One outcome of the meeting between Russian President Vladimir Putin and US President Joe Biden in Geneva last June was the decision to engage in consultations on cyber security. This came as a surprise as Washington has long accused Moscow of meddling, including by cyber means in the 2016 US presidential elections which Moscow has flatly denied.
What former US President Donald Trump would have never been allowed to do by his domestic opponents was evidently fine for President Biden, whose Democratic Party currently retains the majority in Congress and has the sympathies of the bulk of the American media.
Since June 2021, Russian and US negotiators have conducted four rounds of cyber security talks. As a sign of progress, Americans and Russians have also co-sponsored a joint resolution on cyber security issues at the United Nations.
Russia and the US need to agree on cyber ground rules
This makes a lot of sense. Cyber tools can now be used to attack strategic targets that in the past would only be accessible via nuclear weapons. As such, a major cyber-attack can be considered an act of war, triggering a nuclear response. President Biden has said as much on the record.
Nonetheless, attribution of a cyber-attack to its source is far more difficult than is the case with nuclear weapons. For the purposes of maintaining strategic stability — which is the only albeit imperfect guarantee of peace among major powers —cyber security should be discussed between leading nations and some ground rules ought to be laid out.
Russians and Americans are already engaged in talks on strategic stability aiming at developing a new agreement or a series of accords to replace the New START treaty, which has been extended to February 2026. While the main subject of the talks revolves around nuclear weapons and their delivery means, other strategic systems — including missile defenses and weapons in space — as well as new arrangements would certainly need to take into account the cyber security aspects of the strategic environment.
The impact of cyber on the strategic equation between and among major powers is the most vital feature of cyber security issues. Its other parts are also important, though less urgent: they also need to be addressed, but in different ways.
Elections, propaganda, and espionage: winning the hearts and minds of foreign countries
Cyber interference with key political procedures in other countries, such as vote counting, represents a serious violation of national sovereignty that can have major negative implications, albeit not all of them predictable. Destabilizing adversaries in such a way is a double-edged sword. It would put the target country on the back foot, but not necessarily benefit the attacker. Rather than weakening the target country, such blatant interference might result in the victim’s mobilization to push back against the perpetrator. It would thus make sense for major powers to abstain from — or renounce — such practice.
Other forms of cyber interference in foreign countries’ politics, such as social media campaigns and the like, by contrast, are a continuation of foreign propaganda efforts of the past. In today’s densely connected information world, it is hardly possible to isolate a country from external influence that is seen as malign. Authorities and political forces in all countries face the difficult task of convincing their publics of the things they hold true or sacred and of fighting back against attempts to distort or destroy them. There is hardly another way.
Finally, cyber espionage is a further evolution of the world’s second oldest profession. One can hardly imagine countries agreeing on a code of gentlemanly spying with cyber means. Complaints and protests can be made; however, the best way of dealing with the issue is to bolster cyber defenses to make them less penetrable for unauthorized access, including spies.
Editor’s note: this commentary was written prior to the Russian invasion of Ukraine.