Following yesterday’s release of Recorded Future’s research on Russia’s national vulnerability database, and the Trump-Putin summit in which it was suggested that the US and Russia work more closely on cyber initiatives, Priscilla Moriuchi has followed up with her thoughts. Please see below.
“Without a doubt there are many issues within the cyber context that the United States and Russia could work together on to improve. These include cyber operations in wartime, attacks on critical infrastructure, and cyber-enabled intellectual property theft among others.
However, operating a joint working group on cybersecurity in order to examine the digital and forensic evidence of Russian interference in the 2016 U.S. election would be both counterproductive and dangerous. Enabling Russia to gain an even greater understanding of U.S. cyber defences and analytic capabilities would put American citizens and businesses at even greater risk of attack.
In addition to the knowledge that Russian operatives have influenced U.S. elections through cyber operations, it is also clear that its handling of public vulnerability information demonstrates a fundamentally opposed approach to information security.
To authoritarian states like Russia and China, “control” of information technology and their public is the paramount concern. For Russia, “control” is a term that means complete power over and domination of the domestic information and technology space by the government.
This translates to control over hardware, software, and platforms, but also control over the content on those platforms and the citizens who utilise them. This type of state control is what we mean when we assess that the Russian vulnerability management is intended to support control of the Russian state– their database is a tool the Russian state uses to impose technology reviews on companies and other draconian controls on users.
Putin does not seek transparency in cyber operations with the United States, he seeks an advantage in what he views as a zero-sum power struggle with the West. A joint cyber operations working group would grant him that advantage.”