Cybersecurity "hotline" to link Washington and Moscow
Since 1988, the Nuclear Risk Reduction Center (NRRC) has been tasked with the mission of reducing the risk of nuclear conflict between the United States and Russia through a direct channel of communication—most notably via the famous “red phone.“
Today, Russia (and China) often has become the great bogeyman of the Internet, where many Western experts view its government as being unable or unwilling to go after online criminals and hackers. The Kremlin is widely viewed as being explicitly or implicitly involved in advocating, planning and possibly executing a DDOS attack against Estonian media, financial, and government websites in 2007. (Heck, one pro-Kremlin activist admitted as much in 2009.)
But now, notes The Washington Post, the NRRC is involved in helping set up a similar system for conflicts in cyberspace.
“The agreement would be the first between the United States and another country seeking to lessen the danger of conflict in cyberspace, and it would include other measures to improve communication and transparency,” the paper reported on Thursday. “It would be, officials and experts note, an initial step toward making cyberspace more stable.”
While specific details on who would have access to the “cyber hotline” are scant, and under what conditions messages would be transmitted, many experts have said that it’s a step in the right direction.
“I think this is very crucial between the US and Russia, and between the US and China,” Jose Nazario, a security researcher at Arbor Networks, told Ars on Thursday. “As a proof of concept, this will be very very valuable in helping to ease some tensions.”
Discussions of such a hotline have been in the works between all three countries for some time now, but this appears to be the closest to establishing such a formal agreement structure.
But Nazario also added that using the model of avoiding nuclear war doesn’t fully apply online. After all, it’s a lot easier to detect a missile launch, and gain meaningful information about it, than it is if a particular server suddenly gets flooding with overwhelming traffic.
“Cyber is fascinating because we don’t have those telltale signs, we think we do, but we recognize that they’re incredibly weak,” he said.
Other experts noted that one of the most basic problems with sorting out cyberattacks is the question of attribution. Any hacker or hacktivist with even the most basic networking knowledge is usually able to obfuscate his or her online trail.
“The discovery and attribution process generally starts with lists of the IP addresses from which the attack appears to be emanating,” Jim Cowie, the CTO of Renesys, a network analysis firm, in a Thursday e-mail sent to Ars.
“Using services like those we offer, it’s straightforward to map those attacker IPs back to the originating provider, identify the geographic location, name all of the the upstream transit providers who are carrying that traffic to the Internet, and identify the paths that traffic took from its source to the target. If both sides can get that far, they can at least establish some common awareness as they work toward attribution.”