U.S., Russia, other nations near agreement on cyber early-warning pact

U.S. Secretary of State Hillary Clinton speaks during the 2011 Organization for Security and Cooperation in Europe conference in Lithuania.

U.S. Secretary of State Hillary Clinton speaks during the 2011 Organization for Security and Cooperation in Europe conference in Lithuania. J. Scott Applewhite/AP

Measures are aimed at avoiding inadvertent network disruptions.

The United States, Russia and other members of a powerful international assembly as early as Friday could finalize an agreement to warn each other about governmental cyberspace activities that may be misconstrued as hostile acts to avert international conflicts.

Delegates to the 57-member Organization for Security and Cooperation in Europe, including Secretary of State Hillary Clinton, are moving forward on discussions to approve the confidence-building measures, OSCE Parliamentary Assembly officials said.

The United Nations-recognized regional organization develops politically-binding pacts that stop short of being official treaties. But the UN often refers to the organization’s policies in its actions.

“This would be a real win and a move toward greater cooperation,” Neil Simon, director of communications for the OSCE Parliamentary Assembly, told Nextgov on Wednesday. “The parliamentarians are optimistic that it will be included in the final ministerial decision on Friday.”

Whereas missile tests during the Cold War presented the threat of accidental nuclear warfare, today’s threat is the relative silence about government-sponsored cyber operations. According to The Washington Post, Russia and the United States, as part of a separate effort, are establishing a secure communications channel so that the two countries can alert each other to cyber activities that could be mistaken for acts of aggression.

All 57 nations from North America, Europe and Central Asia that participate in the organization must reach a consensus for the OSCE to adopt the declaration, so any one country can effectively veto the accord. “Negotiations are ongoing,” Simon said.

Delegates will discuss the mandate on Thursday at a meeting of the OSCE Ministerial Council in Dublin, which Clinton is expected to attend.

The new decree stems partly from provisions in a 2011 OSCE annual statement intended to guide future policy decisions.

A draft resolution reviewed by Nextgov calls for “confidence-building, stability and risk reduction measures” to address the implications of a nation state’s use of cyberspace, “including exchanges of national views on the use of [information technology] in conflict.”

The overarching goal -- one that’s also promoted by 2010 UN recommendations -- is to limit the chances of an “incorrect perception after a breakdown in information and communication technologies,” meaning a network disruption. 

Further dialogue on codes of conduct, along with “information exchanges on national legislation” also are required under the dictate. Currently, Republicans and Democrats are at a stalemate over domestic and international cyber reforms, mostly due to disagreements about regulation of U.S. private networks. At one point, the Senate raised eyebrows after proposing what was interpreted as a “kill switch” to cut off U.S. Internet access during war, a step the Syrian government took last week creating widespread alarm. The measure was quickly stricken.

U.S. officials often criticize Russia’s online behavior, charging the government with sponsoring cybercrime and Internet censorship. An assessment by the office of the director of national intelligence reported that Russia uses human intelligence and cyberspace to collect U.S. information and technology that could bolster its struggling economy.

The head of the Russian delegation to the OSCE, Alexander Kozlovsky, signed the organization’s statement on cyber norms in 2011. Simon said he does not know if the country is still on board, “but things look positive.”

State Department officials declined to comment on the resolution’s contents.