Print Читать на русском
Rate this article
(votes: 5, rating: 5)
 (5 votes)
Share this article
Maria Smekalova

PhD Candidate, Institute for U.S. and Canadian Studies, RAS, RIAC Expert

European Leadership Network has recently issued a new report analyzing the concept of Russia’s cyber deterrence. The document offers quite picturesque description and analysis of Russia’s policy of denial when it comes to cyber deterrence. One may claim that the country’s recent policy has been to deny anything related to cyberattacks, and this may, in part, be right. But what draws attention in this document is something much more peculiar: in trying to prove and analyze the differences between Russian and Western approaches to cyber, it becomes clear that stances are miles closer than they are made to seem.

The report written by Joss Meakins offers five key suggestions that should serve as the foundation for an ideal agreement between Russia and its Western counterparts. These are:

  • Non-interference in political processes;
  • Refraining from attacks on critical national infrastructure;
  • Refraining from attacks on the ‘public core’ of the Internet;
  • Agreeing on common standards for attribution;
  • Agreeing that attacks on nuclear command and control are impermissible.

But to many Russian politicians, scholars, and experts, these points may seem to be exactly what they (and the Russian state) stand for. Having a closer look at official Russian government documents will offer proof. Summer 2017 saw the adoption of a new federal law, long in the making, on protecting Critical Information Infrastructure. Adopting such legislation does send the right signal: such matters are as important to Russia as they are to other states. One may find the other aforementioned aspects analyzed and talked through in depth in Russian legislation. Russian objections to cyber deterrence provided by the ELN report do make sense, especially when it comes to attribution. So why the contradiction?


European Leadership Network has recently issued a new report analyzing the concept of Russia’s cyber deterrence. The document offers quite picturesque description and analysis of Russia’s policy of denial when it comes to cyber deterrence. One may claim that the country’s recent policy has been to deny anything related to cyberattacks, and this may, in part, be right. But what draws attention in this document is something much more peculiar: in trying to prove and analyze the differences between Russian and Western approaches to cyber, it becomes clear that stances are miles closer than they are made to seem.

The report written by Joss Meakins offers five key suggestions that should serve as the foundation for an ideal agreement between Russia and its Western counterparts. These are:

  • Non-interference in political processes;
  • Refraining from attacks on critical national infrastructure;
  • Refraining from attacks on the ‘public core’ of the Internet;
  • Agreeing on common standards for attribution;
  • Agreeing that attacks on nuclear command and control are impermissible.

But to many Russian politicians, scholars, and experts, these points may seem to be exactly what they (and the Russian state) stand for. Having a closer look at official Russian government documents will offer proof. Summer 2017 saw the adoption of a new federal law, long in the making, on protecting Critical Information Infrastructure. Adopting such legislation does send the right signal: such matters are as important to Russia as they are to other states. One may find the other aforementioned aspects analyzed and talked through in depth in Russian legislation. Russian objections to cyber deterrence provided by the ELN report do make sense, especially when it comes to attribution. So why the contradiction?

Gentle Touch

Even though Russia holds its ground and employs occasionally harsh rhetoric regarding many international issues, it has been somewhat gentle on cyber issues. That is not to say that the country’s officials refrain from speaking openly on the subject. However, on the doctrinal level, the wording tends to be either based on strict principle or very careful. The clearest example of this is a lengthy discussion on information security vs. cybersecurity and the differences in approaches.

What’s more, when looking at various public statements on a subject, one should draw a clear distinction between those made by politicians and those made by technical experts and diplomats at international events and fora.

Finally, should Russia be more eloquent in discussing matters like deterrence, would it make the dialogue easier? Would the parties involved be friendlier and more open to re-examining the imagined horrors ahead? Very questionable. This is because the stigma factor is actively exploited both in the mainstream media and in analytical pieces. For instance, cited research states that several attacks were attributed to nation-states. This could be perfectly fine, except for two points: first, what kind of authority is capable of making such assumptions and based on what technical evidence; and second, how can such large-scale conclusions be made when attribution is extremely difficult, if not entirely impossible? The story goes in vicious circles. The way out could be through setting mutual accusations aside and working on matters of mutual interests, especially since the start of such dialogue has already been given.

Can We Be Friends Now?

Joss Meakins does talk about the need to involve Russia in multilateral talks. The document makes it seem as though Western nations have been attempting to do so for years, but with little to no success. However, no information was provided as to who suggested what and under which circumstances Russia denied to participate.

No accusations here, but Ambassador Krutskikh’s favorite example immediately comes to mind. One might remember the US withdrawing from the February 2018 Geneva talks on cyber right before they were to start and right after the Russian delegation arrived. The ‘failed date’ did no good: it was anticipated that the Russian side would offer their thoughts on an agreement to stop dangerous military activity in cyberspace. No official comments regarding this document have been made so far. Many, including US Ambassador Huntsman, hoped the situation would get back on track after the upcoming US elections, but the latest developments and Trump’s surprisingly (not) unpredictable statements do leave everybody waiting blindfolded for what is going to happen.

Another of Russia’s unappreciated attempts at cooperation has been proposed for quite a long time: the country has long suggested an ambitious project to draft a cybersecurity convention within the UN. Russia’s stance is clear: all multilateral agreements on cybersecurity should be done via the United Nations as the key supranational body. Most of the proposals made three or four years ago lacked sensitive details and therefore were accepted by the vast majority of UN members. Sensitivity grows with depth; it seems that this was the case when the UN GGE failed to reach much-anticipated consensus in 2017.

A year later, Russia is planning to introduce not one but two drafts to the UN General Assembly in its fall session. Interestingly, one of the ideas that the documents stand for is the decision not to use information technology to interfere in other countries’ domestic policy, which is the very first point proposed by the ELN paper. Why try to start something new from scratch if states can for once agree on a document (be it non-binding at first) at the largest stage of international affairs? Could that actually happen since the stances of the two ‘sides’ are so similar? Although an optimistic approach does sound appealing, intuition tells us that a breakthrough is not to be expected; the reasons for this may be found in unexpected places.

You Can’t Sit with Us

The dialogue dynamic revolves around two sides: Russia and the collective West, assuming that the latter has a somewhat common stance and policy on cyber issues. Should we return to cyber deterrence, the topic profoundly and extremely well analyzed in the ELN paper, we will notice one stark feature. The posture taken by the West consists of numerous and at times conflicting ideas. In fact, the RIAC–RUSI security dialogue has highlighted the different approaches to cyber the US and the UK have, especially when it comes to matters of active cyber defense and retaliatory measures. That is to say that every state has a very particular stance on the matter often dictated by national interests. And this does not make the situation any easier.

Defining ‘red lines’ in cyber has been difficult for the whole international community, so does separating into little cliques help? Acting in groups recalls a high school mean girls club that does not allow any change to the existing order and hinders progress. At the end of the day, the matter boils down to finding compromise, which seems to be yet more difficult with technology becoming more advanced and states being more sensitive to signing any commitments. Hopefully, the fall session of the General Assembly will show some grown-up approaches and well-grounded statements.


(votes: 5, rating: 5)
 (5 votes)

Poll conducted

  1. In your opinion, what are the US long-term goals for Russia?
    U.S. wants to establish partnership relations with Russia on condition that it meets the U.S. requirements  
     33 (31%)
    U.S. wants to deter Russia’s military and political activity  
     30 (28%)
    U.S. wants to dissolve Russia  
     24 (22%)
    U.S. wants to establish alliance relations with Russia under the US conditions to rival China  
     21 (19%)
 
For business
For researchers
For students