Cybersecurity , Info Sharing , Risk Management

Would Talking to Russians About Cyber Reward Bad Behavior? Experts Debate Conditions When US, Russia Should Engage in Cybersecurity Negotiations
Would Talking to Russians About Cyber Reward Bad Behavior?
Herbert Lin, left, and Paul Rosenzweig (Photos: Stanford University, Heritage Foundation)

Would negotiating about cybersecurity with the Russians - who used hacking to influence the 2016 U.S. presidential election - reward bad behavior?

That question is at the crux of a debate over whether the United States should engage with Russia on seeking some type of agreement on keeping cyberspace safe. It comes after President Donald Trump tweeted that he spoke with Russian President Vladimir Putin about establishing a cybersecurity unit to address both nations' cybersecurity concerns, an idea Trump later withdrew after heavy criticism from Congress (see When Would US-Russian Cyber Talks Be Appropriate?).

In an in-depth joint interview (see link to audio below photos) with Information Security Media Group, two experts offer differing points of view on cybersecurity talks with Russia.

"Never do so when engaging in the discussion - [it] would be seen either by your opponent or other outside observers as a reward for bad behavior, or as disregarding bad behavior," says Paul Rosenzweig, an IT security lawyer and consultant, who served as a Department of Homeland Security senior policymaker during the administration of George W. Bush. "There are things that we could profitably talk to the Russians about, just as there are things that we can profitably talk to the Chinese about right now in the cyber domain. Doing it, at this moment with respect to Russia, would be essentially rewarding them for bad behavior."

Stanford University cybersecurity scholar Herbert Lin offers a contrarian point of view:

"I don't see the value of stopping talking with adversaries, even if some people do see it as a 'reward'," Lin says. "I've been an advocate, in a variety of contexts, about talking to the North Koreans, too. And a lot of people say, 'No, no, you can't [do] it because it would reward bad behavior and so on.' And, I think that's essentially cutting off our nose to spite our face. If it's in America's self-interest to do it, we can make a clear case as how it is, then I think we should be doing it. And, optics be damned about it."

Other Subjects Tackled

Among the other topics the two security experts address in their joint interview:

  • How China's dialogue with the U.S. could serve as an example of possible American-Russian cybersecurity talks;
  • Punishing adversaries for bad acts in cyberspace; and
  • The failure of multilateral talks to establish norms of behavior in cyberspace.

Lin is a senior research scholar at the Center for International Security and Cooperation and the Hank J. Holland Fellow at the Hoover Institution, both situated at Stanford University. His research interests relate to policy-related dimensions of cybersecurity and cyberspace, particularly in the use of offensive operations in cyberspace as instruments of national policy. In 2016, he served as a member of the White House Commission on Enhancing National Cybersecurity. Lin holds a doctorate in physics from the Massachusetts Institute of Technology

Rosenzweig is a senior adviser to The Chertoff Group, a homeland security advisory service, and a professional lecturer in law at Georgetown University. He also is a visiting fellow at the think tank The Heritage Foundation. Rosenzweig served as deputy assistant secretary for policy at DHS during the four final years of the George W. Bush administration. He's a graduate of the University of Chicago Law School.




Around the Network