recommended reading

U.S., Russia, other nations near agreement on cyber early-warning pact

U.S. Secretary of State Hillary Clinton speaks during the 2011 Organization for Security and Cooperation in Europe conference in Lithuania.

U.S. Secretary of State Hillary Clinton speaks during the 2011 Organization for Security and Cooperation in Europe conference in Lithuania. // J. Scott Applewhite/AP

The United States, Russia and other members of a powerful international assembly as early as Friday could finalize an agreement to warn each other about governmental cyberspace activities that may be misconstrued as hostile acts to avert international conflicts.

Delegates to the 57-member Organization for Security and Cooperation in Europe, including Secretary of State Hillary Clinton, are moving forward on discussions to approve the confidence-building measures, OSCE Parliamentary Assembly officials said.

The United Nations-recognized regional organization develops politically-binding pacts that stop short of being official treaties. But the UN often refers to the organization’s policies in its actions.

“This would be a real win and a move toward greater cooperation,” Neil Simon, director of communications for the OSCE Parliamentary Assembly, told Nextgov on Wednesday. “The parliamentarians are optimistic that it will be included in the final ministerial decision on Friday.”

Whereas missile tests during the Cold War presented the threat of accidental nuclear warfare, today’s threat is the relative silence about government-sponsored cyber operations. According to The Washington Post, Russia and the United States, as part of a separate effort, are establishing a secure communications channel so that the two countries can alert each other to cyber activities that could be mistaken for acts of aggression.

All 57 nations from North America, Europe and Central Asia that participate in the organization must reach a consensus for the OSCE to adopt the declaration, so any one country can effectively veto the accord. “Negotiations are ongoing,” Simon said.

Delegates will discuss the mandate on Thursday at a meeting of the OSCE Ministerial Council in Dublin, which Clinton is expected to attend.

The new decree stems partly from provisions in a 2011 OSCE annual statement intended to guide future policy decisions.

A draft resolution reviewed by Nextgov calls for “confidence-building, stability and risk reduction measures” to address the implications of a nation state’s use of cyberspace, “including exchanges of national views on the use of [information technology] in conflict.”

The overarching goal -- one that’s also promoted by 2010 UN recommendations -- is to limit the chances of an “incorrect perception after a breakdown in information and communication technologies,” meaning a network disruption. 

Further dialogue on codes of conduct, along with “information exchanges on national legislation” also are required under the dictate. Currently, Republicans and Democrats are at a stalemate over domestic and international cyber reforms, mostly due to disagreements about regulation of U.S. private networks. At one point, the Senate raised eyebrows after proposing what was interpreted as a “kill switch” to cut off U.S. Internet access during war, a step the Syrian government took last week creating widespread alarm. The measure was quickly stricken.

U.S. officials often criticize Russia’s online behavior, charging the government with sponsoring cybercrime and Internet censorship. An assessment by the office of the director of national intelligence reported that Russia uses human intelligence and cyberspace to collect U.S. information and technology that could bolster its struggling economy.

The head of the Russian delegation to the OSCE, Alexander Kozlovsky, signed the organization’s statement on cyber norms in 2011. Simon said he does not know if the country is still on board, “but things look positive.”

State Department officials declined to comment on the resolution’s contents.

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.