The Russian government is a notoriously bad actor in cyberspace, but this hasn’t stopped it from advocating greater cyber cooperation abroad.
Last year, the United States agreed to resume the 2013 discussions on cyber cooperation that were halted after Russia invaded Crimea. Russian connections to the recent breaches of the Democratic National Committee and Yahoo show Moscow is not ready to be trusted in cyberspace.
Even if the U.S. and Russia could come to a substantive agreement, it would remain difficult to monitor what Russia was truly doing in cyberspace. Due to the anonymous nature of the internet, Russia is able to outsource much of its hacking to groups like CyberBerkut or to organized crime.
Russian hackers are able to disguise themselves as groups such as Islamic extremists, as they did with the Cyber Caliphate, giving Russia plausible deniability. Hackers may even launch cyberattacks from outside of Russia, making it difficult to prove that Moscow ordered the cyberattack.
Moscow has all to gain from a cyber cooperative and less to lose. This is because Russia already has a reputation of being a bad actor in cyberspace. Estonia, Ukraine, Germany, Bulgaria, France, Poland, and the U.S. have all accused Russia of major cyberattacks.
The recent indictment of Russian intelligence hackers further darkens any prospects for a successful cyber agreement. And Russia has already been sanctioned a number of times for activities such as the invasion of Crimea and the breach of the Democratic National Committee.
While both the U.S and Russian counterparts would seek to reduce malicious cyber activity across borders, they would also seek to share and learn intelligence information from one another.
For the U.S., this information would likely be focused on countering malicious online activity. For Russia, this information may be used to counter U.S. cyber operations or shared with third parties determined to hack the U.S.
The 2015 U.S.-China cyber agreement may bode well as an example for the outcome of a U.S.-Russia cyber agreement.
Some people believe that there has not been much of a change in U.S.-Chinese cyber relations, while others believe that the Chinese have simply changed strategies. Instead of doing the hacking, the People’s Liberation Army has simply outsourced its cyber operations to civilians and contractors.
China and Russia have their own cyber agreement. But even though both countries signed a cyber nonaggression agreement, cross-border hacking between the two countries has not ceased. One report says that Chinese hacking of Russia actually increased 300 percent from December 2015 to February 2016.
Given the unlikelihood that the Russians would actually abide by a cyber agreement, the U.S. has very little to gain from it.
One of the advantages to an agreement like this is that it would give the U.S. the moral high ground, enabling it to name and shame the offending party in front of the world.
But the U.S. is already able to name and shame bad actors in cyberspace without any agreements. It’s unlikely that there could be successful and substantive cyber agreement made between the United States and Russia.
And it would be even more unlikely that Russia would abide by the norms established by any agreement.