[This report originally appeared on CyberScoop. It's been reprinted here with permission.]
A former deputy director at the National Security Agency said that the idea of a joint U.S.-Russian cyber security unit is not as ridiculous as it sounds, as long as the U.S. side isn’t gullible enough to believe everything the Russians say.
“I don’t think it’s absurd, but if you expect the Russians are going to deal with that transparently, and then we’ll get answers that you can take at face value, I think that’s naive,” former NSA Deputy Director Chris Inglis said in an interview.
Inglis, who left the NSA in 2014, said it might be worth entertaining the idea of a joint unit just “to see how far they’re willing to go.”
“What are you willing to put on the table, Russia? If you don’t ask, you’re not going to get,” Inglis said. “But we should hedge our bets. We should have very low expectations about what you get out of something like that.”
In January the heads of U.S. intelligence published a report alleging that the Russian government, under direction from President Vladimir Putin, attempted to interfere with the 2016 presidential election in order to help then-candidate Donald Trump, who repeatedly called for better relations with Russia. Part of the influence campaign, the intelligence officials said, included hackers linked to Russian spy services stealing emails belonging to the Democratic National Committee and Clinton campaign chairman John Podesta and then arranging for them to be leaked online.
In July, President Donald Trump tweeted that during his meeting with Russian President Vladimir Putin at the G-20 Summit the two “discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded… and safe.”
The far-fetched-sounding tweet was met with immediate and stinging ridicule from pundits and lawmakers on both sides of the aisle. Sen. Lindsay Graham, R-S.C., called it, “not the dumbest idea I’ve ever heard, but it’s pretty close.”
Trump quickly backtracked, saying in another tweet that the “fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t-but a ceasefire [in Syria] can, & did!”
A few days later, however, Russian Foreign Minister Sergey Lavrov made what appeared to be a taunting statement on the idea, hinting at Russia’s digital espionage efforts against the West. “Some U.S. Congressmen have accused President Trump of doing a deal with the devil. This is childish,” he said. “If you are a normal person and you are concerned about Russia’s allegedly illegal actions in cyberspace, you should be interested in holding a direct discussion with the suspect.”
Inglis said Lavrov may have handed the U.S. an opening.
“It may well be that they don’t want to do this, and that they’re essentially bluffing us,” Inglis said. “At worst, this is calling their bluff. And that shows transparently who’s willing to step and do something that’s [in line] with the international order… I think we can get to a point where we can say we can’t go further without Russian assistance and at that point there’s nothing lost in asking for their assistance.”
It would be a delicate game, Inglis said, and the U.S. would have to be careful about what information it brought to the table to pressure Russia to provide something of value on its side — like access to organizations or individuals of interest residing Russia. (Putin said in June that some “patriot[ic]” hackers not working for the government may have targeted the U.S. election.)
The information the U.S. would want to protect most is the raw evidence that led U.S. intelligence officials to conclude Russia attempted to meddle in the 2016 election in the first place, which Putin has reportedly requested.
“They would love to get that,” Inglis said. “And you can expect that if we give it to them, then my bet is what they would do is say, ‘Thank you so much for telling us about that, we’ll look into it,’ and we may never hear another word from them. But you can bet that information would go back to whatever unit it was that was doing that, and [they’d say,] ‘Hey, you better cover up this trail.'”
Inglis said the U.S. would do better not to agree to any “norms” should anything like the deal come to pass, since it would likely “handcuff the party that’s honest and allow free reign to the party that’s not.”
It’s a note of caution Trump could be hearing from inside his National Security Council. A senior official there, Christopher Ford, penned an essay in The New Atlantis in 2010 urging the U.S. government to view any cyber cooperation proposal from Moscow or Beijing with an abundance of suspicion.
“Even when proposals for treaties are presented in ways that appeal to our sense of what an international legal remedy should look like — and indeed, perhaps especially then — we must be alive to the possibility that what seem to be solutions may in fact be intended by others to bring about very different ends than we might desire,” wrote Ford, who was then a senior fellow at the Hudson Institute.
The essay goes on to describe Ford’s view that the Russian government sees cyber operations as vital ingredients in larger information operations designed to “thwart possible adversary coalitions and attempting to shape public opinion — both that of the Russian people and that of the civilian populations of adversary countries.”
Ford did not discount discount the possibility that Moscow- or Beijing-proposed international cyber agreements, specifically in cyber arms control, could be beneficial to all parties, but he urged the U.S. government to keep its eyes open.
“We clearly do face enormous threats from cyber attack, and if arms control approaches can help lessen them, we would be remiss were we not to consider such measures, or indeed to propose good ones ourselves,” he wrote then. “But the distinct, opposing, and potentially misleading interests of other nations should make our initial stance toward such suggestions be one of caution, even while we remain open to constructive possibilities.”