Risk
7/12/2011
02:01 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S., Russia Forge Cybersecurity Pact

The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The United States plans to start regularly sharing cybersecurity information with Russia as part of the Obama administration's efforts to re-establish closer ties to that country and clear up misconceptions surrounding the two nations' cyber policies.

Cybersecurity officials from both countries met last month to discuss policy coordination at a Russian delegation in Washington led by Russian National Security Council Deputy Secretary Nikolay Klimashin, according to a White House blog post by U.S. Cybersecurity Coordinator Howard Schmidt.

"Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship," he said.

Misunderstood incidents may include attacks on U.S. government infrastructure and networks by Russian hackers, who have raised their threat profile significantly in the last several years. The recent attacks on networks either owned by or containing information related to the federal government by Anonymous, LulzSec, and AntiSec hactivist groups have shed new light on this risk.

At the meeting, officials made a pact for collaboration on cybersecurity, including the exchange of military views on cyberspace operations and a regular information exchange between the Computer Emergency Response/Readiness Teams (CERTs) of both countries, according to a joint statement about the meeting by Schmidt and Klimashin.

The two countries also plan to use existing crisis-prevention communications links between the two countries to establish protocols for communicating about cybersecurity, they said.

"While deepening mutual understanding on national security issues in cyberspace, these measures will help our two governments better communicate about small- and large-scale threats to our networks, facilitate better collaboration in responding to those threats, and reduce the prospect of escalation in response to crisis incidents," officials said.

The two countries agreed to implement the cybersecurity measures by the end of the year, they added.

Just as the political relationship historically between the United States and Russia has been strained, so have their ideas about cybersecurity.

In 2009 the two countries famously disagreed over the issue, with Russia favoring an international treaty to secure cyberspace against threats and the United States promoting instead more intimate cooperation among international law-enforcement officials.

Fostering better collaboration with foreign nations on cyberspace policy is a key aspect of President Obama's International Strategy for Cyberspace Policy, which he released in May.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant