Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

U.S., Russia Forge Cybersecurity Pact

The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The United States plans to start regularly sharing cybersecurity information with Russia as part of the Obama administration's efforts to re-establish closer ties to that country and clear up misconceptions surrounding the two nations' cyber policies.

Cybersecurity officials from both countries met last month to discuss policy coordination at a Russian delegation in Washington led by Russian National Security Council Deputy Secretary Nikolay Klimashin, according to a White House blog post by U.S. Cybersecurity Coordinator Howard Schmidt.

"Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship," he said.

Misunderstood incidents may include attacks on U.S. government infrastructure and networks by Russian hackers, who have raised their threat profile significantly in the last several years. The recent attacks on networks either owned by or containing information related to the federal government by Anonymous, LulzSec, and AntiSec hactivist groups have shed new light on this risk.

At the meeting, officials made a pact for collaboration on cybersecurity, including the exchange of military views on cyberspace operations and a regular information exchange between the Computer Emergency Response/Readiness Teams (CERTs) of both countries, according to a joint statement about the meeting by Schmidt and Klimashin.

The two countries also plan to use existing crisis-prevention communications links between the two countries to establish protocols for communicating about cybersecurity, they said.

"While deepening mutual understanding on national security issues in cyberspace, these measures will help our two governments better communicate about small- and large-scale threats to our networks, facilitate better collaboration in responding to those threats, and reduce the prospect of escalation in response to crisis incidents," officials said.

The two countries agreed to implement the cybersecurity measures by the end of the year, they added.

Just as the political relationship historically between the United States and Russia has been strained, so have their ideas about cybersecurity.

In 2009 the two countries famously disagreed over the issue, with Russia favoring an international treaty to secure cyberspace against threats and the United States promoting instead more intimate cooperation among international law-enforcement officials.

Fostering better collaboration with foreign nations on cyberspace policy is a key aspect of President Obama's International Strategy for Cyberspace Policy, which he released in May.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.