Largely unnoticed among the acrimonious back-and-forth over Syria at the recent Group of Eight summit in Fermenagh, Ireland, the United States and Russia took a small but meaningful step forward in cyberspace. On the sidelines of the summit, the two nations signed a pact filled with "confidence-building measures" designed to prevent miscalculations and unwarranted escalations in the event of a cyberconflict.
The first new mechanism codified in the agreement is a system that connects the Department of Homeland Security's U.S. Computer Emergency Readiness Team with its Russian equivalent, in order to protect the computer-network infrastructure of both countries. Through this channel, Moscow and Washington will be able to share technical details of known cyberthreats.
The second pillar of the pact is to increase transparency and establish a secure line of communication. Because it can be difficult to verify the perpetrator of a cyberattack, a new back-channel notification and data-exchange system will be created to avoid miscalculations and prevent the escalation of a cyberincident into outright hostilities. The link will utilize the same equipment as the nuclear notifications in the Nuclear Risk Reduction Center implemented during the Reagan era to protect against false alarms regarding nuclear-missile launches.
Lastly, there will be a secure "hotline" connecting the White House directly to the Kremlin. If there are any ambiguities about an incident in cyberspace, the U.S. cybersecurity coordinator can pick up the phone and call his opposite in Moscow (the deputy secretary of the Russian State Council) to clarify concerns.
Such information-sharing is crucial in developing an understanding of events in what is fast emerging as a new domain of conflict, and to helping avoid potentially catastrophic miscalculations there. Bilateral dialogue — particularly between the United States and Russia, which are both leaders in the exploitation of cyberspace — can serve to establish some much-needed norms in cyberspace.
However, such collaboration must be coupled with a recognition of Russia's hostile role in cyberspace. Unclassified estimates vary widely, but at least some say that in 2011 alone, the United States lost $500 billion as a result of cyberspying by adversaries abroad. Russia figures significantly among the culprits. Although intrusions by China consistently dominate the news, Russia's cyberwarriors are arguably more sophisticated and more elusive.
Russia, in fact, has emerged as a pioneer in offensive cyberspace. Its brief 2008 conflict with neighboring Georgia saw the Kremlin employ cyberoperations (in the form of denial-of-service attacks on Georgian government websites) in tandem with military operations — foreshadowing a new kind of "networked" war-fighting that is sure to be replicated in future conflicts.
Moscow isn't simply exploiting cyberspace for military operations, however. According to Ambassador David J. Smith of the Potomac Institute Cyber Center, the Kremlin has made cyberspying and cybercrime into franchise operations, outsourced them to well-trained groups with no traceable ties to the government. This, Mr. Smith explains, is intuitive, since corruption and disregard for the rule of law are endemic in Russia's polity, and at the state's core lies a "nexus of government, business and crime."
Russia is also harnessing cyberspace against its own citizens. The Kremlin's official Doctrine of Information Security of the Russian Federation, issued by President Vladimir Putin in September of 2000, provides the Russian government with a mandate "to protect against deleterious foreign information and to inculcate in the people patriotism and values." Over the past 13 years, the Kremlin has used this authority to great effect, from targeting political opponents online to denying its netizens access to certain parts of the World Wide Web.
Enhanced coordination with Russia on cyberissues can serve as a boon to bilateral relations, which are currently badly frayed over an array of foreign-policy disagreements (from Moscow's stubborn support for the Syrian regime to its refusal to turn over accused National Security Agency leaker Edward J. Snowden). Collaboration with Russia also could serve as a steppingstone for the creation of a sound international policy framework for cyberspace. In order to truly work together in this arena, however, the White House will need to openly recognize the role that Russia currently plays in cyberspace — and move robustly to make its vulnerability to it a thing of the past.
Richard M. Harrison is a research fellow and program officer at the American Foreign Policy Council.