Internet Conference, Signs of Agreement Appear Between U.S. and Russia
By JOHN MARKOFF
Published: April 15, 2010
GARMISCH-PARTENKIRCHEN, Germany — For the 140 computer network specialists, law enforcement agents and diplomats from eight countries who met in this German ski resort this week for a Russian-sponsored conference on Internet security, the biggest challenge was finding a common ground to discuss their differences.
Times Topic: Computer Security (Cybersecurity)
The barrier was not the variety of native languages but deep differences in how governments view cyberspace, according to many of the specialists there.
That challenge was underscored by a sharp rift between the United States and Russia. Americans speak about computer security and cyberwarfare; the Russians have a different emphasis, describing cyberspace in a broader framework they refer to as information security.
“The Russians have a dramatically different definition of information security than we do; it’s a broader notion, and they really mean state security,” said George Sadowsky, a United States representative to the Internet Corporation for Assigned Names and Numbers, or Icann, the closest thing to a governing body for the global network.
What has changed, however, is the Obama administration’s decision this year to begin actively discussing these differences with the Russians. While last year only a single American academic computer security specialist attended the conference, this year more than a dozen Americans attended, including Christopher Painter, the second-ranking White House official on cybersecurity, and Judith Strotz, the director of the State Department’s Office of Cyber Affairs.
The two nations, according to Russian officials, have agreed to renew bilateral discussions that began last November in Washington.
“An international dialogue on cybergovernance, crime and security is really long overdue,” said Charles L. Barry, a research fellow at the National Defense University. “There’s really only one network out there. We’re all on it, and we need to make it safe.”
Mr. Painter, speaking on Tuesday, said there had been significant improvement in international law enforcement cooperation in recent years. To respond to challenges in cyberspace, he said, strong laws, trained crime investigators and efficient international cooperation are needed.
The United States has succeeded in creating a global 24-hour, seven-day network of law enforcement agencies in 50 nations, which have agreed to collect and share data in response to computer attacks and intrusions. While officials from both nations said that law enforcement cooperation had improved, the Russians have refused to sign the European cybercrime treaty, which the United States strongly backs.
At the same time, for the past 13 years, the Russians have been trying to interest the United States in a treaty in which nations would agree not to develop offensive cyberweapons or to conduct attacks on computer networks. The United States has repeatedly declined to enter into negotiations, arguing instead that improved law enforcement cooperation among countries is all that is necessary to combat cybercrime and cyberterrorism.
On Monday, Gen. Vladislav P. Sherstyuk, under secretary of the Russian Security Council, criticized the treaty, saying that a provision effectively violated Russia’s sovereignty by permitting foreign law enforcement direct access to the Russian Internet.
The general also restated Russian concerns about the absence of an international treaty limiting military uses of the Internet. “Cyberattacks are left out of international military law,” he said. “Information technology can be used as a tool to undermine national peace and security.”
The Americans have accused the Russians of turning a blind eye to cybercriminals who have operated with relative impunity from Russia. In turn, the Russians have criticized what they see as American “hegemony” over the Internet and privately express concerns that the United States has retained a “red button” — the power to shut off the Internet for specific countries.
Yet despite these differences, in Garmisch this year there were also signs of agreement between Russians and Americans.
The conference, sponsored by Lomonosov Moscow State University, Icann and several Russian companies, is the brainchild of General Sherstyuk. Several of the conference attendees said the gathering, which is in its fourth year, was an effort by General Sherstyuk to build international support for his work. He has been the principal force behind Russian efforts to create a treaty limiting cyberwarfare development.
Academic and government officials from other countries, including India and China, attended this year. However, recent episodes like Google’s claims in January that it had suffered the theft of its software and intrusions on human rights advocates from China, and a recent Canadian report about a Chinese computer spying system focused on India, were not discussed.
During a panel discussion on computer crime, Col. Gen. Boris N. Miroshnikov, an official with the Russian Interior Ministry, and Stewart A. Baker, a fellow at the Center for Strategic and International Studies in Washington, and the former chief counsel for the National Security Agency, agreed that the most important step in combating Internet crime would be to do away with the anonymity that has long been a central tenet of Internet culture.
“Anonymity is an invitation to criminals,” General Miroshnikov said.
Mr. Baker agreed, saying, “Anonymity is the fundamental problem we face in cyberspace.”
This week, the Russians were optimistic that progress was being made in bridging more of the cultural divide that has hindered international cooperation.
According to one Russian business executive who has attended all four Garmisch events, the tenor of this meeting was markedly different from that of earlier meetings dominated by the Russians. “In the past, the largest group was from the F.S.B.,” he said, referring to the Russian intelligence agency, “who were here for an annual vacation.”