Following a recent conference of foreign security and law enforcement agencies, the head of Russia’s State Security Service, the FSB, made the surprising announcement that Russia and the United States have resumed cooperation on cybersecurity.
“We are maintaining working contacts by our experts and special unit heads with the Central Intelligence Agency, the Federal Bureau of Investigation and the Drug Enforcement Agency,” said Gen. Alexander Bortnikov, noting that such contacts should always occur, regardless of the foreign policy situation.
Behind-the-scenes cooperation with the Trump administration, particularly when it comes to cybercrime and terrorism, is a theme the Kremlin likes to push onto center stage every so often. And according to our sources there is indeed some consultation at a practical level, but for Washington’s intelligence professionals it’s a very delicate, very dangerous game, complicated enormously by the inclinations and prejudices of President Donald J. Trump.
In response to queries about Bortnikov’s statement, spokespersons for both the CIA and the DEA told The Daily Beast that they had no comment, and the FBI has not responded at all.
Michael Daniel, CEO of the Cyber Threat Alliance, who was coordinator of cybersecurity strategy on President Barack Obama’s National Security Council from 2012 to 2017, commented in an email to The Daily Beast that “the U.S. and Russia do have some areas of common interest in cybersecurity where limited cooperation might be beneficial,” and cited the exchange of information on cybercriminals who target both Americans and Russians. Daniel cautioned, however, that “given Russia’s interference in our electoral process and other on-going conflicts between our countries, any cybersecurity engagement would necessarily be limited.”
In point of fact, the question of security runs up against the realities of Trump administration politics. Even a limited cybersecurity partnership would feed the Trump narrative about the falsity of claims concerning Russia’s election interference and distract from the Kremlin’s recently exposed disinformation campaign to influence our upcoming presidential race. Such cyber-cooperation might also lend legitimacy to the FSB’s known recruitment of criminal organizations to conduct cyber-operations, as well as to its vigorous efforts to suppress free speech on Russia’s internet. And Russia could be afforded the opportunity to gain information on our cyber-capabilities, along with access to our counterintelligence and law enforcement personnel for possible recruitment.
David Kris, assistant attorney general at the National Security Division of the Department of Justice in 2009-11 and the founder of Culper Partners consulting firm, articulated the concern with a sharp edge last week:
“It is hard not to hear in Mr. Bortnikov’s current statement an echo of Vladimir Putin's prior offer, made onstage in Helsinki, to host members of Bob Mueller’s investigative team in Russia and to assist them through a ‘joint working group on cyber-security, the establishment of which we discussed during our previous contacts.’ As President Putin said then, ‘Any specific material’ indicating Russian election interference that Mueller’s team can produce, ‘we are ready to analyze together.’ At the time, President Trump described this as an ‘incredible offer’ from his Russian counterpart. We should all hope that the US officials who are implementing this new agreement are more sophisticated and careful than their President."
American and Russian cyber-officials have for some time maintained a dialogue in order to reduce the risk of conflict in cyberspace. In 2013 the United States and Russia signed a landmark agreement that established a Cold War-style “cyber-hotline” between Washington and Moscow. But rising tensions over Russia's 2014 aggression in Ukraine soured the deal, and the hotline was used by the Obama White House only once, to warn the Kremlin in October 2016 not to attack our 2016 election infrastructure. By then, the hacking, disinformation and trolling by the Russians already had done its job.
According to an FSB official: “The first message only came on October 31, 2016... After that there were a number of additions to that with technical information about the hack that had occurred. All of this information was analyzed by us, and even before President Trump’s inauguration, our answer was our comprehensive point of view, directed to the American side." In other words, the FSB simply denied everything.
In the meantime, CIA Director John Brennan was so alarmed by the Kremlin's election interference that he made a direct telephone call to Bortnikov in August 2016, warning him to back off.
Moscow and Washington have cooperated on fighting terrorism ever since the 9/11 attacks, when Vladimir Putin endeared himself to the Bush Administration by offering Russian help in hunting down al Qaeda. Given that terrorist organizations like al Qaeda and the so-called Islamic State use the internet to communicate with supporters and to recruit followers, the joint efforts have involved sharing information about terrorist activities on the internet. Significantly, Bortnikov noted, without providing details, that “just recently the American secret services provided Russia with information on specific people and plans to carry out terrorist attacks in our country.”
Bortnikov, who famously dismissed Stalin's Great Terror as a result of "excesses at the local level," has been in the forefront of Kremlin efforts to cozy up to America's security and law enforcement agencies. Curiously, as FSB chief since 2008, he is the only one of Russia's security and intelligence chiefs to remain off the U.S. sanctions list, although he was sanctioned by the EU and Canada in 2014 for his role in shaping Kremlin policy regarding the Crimean invasion and support for separatists in Ukraine.
In February 2015 Bortnikov was invited to Washington by the White House to participate in a three-day conference on “countering violent extremism.” As The Daily Beast noted: "Bortnikov’s presence was a mutual recognition by the U.S. and Russia that fighting jihadism is a shared challenge between two countries now embroiled in a pitched standoff over the fate of Europe and much else."
In January 2018, Bortnikov again showed up in the U.S. capital and met, along with SVR (foreign intelligence) chief Sergei Naryshkin, with then CIA chief Mike Pompeo to discuss mutual counter-terrorism efforts. GRU (military intelligence) chief Igor Korobov came with them, although it was not confirmed that he attended the talks with Pompeo. According to The Washington Post: "Current and former U.S. intelligence officials said they could not recall so many heads of Russia's espionage and security apparatus coming to Washington at once and meeting with a top American official. They worried the Kremlin could conclude the United States is open to forgiving Russia for its actions and was not resolved to forcefully prevent future meddling."
But reliance on Bortnikov's FSB as an anti-terrorism ally has not played out well for the White House, especially in Syria. The Russian air campaign there was never directed at ISIS, which includes many fighters from Chechnya. The Kremlin's goal has been to ensure that Syrian President Bassar al-Assad stays in power, not to help the American coalition defeat the Islamic State.
As for the terrorist threat to the American homeland, the case of Tamerlan Tsarnaev, who carried out the 2013 Boston Marathon bombings with his brother Dzhokhar, also demonstrated that Bortnikov's FSB was a dubious ally. Tamerlan, who was on the FSB's radar as far back as 2010, travelled to Russia in early 2012 and spent six months with radical Islamists in Dagestan before returning to the U.S. as a global jihadist. Although the FSB had earlier communicated with the FBI about Tamerlan, it never informed U.S. authorities about Tamerlan's sojourn in Russia. According to an FBI official, had the agency been told, "it would have changed everything." The FBI would have reassessed Tamerlan and possibly prevented the terrorist attack in Boston.
Alex Grigsby of the Council on Foreign Relations observed last year: "Russia keeps aiming for a leaders' level agreement [on cybersecurity cooperation], hoping it can bypass an intransigent 'deep state' in the United States bent on stymying efforts at rapprochement, when quieter talks between working-level diplomats might yield greater success."
In June of this year Russian Prime Minister Dmitry Medvedev called for a global effort to counter cyberthreats and chided those countries that are reluctant to cooperate with Russia on cybersecurity, noting that cybercrimes have no national boundaries. And just in September Russian Foreign Minister Sergei Lavrov said in an interview: "We have suggested setting up the cybersecurity dialogue to the United States a long time ago, considering that the pile up of false stories in this sphere is absolutely unprecedented. However, there is no clear response so far."
One is left to wonder if Lavrov is referring to the “false stories” about Russia’s interference in our 2016 elections that Trump attorney Rudy Giuliani and U.S. Attorney General William Barr are looking into.
Given his adoration of Putin, the president of the United States has long favored the idea of cooperating with Russia on cyber-issues. On July 9, 2017, two days after he met Putin for the first time in Hamburg at the G20, Trump declared on Twitter: "Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded." Later that day he apparently had second thoughts, tweeting: "The fact that President Putin and I discussed a Cyber Security unit doesn't mean I think it can happen. It can't-but a ceasefire [in Syria] can,& did!"
A Russian official who was at the Hamburg summit reported that the discussion of cybersecurity between Putin and Trump had taken up 40 minutes of their two-hour meeting. Trump, for his part, confiscated the interpreter’s notes.
The prospect of joint cyber-efforts raised by Trump’s tweets caused great dismay across the political spectrum in Washington. Chris Finan, a former director for cybersecurity legislation and policy in Barack Obama's White House, declared the plan to be "strategic idiocy."
Undaunted, Trump and Putin kept the idea alive. Following the July 2018 summit between the two leaders in Helsinki, when Putin made his “incredible offer” to form a cyber-alliance, a National Security Council spokesman, speaking anonymously to The Washington Post, disclosed that the NSC and its Russian counterparts were “continuing a working-level dialogue” to review suggestions by Putin for a new “cyber-group” and “restarting a counterterrorism group.”
Meanwhile, last year Bortnikov's FSB created a powerful new unit for protecting Russia's infrastructure from cyberattacks and thwarting criminal hackers—the so-called National Coordination Center for Computer Incidents (NKTsKI), headed by Andrei Ivashko, formerly head of the FSB's Center for Information Security.
By contrast, over the past year Trump's Department of Homeland Security has made significant cuts in two key task forces of its Cyber Security and Infrastructure Agency that were created in response to Russian meddling in the 2016 elections for the purpose of protecting election infrastructure and thwarting foreign social media disinformation campaigns.
According to the new FSB center’s deputy chief, Nikolai Murashov, it is actively exchanging data on computer incidents with its partners from 122 countries. "More and more critical information infrastructure facilities have been plugging into our response system and its branches and industry segments are rapidly growing.”
But the line between sharing computer malware secrets and leaking information on a country's broader cyber-capacities can be a fine one when dealing with Russia, as shown by a huge scandal that hit the FSB in December 2016.
The deputy head of its now defunct Center for Information Security, Sergei Mikhailov, was arrested, along with two colleagues and an employee of the cybersecurity firm Kaspersky, Ruslan Stoyanov, for allegedly passing secret information to Western intelligence agencies. (Prosecutors later struck a plea deal with two of those charged, while Mikhailov and Stoyanov were sentenced to long years in prison for treason.)
The FSB's cybersecurity unit had worked with the FBI and other Western law enforcement agencies for years on an ad hoc basis, occasionally exchanging information about cyber-crime. But, according to at least one source, Mikhailov and his associates had also revealed to U.S. authorities information about the role of the GRU, a competitor agency, in hacking the DNC and other operations against our 2016 elections.
In theory, as Michael Daniel suggested, the United States and Russia could collaborate successfully in the fight against cybercrime, given that the activities of criminal gangs on the internet are a problem that affects countries everywhere.
The problem is that Russia has a powerful hacker underground which often cooperates with the Kremlin and is used as a political tool against the Western financial world. According to Russian security expert Alexander Sukharenko: "Russian cybercriminals operate with relative impunity inside Russia as long as they do not breach targets in their own country. In return for such immunity, cybercriminals are often tapped to work for Russia’s intelligence agencies. It is only when Russian hackers travel abroad that they can be detained." Sukharenko notes that, as of this year, 19 Russian nationals are among the 69 cybercriminals most wanted by American authorities.
Another problem is that the U.S. and Russia understand the issue of cybersecurity very differently. For the United States, it is primarily the protection of technology, infrastructure, and people. Russia, in turn, sees cybersecurity as involving state regulation of the content of the internet, which is basically censorship.
The FSB's Bortnikov is a case in point. In January 2018, A Russian news site, Russiangate.com, published an investigation into possible undeclared real estate secretly held by Bortnikov. Public property records showed that he owned a lavish home and plot of land outside St. Petersburg that he did not report in his official financial declaration. It did not take long for the federal media watchdog, Roskomnadzor, to blacklist the website for what was supposedly "extremist" content.
In the past five years Russian authorities have introduced laws requiring that social networking sites store users’ personal data on domestic servers and also that messaging apps hand over encryption keys to the FSB. (After the popular messaging service Telegram refused to comply, it was banned by a Russian court in April 2018. But Telegram has managed, so far, to work around the blockage.)
Last March, Putin signed two laws that strengthened censorship of the internet, one banning "fake news" and the other making it a crime to insult public officials. On Nov. 1, a so-called “sovereign internet” law went into effect, requiring Russian internet providers to install special tracking software that will enable them to route internet traffic through domestic servers. The law’s official purpose is to allow the government to isolate the Runet from the World Wide Web in the event of a foreign cyberattack, but it will also give authorities sweeping powers to manage information flows and filter online content.
For the U.S. a primary concern, of course, is the way Russia uses the internet for what were called "active measures" in KGB days–manipulating public opinion in Western democracies through disinformation. It is unlikely that any form of official cooperation with the Russians would put a stop to these propaganda operations, given how effective they are in furthering the Kremlin's political aims and the fact that the Trump Administration apparently welcomes those that lend it support. Unfortunately, the White House does not seem to recognize that, for the Kremlin and the FSB, cyberspace is a domain of warfare against anyone, foreign or domestic, who opposes the Putin regime.