There have been periods of convergence and cooldown in U.S.-Russian relations on issues pertaining to international information security (IIS), the latter being witnessed by us today.
Moscow remains open to dialogue, advocating the rules of responsible conduct for governments, with a view to boosting peaceful development of the ICT environment, both globally and bilaterally. However, Washington is betting on maintaining its leadership and deterrence of Russia in cyberspace, so reaching agreements in the near future seems rather unlikely.
Amid a complex geopolitical environment, communication between the two countries needs to be maintained for managing contradictions and reducing the risk of escalation in cyberspace. Today, bilateral interaction takes place on the platform of the UN Open-ended Working Group on the Safe Use of ICTs (OEWG), which was established at the initiative of Russia. Informal diplomacy of the expert community, business representatives and NGOs can play an important role in determining possible areas of cooperation between the two nations in the long term.
Cybersecurity as a foreign policy priority for Russia and the U.S.
In 1998, Russia turned to the United States with a proposal to sign a bilateral agreement focused on preventing the militarization of the information space. Washington did not endorse Moscow’s peacemaking initiative, willing to keep a free hand in the military use of ICT. In the same year, Russia proposed this issue to the UNGA, which became the starting point of the UN negotiation process on IIS. Since then, at the initiative of the Russian side, a resolution on “Developments in the Field of Information and Telecommunications in the Context of International Security” has been annually adopted at the UNGA. Six groups of government experts were convened to discuss this problem, and four of them managed to pass the final reports.
The most important result of Russia’s diplomatic efforts was the adoption of 13 rules of responsible behavior of states in the global ICT environment, which were outlined in the 2018 UNGA resolution. These include: non-use of force or threat of force in the ICT environment, respect for state sovereignty, peaceful resolution of disputes, inadmissibility of unproven accusations of cyberattacks, etc.
In the early 2000s, this topic, largely due to the efforts of Russian diplomats, entered the agenda of most global and regional forums, including the SCO, CSTO, BRICS and others. IIS is currently one of the key topics.
According to complex expert ratings, Russia and the U.S. (along with China) are the leading cyber powers as of today. Therefore, their relations in the field of cyber security bear critical importance for the whole international community. Russia supports digital multipolarity and peaceful development of the ICT environment, while the United States seeks to preserve its leadership and sees Russia and China among its main strategic rivals in information and real geopolitics. The U.S. National Security Strategy of October 2022 considers deterring Russia and China, including in cyberspace, as one of the national security priorities.
The priority nature of international information security for Russia is enshrined in a number of strategic planning documents, such as the Fundamentals of Russia’s National Policy in International Information Security 2021, National Security Strategy 2021, and others. According to these documents, Russia pursues a policy towards shaping a peaceful and stable ICT environment and an inauguration of the IIS regime.
The U.S. has long been wary of Russia’s proposals, seeing them as an attempt to limit the development of ICT and challenge American leadership. In April 2022, the United States issued a Declaration for the Future of the Internet, proposing to fight for freedom of information transfer, and naming authoritarian states Russia and China as antagonists of the free Internet.
However, vulnerability to cyber threats has repeatedly prompted the U.S. to seek bilateral agreements with Russia.
In 2013, on the sidelines of the G8 Summit in Lough Erne, a Joint Statement of the Presidents of the Russian Federation and the United States of America on a New Field of Cooperation in Confidence Building. It included three documents stipulating the establishment of direct lines of communication between Moscow and Washington to prevent any escalation of cyber incidents, to promote the exchange of information between national security supervisors, as well as to establish incident and emergency response teams. A special working group was supposed to foster such cooperation. However, as a result of the general chill in the relations between Russia and the Collective West after Russia’s reunification with Crimea in 2014, Washington suspended its participation. A direct line of communication was used in October 2016, when President Obama contacted Moscow in view of hacking attacks on U.S. political institutions on the eve of the U.S. presidential election. The conflict was frozen, but it was an important precedent that attested to the importance of responding to various incidents or emergencies and the importance of communication channels between the two countries.
It was much more difficult for Donald Trump to collaborate in this area due to allegations of his ties to “Russian hackers,” which is why discussions on this issue did not result in practical agreements. In July 2017, during a meeting with Trump in Hamburg, Russian President Vladimir Putin proposed to step up engagement in cyberspace. Initially, the head of the White House publicly expressed support for the initiative, backtracking later due to the pressure from the U.S. Congress. During the 2018 meeting between the two leaders in Helsinki, Russia offered cooperation in preventing cyberattacks on critical infrastructure, but Washington rejected that initiative as well.
Collaboration between Russia and the United States to promote information security in historical perspective
The dynamics of negotiations changed under Joe Biden. On September 25, 2020, President Vladimir Putin proposed a project called to normalize U.S.-Russian relations in cyberspace, which included an exchange of “guarantees of non-interference in domestic affairs, such as election campaigns, using the ICT leverage.” The initiative followed a growing number of accusations by various U.S. political forces that Russia had deliberately interfered in the U.S. elections. Moscow has always denied and still denies the very possibility of such interference. The U.S. did not support the proposal, but Russia’s efforts bore fruit later. During the meeting of Putin and Biden on June 16, 2021, the two leaders reached an agreement on cooperation in fighting cybercrime. Besides, a joint U.S.-Russian resolution on international information security was proposed and subsequently adopted as a follow-up to the agreements at the UNGA level.
In 2022, the U.S. unilaterally withdrew from cyber agreements reached in 2021 under the pretext of Russia’s special military operation (SSO) in Ukraine, embarking upon the path of aggressive unilateral action. As Oleg Syromolotov, Russian Deputy Foreign Minister, points out, Washington is supporting Ukraine’s IT army, including for attacks on critical information infrastructure. At present, the largest number of cyberattacks on Russian territory comes from the United States, NATO member states and Ukraine.
Thus, in the short term, the U.S. is not willing to engage in dialogue with Russia as an equal partner, while Moscow will not accept any interactions imposed on it from a position of power. Moreover, as was noted by Andrey Krutskikh, Special Representative of the President of the Russian Federation for International Cooperation in the Field of Information Security, “statements about the need to inflict a strategic defeat on Russia sidetrack any opportunity for dialogue.”
Problems of reconciling the approaches of the two nations to IIS
This situation in bilateral relations is far from new. We can draw parallels with the crises of the Cold War, when the parties saw the need for dialogue in the face of acute mutual contradictions. Today, interaction on cyber issues is carried out on the OEWG platform. During the Cold War, the UN performed the same functions in the area of strategic stability as the OEWG does today in cyber policy and IIS.
In addition to the OEWG, the UN Special Committee on Combating the Criminal Use of ICTs, also established at Russia’s initiative, successfully follows through with its effort.
Despite the fact that Western states have repeatedly tried to divert the OEWG’s discussions—away from the mandated issues of designing rules of responsible conduct for state actors in the ICT environment to the discussion of Russia’s special military operation in Ukraine—the platform has maintained its importance, with Western nations, along with Russia and its partners, actively participating in the proceedings of the platform.
Moreover, there has been a shift in the U.S. position on the regulation of the global ICT environment. The U.S. officially declares the need to develop rules for the behavior of state actors in the information space. Thus, the State Department’s Bureau of Cyberspace and Digital Policy defined the development of rules of responsible conduct for states in cyberspace as one of its goals in 2022. U.S. support for the UN dialogue is related to the fact that the U.S. is becoming more vulnerable in the midst of multipolar digital world order.
Thus, Moscow’s and Washington’s approaches to a potential cybersecurity dialogue at the UN level may seem to be complementary on many issues. No reconciling is to be expected, however. The U.S. and its allies seek to “hijack the agenda” in global forums, orienting the global community towards their own initiatives. As for the rules of responsible conduct for state actors—the area of cooperation traditionally supported by Russia—the U.S. took a stand in favor of the French draft resolution of the UNGA “Program of action to advance responsible State behavior in the use of information and communications technologies in the context of international security” in 2022. This program, as conceived by its authors, should become a permanent UN institutional mechanism for discussing issues related to countering global threats in the field of ICT. It is suggested that the French project should be launched once the OEWG mandate expires in 2025.
The document presents a number of propositions that coincide with Russia’s stance on IIS and that our country has been proactively promoting over the past 20 years. In particular, there is an emphasis on the priority role of the UN in the process of negotiations on those issues. It is also recognized that, taking the specifics of ICT into account, new binding norms might be adopted in the future, and the significance of the results already achieved within the framework of the UN GGE on IIS is also pointed out. The discrepancy has to do with the longer-term prospects of cooperation. In the long run, Russia advocates for an international convention on IIS under the auspices of the UN, while the West insists on non-binding voluntary norms, conditioning the rapid obsolescence of any document on the speed of technological advancement. Non-binding norms are insufficient to deal with the increasing intensity and danger of threats to IIS, and this explains why the Russian vision is backed by many states. In 2023, Russia submitted its draft resolution “Developments in the Field of Information and Telecommunications in the Context of International Security” to the UNGA, which was backed at the General Assembly.
Besides, there are contradictions in the area of combating the criminal use of ICTs. The United States supports the 2001 Budapest Convention, which makes it possible to combat cybercrime without regard for state sovereignty and, in fact, assumes extraterritorial extension of the right of the strongest in this area. Russia, for its part, supports the adoption of a UN Convention, stemming from the principle of inviolability of state sovereignty in combating the criminal use of ICT. At the same time, successful discussions on the draft convention proposed by Russia show support for the Russian vision of IIS, focused on the respect for state sovereignty, equal partnership and formation of international regimes on the basis of legally-binding agreements.
Meanwhile, U.S. initiatives have, for the most part, a limited number of supporters. For example, about 60 states have joined the Declaration for the Future of the Internet. As was noted in the report Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet co-authored by Nathaniel Fick, Head of the State Department’s Bureau of Digital Policy and Cyberspace, norms are better used for rallying allies than for managing the behavior of competitors. Washington’s approach is not widely supported around the world, and only its closest allies are willing to sign on to it. Many nations support Russian initiatives, or back both Russian and Western approaches, as they try to avoid politicization in this area.
At the same time, the U.S. expert community, traditionally having a serious influence on foreign policy, is getting tired of anti-Russian rhetoric. In particular, the authoritative political scientist John Mearsheimer argues in his article published by Foreign Affairs in 2022 in favor of dialogue between Washington and Moscow as it could prevent further escalation between the nuclear superpowers. Another prominent realist, Stephen Waltz, published an article following a similar logic. Cyberspace experts pay more attention to the need for dialogue and parity with China, than with Russia, although some publications are devoted to the necessity of dialogue between superpowers in order to prevent global “cyber disorder.” Similar ideas are expressed in the European expert community, including among SIPRI experts. Russian experts and politicians have repeatedly stated that Russia is ready to cooperate on the condition of equal partnership.
Yet, given the modern-day circumstances, no political force in Washington can support cyber negotiations with Russia as anti-Russian sentiments are very strong in the American society. Be that as it may, from practical perspectives, the U.S. is still interested in cooperation to de-escalate incidents and combat cybercrime, as Biden’s representatives have repeatedly stated before. Thus, one should not expect deeper cooperation and new documents adopted, but the U.S. will probably seek to preserve the existing channels of communication instead of tearing relations completely. Drawing an analogy with the Cold War, one can argue that cybersecurity is becoming part of a new strategic stability equation in bilateral relations, despite Washington’s unwillingness to openly admit it, as it insists on maintaining its leadership in this area.
With bilateral ties severed through Washington’s fault, the UN’s OEWG still serves as a channel of communication, which is especially important in promoting information security, where misattribution of a cyber incident can lead to escalation. The prospect of new bilateral agreements on information security signed looks rather unlikely in the foreseeable future; and the most important task is to maintain the level of ties and relations that have been achieved so far.
Despite growing tensions in the international arena, there have been no major cyber clashes between cyber powers. This suggests that states view the use of cyber weapons as one of the “red lines”, being well aware that crossing them could lead to an unwanted escalation. Thus, the IIS in bilateral relations confirms is the best evidence that it belongs to a larger network of strategic stability relationships.
Even the crisis in U.S.-Russian relations, following the launch of Russia’s operation in Ukraine, did not see any changes in the activities of the UN platforms—the dialogue remained intact. The OEWG, as a negotiating platform on international information security, has passed the test in a rough environment, having proven the relevance of such platforms as well as Russia’s global initiatives. In the long run, informal channels of communication will be important, including expert, academic and business meetings, where the search for ways to develop bilateral relations in the cyber space will be possible.
From our partner RIAC