President Trump announced Sunday on Twitter that he and Russian President Vladimir Putin were talking about forming an “impenetrable Cyber Security unit” to prevent election hacking in the future.
Other U.S. politicians, including Sen. Marco Rubio (R-Fla.), have reacted with consternation. Rubio suggests that partnering with Putin on cybersecurity would be like partnering with Syrian President Bashar al-Assad on a “Chemical Weapons Unit” (Assad is widely believed to have carried out chemical weapons attacks on his own people). The U.S. ambassador to the United Nations, Nikki Haley, has defended Trump, saying that the United States doesn’t trust Russia but that “you keep those that you don’t trust closer, so that you can always keep an eye on them and keep them in check.” So why are Rubio and many others so critical of Trump, and does Haley’s defense make any sense?
Sometimes, it makes sense to cooperate with states that you don’t trust on cybersecurity
There is some precedent for working with states that you don’t trust on cybersecurity issues. During the Obama administration, the United States and China reached an agreement on how to deal with contentious issues in cybersecurity. Both the United States and China hack into each other’s systems on a regular basis. The agreement was not intended to stop this but to prevent it from getting out of control in ways that might damage bilateral arrangements. Thus, the agreement created a kind of hotline for communication and information sharing about potentially problematic behavior, as well as a continuing dialogue on cyber issues. It also ruled out efforts by state actors to steal intellectual property (the United States had persistently complained that Chinese state hackers stole U.S. companies’ secrets and passed them on to Chinese competitor firms). To the surprise of many in the United States, the agreement seems to have helped moderate Chinese efforts to steal commercial secrets, although there is disagreement over whether this was because China was shamed and wanted to preserve honor, or alternatively used the agreement to impose control over unruly hackers.
Either way, this deal worked — to the extent it did work — because both states had roughly convergent interests over a very limited set of issues. It did not involve the exchange of truly sensitive information — China does not trust the United States with details of its defenses against cyberattacks, and the United States does not trust China. Instead, the two sides have looked to manage their disagreement, rather than engage in deep and extensive cooperation.
That doesn’t appear to be what Trump wants
As Trump has described his discussions with Putin, both want something much more far-reaching than the deal that Obama reached with China. Instead of setting up dialogue, Trump wants to engage in true cooperation. He wants to set up a joint “unit” that would handle election security issues so as to prevent hacking. This unit would, furthermore, be “impenetrable.”
Critics in the United States have unsurprisingly interpreted this proposal as a transparent ploy by Trump to sideline accusations that Russian hackers helped him win the presidential election. However, even if Trump’s proposal is taken at face value, it doesn’t make much sense.
U.S. officials don’t trust the Russians
If the proposed cybersecurity unit were to work effectively, the United States would need to share extensive information with Russia on how U.S. officials defend elections against foreign tampering. The problem is, however, that information that is valuable for defending U.S. systems is, almost by definition, information that is valuable for attacking them, too. This is one reason U.S. officials have not previously proposed any far-reaching arrangement with Russia on cybersecurity. Providing such information would almost certainly give the Russians a map of vulnerabilities and insecurities in the system that they could then exploit for their own purposes.
It would not only provide the fox with a map of the henhouse, but give him the security code, the backdoor key, and a wheelbarrow to make off with the carcasses. U.S. officials have determined that Russian hackers have probed U.S. election systems, presumably to discover vulnerabilities that they could exploit. Although there is no evidence that Russia actually manipulated machines to alter the vote in the 2016 election, there is excellent reason to believe that Russia has carefully considered the pros and cons of direct intervention, as well as the hacking and leaking that it did engage in.
Furthermore, when Trump says that this unit would be “impenetrable,” he implies that Russia and the United States would cooperate on making it secure against outside hacking by third parties. Again, such cooperation is wildly unlikely to work well. To make it work, the United States would have to share sensitive methods with Russia, as well as vice versa. Neither side is going to want to do this, because again it would provide potential adversaries with a deep understanding of protective measures, which might allow those adversaries to penetrate them.
In short, the kind of cooperation that Trump is proposing would be very hard to accomplish between close allies with deeply shared security interests (the United States shares a lot of secrets with select allies — but it does not share everything, for the same reasons that they do not share their deepest defensive secrets with the United States). It is more or less impossible to carry off with a state that not only is often an adversary but has recently demonstrated its desire to hack U.S. elections, if only it could get away with it.
Any arrangement would be a win for Putin
If Trump’s tweet reflects a change in U.S. policy, it is potentially a big win for Russia’s government. One of the reasons that U.S.-Russia relations deteriorated during the Obama presidency was Putin’s belief that the U.S. was interfering in other countries’ elections and that he was going to be the next target. Russia today is a “managed democracy,” which allows some electoral competition, as long as it does not threaten the power of the government. This means that the Russian government saw the various pro-democracy movements supported by the U.S. during the “Arab Spring” and in Ukraine as an existential threat. The U.S. was not only encroaching in countries that Russia thought of as part of its sphere of influence. It was perhaps threatening to support a “pro-democracy” movement in Russia itself, which would topple Putin and his allies from power. Hence, Russia has insisted in various international debates that cybersecurity be defined so as to prevent foreign interference in Russia’s electoral process.
Trump’s willingness to play ball with Russia on elections may or may not stem from his domestic problems. From Putin’s perspective, however, it is an unmitigated win. If the United States is willing to cooperate with Russia on election security, it suggests that the United States is willing to treat Russian elections as legitimate and is perhaps beginning to accept Russia’s understanding of democracy promotion as an unacceptable form of interference in other countries’ domestic politics.
Any deal will see massive pushback from U.S. intelligence services
As is often the case with Trump’s tweets, it is unclear whether they reflect any real policy process. Trump is not noted for his fine grasp of the niceties of policy, and he deliberately excluded other senior officials from his discussions with Putin.
However, if he is contemplating a deal that even slightly resembles the one described in his tweet, it will probably lead to enormous resistance from U.S. intelligence and security officials, and from Congress. Such a deal would represent an extraordinary departure from existing U.S. practices and the U.S. understanding of its national security. Haley’s defense of Trump’s actions is a version of the old dictum that you should keep your friends close and your enemies closer. However, this doesn’t really describe what Trump has suggested, which is less about keeping an eye on Russia and more about providing Russia with a detailed map of America’s core vulnerabilities.