Risk
7/12/2011
02:01 PM
50%
50%

U.S., Russia Forge Cybersecurity Pact

The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The United States plans to start regularly sharing cybersecurity information with Russia as part of the Obama administration's efforts to re-establish closer ties to that country and clear up misconceptions surrounding the two nations' cyber policies.

Cybersecurity officials from both countries met last month to discuss policy coordination at a Russian delegation in Washington led by Russian National Security Council Deputy Secretary Nikolay Klimashin, according to a White House blog post by U.S. Cybersecurity Coordinator Howard Schmidt.

"Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship," he said.

Misunderstood incidents may include attacks on U.S. government infrastructure and networks by Russian hackers, who have raised their threat profile significantly in the last several years. The recent attacks on networks either owned by or containing information related to the federal government by Anonymous, LulzSec, and AntiSec hactivist groups have shed new light on this risk.

At the meeting, officials made a pact for collaboration on cybersecurity, including the exchange of military views on cyberspace operations and a regular information exchange between the Computer Emergency Response/Readiness Teams (CERTs) of both countries, according to a joint statement about the meeting by Schmidt and Klimashin.

The two countries also plan to use existing crisis-prevention communications links between the two countries to establish protocols for communicating about cybersecurity, they said.

"While deepening mutual understanding on national security issues in cyberspace, these measures will help our two governments better communicate about small- and large-scale threats to our networks, facilitate better collaboration in responding to those threats, and reduce the prospect of escalation in response to crisis incidents," officials said.

The two countries agreed to implement the cybersecurity measures by the end of the year, they added.

Just as the political relationship historically between the United States and Russia has been strained, so have their ideas about cybersecurity.

In 2009 the two countries famously disagreed over the issue, with Russia favoring an international treaty to secure cyberspace against threats and the United States promoting instead more intimate cooperation among international law-enforcement officials.

Fostering better collaboration with foreign nations on cyberspace policy is a key aspect of President Obama's International Strategy for Cyberspace Policy, which he released in May.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.