US and Russia Sign Cyber Security Pact

New US/Russia pact calls for a “hotline,” or secure phone link between the White House and the Kremlin

From White House:  The United States and the Russian Federation are creating a new working group, under the auspices of the Bilateral Presidential Commission, dedicated to assessing emerging ICT threats and proposing concrete joint measures to address them.   This group will begin its practical activities within the next month.

ICT Confidence-Building Measures

The United States and the Russian Federation have also concluded a range of steps designed to increase transparency and reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship.  Taken together, they represent important progress by our two nations to build confidence and strengthen our relations in cyberspace; expand our shared understanding of threats appearing to emanate from each other’s territory; and prevent unnecessary escalation of ICT security incidents.

Links between Computer Emergency Response Teams

To facilitate the regular exchange of practical technical information on cybersecurity risks to critical systems, we are arranging for the sharing of threat indicators between the U.S. Computer Emergency Readiness Team (US-CERT), located in the Department of Homeland Security, and its counterpart in Russia.  On a continuing basis, these two authorities will exchange technical information about malware or other malicious indicators, appearing to originate from each other’s territory, to aid in proactive mitigation of threats.  This kind of exchange helps expand the volume of technical cybersecurity information available to our countries, improving our ability to protect our critical networks. . . .

White House-Kremlin Direct Communications Line

the White House and the Kremlin have authorized a direct secure voice communications line between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, should there be a need to directly manage a crisis situation arising from an ICT security incident.  This direct line will be seamlessly integrated into the existing Direct Secure Communication System (“hotline”) that both governments already maintain, ensuring that our leaders are prepared to manage the full range of national security crises we face internationally.

From Ellen Nakashima, Washington Post: The United States and Russia have signed a landmark agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern.

The pact, the first of its kind, was announced in a statement issued by both countries Monday at the Group of Eight summit in Northern Ireland. The agreement was cast as part of a broader bilateral effort to improve cooperation, including on counterterrorism and weapons of mass destruction.

The accord is a rare positive development in an area of national security otherwise dominated by gloomy assessments of increased threats and capabilities among other nations and terrorists.

The pact’s components build on the U.S.-Soviet experience in avoiding a nuclear war. A key element involves the U.S. Nuclear Risk Reduction Center, a round-the-clock center built in 1987 so that Moscow and Washington could alert each other to missile tests that could be mistaken as acts of aggression.

Under the new pact, the countries will use the center to warn each other of cyber-exercises that might be misperceived as attacks and as a channel to ask about cyber incidents that raise national security concerns and appear to be emanating from the other’s territory.

The agreement, two years in the making, also calls for a “hotline,” or secure phone link, so that the U.S. cybersecurity coordinator and his or her Russian counterpart can speak directly in the event of a crisis.   (photo: Evan Vucci/AP)

Image: ap%206%2018%2013%20obama_putin.jpg