FACT SHEET: U.S.-Russian Cooperation on Information and Communications Technology Security
Recognizing the extraordinary growth in the use of information and communications technologies (ICTs), the United States and the Russian Federation have engaged in dialogue over the past two years on international security in this new and crucial area. Our two nations now are leading the way in extending traditional transparency and confidence-building measures to reduce the mutual danger we face from cyber threats.
Deepening Engagement through Senior-Level Dialogue
The United States and the Russian Federation are creating a new working group, under the auspices of the Bilateral Presidential Commission, dedicated to assessing emerging ICT threats and proposing concrete joint measures to address them. This group will begin its practical activities within the next month.
ICT Confidence-Building Measures
The United States and the Russian Federation have also concluded a range of steps designed to increase transparency and reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship. Taken together, they represent important progress by our two nations to build confidence and strengthen our relations in cyberspace; expand our shared understanding of threats appearing to emanate from each other’s territory; and prevent unnecessary escalation of ICT security incidents.
Links between Computer Emergency Response Teams
To facilitate the regular exchange of practical technical information on cybersecurity risks to critical systems, we are arranging for the sharing of threat indicators between the U.S. Computer Emergency Readiness Team (US-CERT), located in the Department of Homeland Security, and its counterpart in Russia. On a continuing basis, these two authorities will exchange technical information about malware or other malicious indicators, appearing to originate from each other’s territory, to aid in proactive mitigation of threats. This kind of exchange helps expand the volume of technical cybersecurity information available to our countries, improving our ability to protect our critical networks.
Exchange of Notifications through the Nuclear Risk Reduction Centers
To prevent crises, the United States and Russia also recognize the need for secure and reliable lines of communication to make formal inquiries about cybersecurity incidents of national concern. In this spirit, we have decided to use the longstanding Nuclear Risk Reduction Center (NRRC) links established in 1987 between the United States and the former Soviet Union to build confidence between our two nations through information exchange, employing their around-the-clock staffing at the Department of State in Washington, D.C., and the Ministry of Defense in Moscow. As part of the expanded NRRC role in bilateral and multilateral security and confidence building arrangements, this new use of the system allows us to quickly and reliably make inquiries of one another’s competent authorities to reduce the possibility of misperception and escalation from ICT security incidents.
White House-Kremlin Direct Communications Line
Finally, the White House and the Kremlin have authorized a direct secure voice communications line between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, should there be a need to directly manage a crisis situation arising from an ICT security incident. This direct line will be seamlessly integrated into the existing Direct Secure Communication System (“hotline”) that both governments already maintain, ensuring that our leaders are prepared to manage the full range of national security crises we face internationally.
These confidence-building measures supplement an earlier exchange of White Papers between our two countries. Both our militaries are actively examining the implications of ICTs for their planning and operations. As we work to create predictability and understanding in the political-military environment, both the U.S. and Russian militaries have shared unclassified ICT strategies and other relevant studies with one another. These kinds of exchanges are important to ensuring that as we develop defense policy in this dynamic domain, we do so with a full understanding of one another’s perspectives.