What is the future of a cyber detente after Biden and Putin’s Geneva summit?

A cyber detente between Russia and the USA started in Geneva with the easing of tensions and kick off of bilateral cybersecurity consultations. Biden and Putin built on the dynamism of successful outcomes in cyber processes at the UN in the last few months; by establishing direct contacts in the aftermath of ransomware attacks and the overall de-escalation of rhetoric (see more: here). The cyber detente barometer clearly shows a trend from conflict towards cooperation.

The evolution of cyber detente, including pressure in the above barometer, is monitored around a few tangible parameters: prosecution of (some) cybercriminals and groups, the dynamism of the bilateral expert dialogue and overall cooperation, the impact of cyber detente on other global policy processes. 

Will Russia take legal action against cybercriminals the USA claims to be behind the ransomware attacks?

After the Geneva Summit, Putin confirmed his previous stance that Russia will be ready to take action against cybercriminals. Although he hinted before the summit that he may extradite them, this is not likely to happen soon since Putin conditioned this on reciprocity by the USA. The overall arrangement in a very tricky area of extradition for big powers is likely to take some time. However, the prosecution of cybercriminals in Russia would be the more realistic next step in easing tensions and rebuilding trust.

Interview with Elena Chernenko from the Russian daily ‘Kommersant’ 

Will bilateral cyber relations develop?

The summit’s main breakthrough was the start of the consultation process on cybersecurity. Biden drew a ‘red line’ around 16 critical infrastructures in the USA that would be specially protected and any attack on them – or a violation of the US ‘democratic sovereignty’ or destabilisation of democratic elections – would trigger a strong counter-reaction. After the meeting, Biden clarified that the US will respond to the breach of agreed norms in a ‘cyber way’ – by using its ‘significant cyber capability’; he also confirmed that military responses are not an option for cyberattacks.

After the Geneva summit, it remains unclear if cyber issues will join nuclear issues on the agenda of a bilateral strategic stability dialogue. The hint in this direction is provided by Biden’s remark that strategic dialogue should focus on  ‘control of new and dangerous and sophisticated weapons that are coming on the scene now that reduce the times of response, that raise the prospects of accidental war’. Although cyber is not explicitly mentioned in this remark, it can easily fit this definition. 

Interview with Chris Painter, former US coordinator for cyber issues

In addition to the official channels, one should monitor cooperation between academia and the research community that has always played an important role in supporting a ‘detente’ atmosphere. Lastly, one should also monitor the overall rhetoric between the two countries, including policy statements and media coverage. 

Will the spirit of Geneva’s cyber detente spill into other forums?

• The implementation of the Organization for Security and Co-operation in Europe’s (OSCE) cyber confidence-building measures could be further discussed if there is enough political will, especially by the USA and Russia.
• The second UN cyber Open-ended Working Group (OEWG) will continue its work until 2025. Any substantive breakthrough will depend on the two countries.
• The G-20 can widen the cyber detente to other major actors including China, the EU, and India.
• The UN Cybercrime Convention is likely to be negotiated as per the recently submitted resolution of Russia to the UN General Assembly (UNGA). Although the USA opposed this initiative, it influenced the wording of the resolution through negotiations with Russia. More policy bridges are needed between the US-led approach to have the global application of the Budapest Convention (2004) and the Russian-led initiative for a new UN Convention on Cybercrime.