments in the Field of Information and Telecommunications in the Context of International Security” to the UNGA, which was backed at the General Assembly.
Besides, there are contradictions in the area of combating the criminal use of ICTs. The United States supports the 2001 Budapest Convention, which makes it possible to combat cybercrime without regard for state sovereignty and, in fact, assumes extraterritorial extension of the right of the strongest in this area. Russia, for its part, supports the adoption of a UN Convention, stemming from the principle of inviolability of state sovereignty in combating the criminal use of ICT. At the same time, successful discussions on the draft convention proposed by Russia show support for the Russian vision of IIS, focused on the respect for state sovereignty, equal partnership and formation of international regimes on the basis of legally-binding agreements.
Meanwhile, U.S. initiatives have, for the most part, a limited number of supporters. For example, about 60 states have joined the Declaration for the Future of the Internet. As was noted in the report Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet co-authored by Nathaniel Fick, Head of the State Department’s Bureau of Digital Policy and Cyberspace, norms are better used for rallying allies than for managing the behavior of competitors. Washington’s approach is not widely supported around the world, and only its closest allies are willing to sign on to it. Many nations support Russian initiatives, or back both Russian and Western approaches, as they try to avoid politicization in this area.
At the same time, the U.S. expert community, traditionally having a serious influence on foreign policy, is getting tired of anti-Russian rhetoric. In particular, the authoritative political scientist John Mearsheimer argues in his article published by Foreign Affairs in 2022 in favor of dialogue between Washington and Moscow as it could prevent further escalation between the nuclear superpowers. Another prominent realist, Stephen Waltz, published an article following a similar logic. Cyberspace experts pay more attention to the need for dialogue and parity with China, than with Russia, although some publications are devoted to the necessity of dialogue between superpowers in order to prevent global “cyber disorder.” Similar ideas are expressed in the European expert community, including among SIPRI experts. Russian experts and politicians have repeatedly stated that Russia is ready to cooperate on the condition of equal partnership.
Yet, given the modern-day circumstances, no political force in Washington can support cyber negotiations with Russia as anti-Russian sentiments are very strong in the American society. Be that as it may, from practical perspectives, the U.S. is still interested in cooperation to de-escalate incidents and combat cybercrime, as Biden’s representatives have repeatedly stated before. Thus, one should not expect deeper cooperation and new documents adopted, but the U.S. will probably seek to preserve the existing channels of communication instead of tearing relations completely. Drawing an analogy with the Cold War, one can argue that cybersecurity is becoming part of a new strategic stability equation in bilateral relations, despite Washington’s unwillingness to openly admit it, as it insists on maintaining its leadership in this area.
With bilateral ties severed through Washington’s fault, the UN’s OEWG still serves as a channel of communication, which is especially important in promoting information security, where misattribution of a cyber incident can lead to escalation. The prospect of new bilateral agreements on information security signed looks rather unlikely in the foreseeable future; and the most important task is to maintain the level of ties and relations that have been achieved so far.
Despite growing tensions in the international arena, there have been no major cyber clashes between cyber powers. This suggests that states view the use of cyber weapons as one of the “red lines”, being well aware that crossing them could lead to an unwanted escalation. Thus, the IIS in bilateral relations confirms is the best evidence that it belongs to a larger network of strategic stability relationships.
Even the crisis in U.S.-Russian relations, following the launch of Russia’s operation in Ukraine, did not see any changes in the activities of the UN platforms—the dialogue remained intact. The OEWG, as a negotiating platform on international information security, has passed the test in a rough environment, having proven the relevance of such platforms as well as Russia’s global initiatives. In the long run, informal channels of communication will be important, including expert, academic and business meetings, where the search for ways to develop bilateral relations in the cyber space will be possible.
From our partner RIAC
Russia, a country of perpetual war
Russia is an interesting society: if you ask any Russian if he or she thinks that Russia is governed well,...
Indonesian Media Perception of China After Brokering Saudi-Iran Peaceful Restoration
In some degree, we have agreement that regional instability in the Middle East occurred as a result of the reckless...
Nuclear Energy & Pakistan’s Economic Development
Pakistan is going through a tumultuous time. Its economic condition is deteriorating every day, and there are even concerns about...
The Effectiveness of the Declaration of the Convention on the Rights of the Child in Combating Child Labor in Indonesia
Initiated by the United Nations regarding the importance of Human Rights in dealing with the protection of children’s rights, then...
French-African Foundation Celebrates Achievements with Young Leaders from Africa
Placed under the high patronage of the President of the French Republic Emmanuel Macron and the President of the Republic...
Mongolia To Strengthen Transparency Through Constitutional Reforms
The Government of Mongolia has this week made efforts to strengthen the governance of its legislature and increase transparency by...
Japanese Nintendo Folds Up Games Sales in Russia
Russia’s Ministry of Industry and Trade has expanded its list of goods for parallel importation, including some foreign toy brands...
World News3 days ago
“Global Times”: China-Russia cooperation is broader than what US-led West can envision
Americas4 days ago
Of course, the “Unipolar Party” is over
Energy4 days ago
Strategic Partnership Opportunities among ASEAN countries towards Renewable Energy
South Asia3 days ago
The Need for the Next SAARC Summit
Finance2 days ago
Will Egypt Join and Adapt BRICS Currency?
New Social Compact3 days ago
Migration through the Prism of Feminist International Relations
South Asia4 days ago
International Peacekeeping Day: Pakistan’s Case
South Asia4 days ago
Striving for Balance: Pakistan’s Climate Equity Drive