ArchiveOODA OriginalSecurity and Resiliency

Can Moscow Break Biden’s Full-Court Press Against Russian Cyber Criminal Malfeasance?

In July 2021, the United States and Russia held their first round of formal cybersecurity discussions. The meeting came on the heels of the June Geneva summit between U.S. president Biden and Russian president Putin, where Biden handed his counterpart a list of sixteen critical infrastructures that shouldn’t be targeted by Russian cybercriminals. The later July meeting was described as “substantive and professional”, although the cyber component focused more on strategic issues than ransomware campaigns and other hacking activities. A second meeting transpired in late September behind closed doors. While little has surfaced about what was discussed, an October interview with the Russian Ambassador to the United States intimated that modest progress was made with practical results having been achieved on cybercrime. While he did not reveal specifics, he stressed that the two sides achieved common understanding “regarding the goal of the strategic dialogue which is to define parameters of the arms control architecture.”

These high-level talks are important as they come at a time when cyber malfeasance continues to increase, impacting those industries and sectors on which civilians, economies, and governments rely. Attacks against supply chain, energy, water, fuel, and food, many of which are believed to have been orchestrated by Russian nationals, have underscored the need for the international community to try to find practical ways to reduce the volume of activity. Making matters more difficult is the United States’ resentment of Russian involvement in disrupting the 2016 and, to a lesser extent, the 2020 U.S. presidential elections. To be fair, Moscow has denied the charges and has even pointed at suspected U.S. involvement in hacking Russia’s own recent elections. Nevertheless, such antagonism is at the root of these talks, which by all accounts have not been as productive as they could have been.

The most beneficial development is the mutual concurrence that cyberspace issues are an area that requires continued discussions. The two sides agreed to create working groups that would focus on particular issues of strategic interest (such as cybersecurity). Engagement is always a positive step, but the complexities of the differences in key strategic areas may be too challenging to overcome without give-and-take across a variety of issues – including limiting both offensive and defensive strategic weaponry, as well as including China in the arms control process. It is difficult to imagine many of these issues being resolved independently of one another. While cyber is being discussed in a security context, the strategic nature of cyber-attacks and how they can impact a country’s national security and economic well-being is not lost on either side.

What’s noteworthy is that after these meetings, the Biden Administration decided to convene a 30-country meeting to discuss the growing cyber-crime problem. Over two days, the meeting included several sessions that addressed a variety of topics – such as virtual currency and cyber-criminal activities, prosecuting ransomware criminals, diplomacy as a tool to mitigate ransomware activity, and helping improve state resiliency to ransomware attacks. As the U.S. national security adviser said, this was “an integrated effort to disrupt the ransomware ecosystem.” Conspicuously, Russia was left off the list of participants in the meeting, an interesting omission considering Russian cyber criminals’ perpetuation of ransomware campaigns that have netted millions of dollars in extortion fees. There is a belief that Russian cybercriminals operate with the tacit approval of the Russian government as long as they do not target Russia or countries in the Commonwealth of Independent States. Indeed, many malware strains are coded to avoid executing on systems in these countries.

Purposeful exclusion from such a meeting is a clear shot at Moscow consistent with Biden’s multilateral approach to confronting adversaries. When it appeared that direct engagement with Putin in Geneva didn’t yield Biden’s expected results, the U.S. president resorted to rallying global partners to use in tandem with direct diplomacy, a move reminiscent of the establishment of the four-nation Quad to counter China’s regional aspirations. However, the Quad is best positioned to address China’s expansionism in Southeast Asia and can increase its maritime presence as a unified multi-national counterbalance. Any additional influence such as sanction imposition can be applied by all parties, often canceling out their effectiveness. The economic muscle may hurt, but has not broken, even the staunchest of adversaries.

The digital domain is less structured and rigid than a physical domain, however, making any effort to “box in” an offending state is a more difficult endeavor. It is unlikely that there will be a consensus of the 30-nation conclave on the next steps to try to influence Moscow to reign in its cyber-criminal proxy, as that will require governments to take a formal position that could, should this confederation’s resolve weaken, backfire. Such states do not want to be on the cyber receiving end of sophisticated and angry nationalistic non-state actors, no less a state actor that Microsoft has identified as perpetrating 58 percent of the nation-state cyber-attacks it has detected in the past year. Moreover, coercing a government (even adversarial ones) runs contrary to the spirit of one-on-one dialogue and finding areas for meaningful collaboration.

Failing at diplomacy only drives Moscow into friendlier arms. Russia has already established various cybersecurity agreements with China and Iran, and any further delineation of “us” versus “them” serves to strengthen resolve, and recruit states not yet committed to their positions. Russia and China have been long trying to get the global community on board with their vision of cyber sovereignty and will no doubt continue to use disagreements with the West to encourage undecided governments to side with them. This is a curious tactic by the United States as it is rife for the misinterpretation of state actions. This posture does not de-escalate potential conflicts, but as Russian Deputy Foreign Minister Ryabkov put it, only increases the “risk of new aggravations.”

The real test for the United States is how will it stand up to Russia should this conclave prove ineffective. Currently, the United States appears to be negotiating from a standpoint of weakness. Its hasty Afghanistan withdrawal, its foreign policy missteps, and its emergence as an unpalatable “woke” dictatorship have weakened the U.S. stature in the world. The U.S. appears less willing to lead so much as to be included in a herd of nations whose enthusiasm for corralling Russia will steadily wane. Look at China, the world’s leading purveyor of global intellectual property theft via cyber espionage. The U.S. can’t get a group of nations together to try to curb China’s activities – activities that have impacted a preponderance of nations in the world – despite attributing activity to intelligence and military units dedicated to cyber theft. How does Washington expect to do that to Moscow, especially when Biden has said that there was “no evidence” that the Russian government was involved in ransomware attacks?

“Keeping your enemies close” is an adage that has much value in global geopolitics, and one that is often misunderstood. It doesn’t mean trusting your enemy as much as potentially positioning for improved relations while keeping a close eye on the adversary’s activities. During the several crises facing his administration, Biden would be better-served attempting to engage Moscow more frequently and, in many environments, rather than trying to apply a full-court press to get Russia to mend its ways. Such aggressive tactics only has credible success against ill-composed adversaries in vulnerable positions who lack the talent and resolve to grit out tough situations. And for a country with the reputation and capability to destabilize the natural order, that is a profile that doesn’t seem to apply to Russia’s current condition.

Opportunities for Advantage

All of this exponential disruption means we must make focused efforts to gain advantage. Stay informed on a variety of these critical issues at and during our monthly OODA Network meetings and Salons.


Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.