recommended reading

Cyber early warning deal collapses after Russia balks

Housing the Kremlin, Moscow's Red Square is considered the central square of all of Russia.

Housing the Kremlin, Moscow's Red Square is considered the central square of all of Russia. // Mark Lennihan/AP file photo

An accord involving the United States, Russia and other countries requiring that each nation provide advance warning of government cyber operations that might otherwise spark unintentional conflict collapsed on Friday after Russia dissented, U.S. officials said.

The 57-nation Organization for Security and Cooperation in Europe failed to reach the unanimous consensus needed to adopt the resolution. It was aimed at building trust and open communication to avoid cyberwar.

The politically-binding agreement by the United Nations-recognized organization would have operated similarly to the way that Russia and America decades ago drew red lines to avoid nuclear war.

“Russia today killed in the OSCE the first-ever set of multilateral cyber confidence building measures,” a U.S. official close to the discussions said in a statement. “These proposed transparency measures, agreed affirmatively by 54 of the 56 representatives, would have established the foundation for long-term international cyber risk reduction in the political-military field.”

The official called the move a “profound reversal” of two years of constructive cooperation on cyber issues across multiple international forums, including the UN. Last year, Alexander Kozlovsky, the leader of the Russian delegation to the OSCE, endorsed foundational provisions in a 2011 OSCE annual statement intended to guide future policy decisions.

The U.S. official speculated that Russia’s earlier willingness to sacrifice its traditional embrace of information control perhaps evaporated after the Arab Spring events. “Their prime concern appears not the resiliency of their networks, but the resiliency of their regime,” the official said.

On Tuesday, The Wall Street Journal reported a new website blacklist that Russia ostensibly implemented to protect children from offensive material is in effect a policy to suppress political dissent.

The foreign government has blocked 640 sites so far. “The law’s backers had insisted it was designed only to target child pornography and other offensive sites, but critics say it is a thinly veiled mechanism that would allow the government to shut down sites offering opposing views,” the Journal wrote.

Delegates on Thursday were anticipated to negotiate the accord at a meeting of the OSCE Ministerial Council in Dublin, which State Department Secretary Hillary Clinton attended. No such agreement was included in the organization’s road map to address security challenges that was finalized on Friday.

A draft resolution Nextgov reviewed on Wednesday would have compelled “confidence-building, stability and risk reduction measures” to address the implications of a nation state’s use of cyberspace, “including exchanges of national views on the use of [information technology] in conflict.”

The Russian Embassy in Washington and Permanent Mission of the Russian Federation to the OSCE did not respond to multiple requests for comment. State Department officials declined to comment.

OSCE spokesman Frane Maroevic on Friday said he could not comment on the views of individual nations, but “what I am sure is that we will continue working in this field.”

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.