Russia Cyber Director Warns No U.S. Cooperation Risks 'Mutual Destruction'

The head of the Russian Foreign Ministry's cybersecurity division has warned that a failure for nations to establish rules of digital engagement could lead to real-world conflict and devastation.

As the conclusion of the United Nations First Committee on Disarmament and International Security approached Friday, Moscow and Washington remained at odds over a range of issues, including efforts to find common ground on the use of information communication technologies (ICTs).

Russian Department of International Information Security Acting Director Artur Lyukmanov told Newsweek how Moscow's "disagreements with the U.S. administration lie, in particular, in the approaches to establishing a system of ensuring international information security.

"Russia insists on the principles of justice, sovereign equality of states, non-interference in internal affairs and peaceful settlement of conflicts," Lyukmanov said. "These are the principles of the U.N. Charter."

"We are striving to reach such an understanding that governments and their competent agencies could directly investigate cyberincidents putting aside unsubstantiated assessments," he added. "Ideally, ICTs should be used for their intended purpose—as a means of communication, storage and transfer of useful and creative knowledge—for development, not destruction."

In the absence of such an understanding, Lyukmanov said that "the main risk is further mounting tension and its escalation into a full-fledged interstate confrontation, including the use of conventional means of warfare.

"It leads to mutual destruction," he added. "The threat is high, given the variety of technical vulnerabilities and legal gaps in today's digital space that allow carrying out sabotage anonymously or under a 'false flag.'"

As to where such subversive activity could take place, Lyukmanov pointed out that "the dangers lurk in the disruption of the functioning of vital infrastructure—government agencies, energy and industrial sectors, transport and logistics chains."

"Hundreds of medical facilities around the world are under cyberattacks, and the lives of citizens are at risk," he said. "No one wants to lose their savings due to a computer attack on banking systems or tricks of cybercriminals. Until governments establish universal 'rules of the game' in the digital environment, this kind of subversive activities involving ICTs will flourish."

Lyukmanov said that the White House had suspended information security talks with the Kremlin in March, shortly after Russia launched its war against neighboring Ukraine. Washington has sought to isolate Moscow on the world stage in response to the conflict, and bilateral cooperation has atrophied on various fronts in the months since.

That same month, a senior U.S. State Department official told Newsweek that "the Russian government's behavior calls into question its true motivations for seeking to 'lead' on cyber negotiations at the UN."

"Based on its unprovoked and unjustified attack on Ukraine, and its use of cyber tools in the context of that conflict, we can only assume that the Russian government's true goal is to design a framework all other states abide by but which it will ignore," the U.S. official said.

The official argued that we need to look at the things that the Russian government has been doing in international multilateral bodies for years, whose purpose is the same as what they're doing in Ukraine — to destroy the international rules-based order that the international community has built up over the course of decades."

"UN member states have worked for more than two decades on conflict prevention in cyberspace," the official added. "In the last decade, we achieved hard-won consensus affirmation of the applicability of international law, including the UN Charter, to state behavior in cyberspace."

And yet shaping "rules of the road" for technology and cybersecurity among other fields was included as an objective for the White House in the National Security Strategy released last month. The document emphasized just how important and vulnerable critical infrastructure is, accusing Moscow specifically of pursuing illicit online behavior to targeting the U.S.

"Our societies, and the critical infrastructure that supports them, from power to pipelines, is increasingly digital and vulnerable to disruption or destruction via cyber attacks," the U.S. strategy said. "Such attacks have been used by countries, such as Russia, to undermine countries' ability to deliver services to citizens and coerce populations."

The U.S. National Defense Strategy released two weeks later also made extensive mention of the level of risk involved without clearly defined protocols, noting that "in the cyber and space domains, the risk of inadvertent escalation is particularly high due to unclear norms of behavior and escalation thresholds, complex domain interactions, and new capabilities."

And it too charged Russia with waging "cyber and information operations" against the U.S. and its allies. To defend against such tactics, the document said it "will conduct cyberspace operations to degrade competitors' malicious cyber activity and to prepare cyber capabilities to be used in crisis or conflict," while seeking to "carefully evaluate and manage escalation risks."

While Lyukmanov said it was "natural" for governments to have differing views and approaches to information security, he argued that "contradictions arise when technical vulnerabilities of ICTs are used for political purposes."

"This is what intelligence services of certain governments do 'at home' and abroad—against independent states," Lyukmanov said. "Their interest in access to the technologies becomes a subject of manipulations."

He compared such behavior with that of a modern-day East India Company, a colonial-era U.K. conglomerate that exercised effective control over large parts of Asia, including the Indian subcontinent and Hong Kong.

"Yet, instead of glass beads," he said, "hollow promises are given to provide ICTs in exchange for human and natural resources."

He also argued that the U.S. was among the nations that "use ICTs for sabotage, incitement, 'freezing' or appropriation of financial resources, data stealing" under the guise of defending a "rules-based order." The phrase is commonly used by President Joe Biden's administration to describe its vision of international norms and standards, which, according to Lyukmanov, apply "to everyone except Washington."

"In line with this approach, the U.S. promotes the political attribution of sources of cyberattacks," he said, adding that "many governments suffer from this policy when faced with unfounded allegations."

Russian officials have repeatedly denied targeting the U.S. or other countries with cyber operations attributed to Moscow by Washington, including high-profile hacks such as the SolarWinds infiltration detected in December 2020. The hack, which affected U.S. government agencies and leading companies, was referenced Wednesday by national security adviser Jake Sullivan as a "very bracing lesson for us to learn" during a cybersecurity event hosted by the White House, which named November as "Critical Infrastructure Security and Resilience Month" following the designation of October as "Cybersecurity Awareness Month."

News of that widespread intrusion in 2020 came months after Russian President Vladimir Putin proposed a four-point cyber deal with then-U.S. President Donald Trump.

The agreement would entail establishing high-level communication between Washington and Moscow on international information security, including through existing bodies dealing with nuclear and computer readiness, as well as the establishment of a new digital regime mirroring U.S.-Soviet agreements on avoiding maritime incidents, and mutual "guarantees of non-intervention into internal affairs of each other."

The topic came up when Biden and Putin held their first in-person presidential summit in June of last year, at a time when the U.S. had been beset by a wave of ransomware attacks blamed on hacker groups based in Russia or Russian-speaking countries. No agreement emerged, however, and the war in Ukraine has only further set back relations between the two powers to the point where dialogue in nearly every capacity was difficult, including on strategic stability.

Lyukmanov said that Russia considered the international information security dialogue "as one of the 'bricks' of the dialogue on strategic stability, as an opportunity for a depoliticized conversation and neutralization of the growing threats from crimes in the ICT-field.

"Unlike the U.S. agencies, we regularly responded to incoming requests," he said. "It is the current administration that is responsible for disruption of the dialogue between our countries on international information security."

Now, Lyukmanov said, "certainly, we are concerned about the lack of communication between the competent agencies" of the two nations.

"The channels of cooperation, 'frozen' by the U.S., represent a factor aggravating the already difficult international situation," he said. "The impression is that the administration is seeking a direct great power confrontation in cyberspace."

Such "division," however, he said could not be tolerated by the nature of such technologies, which are "transboundary," meaning "that the safety of their use can only be ensured together—by joint efforts of the global community."

Russia has pioneered multilateral efforts on cybersecurity, beginning with a draft U.N. resolution on the issue back in 1998 and, more recently, the U.N. Open-ended Working Group on ICTs established two decades later.

Lyukmanov said this group "is aimed precisely at promoting depoliticized and calm interstate cooperation throughout the complex of issues of ensuring international information security."

"Governments of all countries need to work towards agreeing on mutual legally binding arrangements and confidence-building measures on an equal and democratic basis," he said. "We expect greater compliance of the U.S. to the negotiations on combating information crime in the U.N. Ad Hoc Committee."

"Security guarantees of all countries in information space is the issue wherein it is in the interest of the United States to rise above political ambitions and commit to searching compromises with other states," he added, "primarily with Russia."