A top White House cybersecurity aide said yesterday that transnational cybercrime, such as thefts of credit-card numbers and corporate secrets, is a far more serious concern than “cyberwar” attacks against critical infrastructure such as the electricity grid.
Christopher Painter, the White House’s senior director for cybersecurity, made his comments at a conference arranged by top Russian cybersecurity officials in Garmisch-Partenkirchen, Germany. Russia is a major source of cybercrime, but its government has declined to sign the European Convention on Cybercrime–the first international treaty on the subject. The treaty aims to harmonize national laws and allow for greater law-enforcement cooperation between nations.
Painter acknowledged that critical infrastructure needed to be made more secure, but said that the best defenses start by cracking down on crime. “There are a couple of things we need to do to harden the targets, and make the systems as secure as possible,” he said. “But the other thing you need to do is reduce the threat. And the predominant threat we face is the criminal threat–the cybercrime threat in all of its varied aspects.”
The European Convention on Cybercrime has been ratified by 29 countries, including the United States. Russia says it won’t sign because it doesn’t want give foreign law-enforcement agents trying to investigate crimes unfettered access to its Web data, which the convention requires. Instead, Russia wants an arms-control treaty in which all nations would agree not to use cyberweapons.
“There are a lot of controversial issues that need to be resolved before we can sign that convention,” said Vladislav Sherstuyuk, who leads the Institute of Information Security Issues at Moscow State University. Russia wants to “preserve state sovereignty and monopoly on the conduct of investigative activities based on existing domestic laws and procedures,” he says.
Critics say it would be difficult, if not impossible, to define and verify who possesses “cyberweapons,” and to tell whether a government or a rogue hacker was responsible for any attack that might have occurred.
Painter didn’t directly address this issue, but his presence–along with that of Secret Service and State Department staffers–suggests a new determination to engage with Russia.
“The United States and Russia have very different ideas about how to solve the international problem, but it’s clear there has been a decision in the Obama administration to engage more broadly with the Russians on this issue,” said Stewart Baker, who was assistant secretary for policy at the Department of Homeland Security during the second half of the Bush administration, and who is now a partner in the Washington law firm Steptoe & Johnson. “And there is a Russian interest in engaging on these issues. They’d like a reputation of being cooperative and they would like to find solutions to security problems. And that’s a good thing for both sides.”