Hackers breaking server using computer showing cyber attacks on critical infrastructure

Talks on Critical Infrastructure, “Safe Harbor” Cyber Attacks Point Toward Potential Beginning of Cyber-Detente Between US and Russia

While Presidents Putin and Biden still appear to be far apart on the issue of cyber attacks originating from the former’s country, the two at least appear to be negotiating with the announcement of a working group to discuss what ransomware targets should be off-limits and prompt cooperative government intervention. The announcement came after the much-anticipated meeting between the two at Geneva last week, in which Biden presented Putin with a list of critical infrastructure targets that could trigger serious retaliation if attacked.

Biden wants cyber attacks from Russia reined in

While state-sponsored Russian hackers have been found exploring the United States energy grid for years, they have not been connected to an escalation to an actual attack on critical infrastructure as of yet. Nevertheless, the Russian government bears some responsibility for the cyber attacks launched by criminal gangs in its territory. The government has long unofficially permitted a great deal of criminal hacking to go on, so long as the attacks are not directed at domestic targets or international allies of the country.

Cyber attacks of this sort were expected to be a central topic of discussion ahead of the Geneva meeting, following the major ransomware incidents that temporarily shut down East Coast gas supplier Colonial Pipeline and global meat processing giant JBS. Both attacks were traced to DarkSide, an entity that is believed to operate out of Russia. Biden presented Putin with a list of 16 elements of critical infrastructure that were labeled as “off-limits.” This list was not shown to the public, but is assumed to correspond with the Homeland Security Department’s 16 sectors designated as critical infrastructure (such as energy and food).

Rather than a demand, the list appeared to be a launching point for the countries to agree on targets that both sides should consider a potential point of escalation that requires government action. The talks also centered on “destructive” acts that could shut off services or cripple supply lines, avoiding the more standard espionage that is tacitly considered to be acceptable by most of the world. However, Biden did indicate that the US would adopt a policy of “hacking back” should attacks on critical infrastructure continue.

Putin did not directly respond to Biden’s list or his proposals, but did indicate that the two governments should begin talking about how to rein in the types of cyber attacks that could cause physical damage. Biden later announced that the two countries would appoint experts to discuss parameters and response procedures, something that Putin confirmed.

Some in the media have questioned if Biden will have any more success in this area than his predecessors have with his Russian counterpart, but Meg King, Director of the Science and Technology Innovation Program at The Wilson Center in Washington, DC, sees this as a positive new development: “President Biden’s announcement that the US and Russia will task experts in both countries to address the threat of ransomware attacks being carried out within Russia to discuss ‘what’s off-limits and to follow up on specific cases’ is critical … Sold as a mutual interest, which President Putin confirmed separately, this technical working group will deepen and create relationships necessary to get a better early warning about criminal hacking groups and agree on efforts to stop them. Putin’s comment that ‘we need to get rid of insinuations’ and ‘begin consultations on this topic’ suggests that Russia will cooperate, at least at the working level.”

Critical infrastructure represents a flashpoint for new levels of escalation

While Biden has put the prospect of “hacking back” on the table, he pointedly refused to answer reporters when asked if military response is an option. There has long been concern that an attack on critical infrastructure could be the “red line” that sparks military retaliation and a conventional armed conflict, but no cyber incident has reached that point as of yet. Biden did not specify what cyber countermeasures would be taken, but reasonable speculation would be that Russian servers used by the attacking parties might be taken out.

There is legitimate concern about how productive these talks will eventually be given Russia’s position. The country’s government does not appear to be behind the ransomware attacks that have been causing damage to critical infrastructure, and it will not openly admit that it harbors or approves of unrelated criminals that do it for profit. Any agreement would only be meaningful if Russia formally agrees to ramp up its response to cyber criminals operating within its territory; it remains to be seen how serious Putin is about putting a leash on these elements, which would presumably include assisting foreign law enforcement with requests for information and extradition. Russia has typically refused to assist rival nations in this way due to a combination of general antipathy and possible usefulness of these hacking teams as cyber proxies. Cyber attacks also provide a general economic boon in a country where the average monthly salary is the equivalent of about $800 to $1,000, but rent in cities such as Moscow can eat up half of that amount.

In a formal announcement the rest of the G7 fell in line behind the US in condemning Russia’s longstanding policy of ignoring cyber attacks launched from its territory that are not inconvenient to it. Russia has signed on to a UN pledge to not “knowingly” harbor perpetrators of cyber attacks that are in violation of international law or that attack critical infrastructure.