How Trump Got Putin Wrong on Cybersecurity; The idea that Russia and the U.S. work out the rules of engagement in cyberspace isn’t crazy.

File Image of Stylized Eye Surrounded by Binary Code

(Bloomberg – bloomberg.com – Leonid Bershidsky – July 10, 2017)

Leonid Bershidsky is a Bloomberg View columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.

One of the many challenges of dealing with Donald Trump is that he sometimes misunderstands things. The fallout from Trump’s meeting with Russian President Vladimir Putin Friday shows just how problematic that can be.

Trump tweeted upon his return from Hamburg that he and Putin “discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.” That sounded alarming. Indeed, most commentators took the tweet to mean that the U.S. president was thinking forming a joint cyber defense mechanism with a foreign leader accused by U.S. intelligence services of hacking the 2016 presidential election. People were predictably outraged.

A comment under the tweet expressed mock regret that Osama bin Laden was dead and couldn’t join forces with Trump in countering terrorism. Senator Marco Rubio offered a similar reaction: “Partnering with Putin on a “Cyber Security Unit” is akin to partnering with Assad on a “Chemical Weapons Unit.”

“It’s not the dumbest idea I’ve ever heard, but it’s pretty close,” Senator Lindsey Graham commented on NBC’s “Meet the Press.”

But what would an “impenetrable Cyber Security unit” actually do, and was it even a thing? Here’s how Putin addressed the subject at the brief press conference he gave after the G-20 summit:

“We agreed with the President of the United States that we would set up a working group and will work together on the subject of jointly controlling security in cyberspace, of making sure international legal norms would be unconditionally followed in this area and meddling with the domestic affairs of foreign states wouldn’t be permitted.”

In the original Russian, this means setting up a group that would work out clear rules of engagement in cyberspace, as well as notions of what would and wouldn’t be permissible and a de-escalation mechanism. It’s not the smartest idea I’ve ever heard, but it’s pretty close.

Today, Russia and the U.S. are engaged in creeping cyberwarfare against each other, and they may well be working to disable or undermine each other’s critical infrastructure. The conflict is potentially deadly and, unlike military interactions between the two adversaries, not subject even to the most rudimentary rules or mutual arrangements. That needs to be fixed, and though a multilateral process under the auspices of the United Nations or perhaps the G-20 would be preferable, a bilateral working group would be a start.

I doubt that rules worked out by such a group would put political parties, think tanks and campaigns off limits for hackers. They could, however, clearly draw the line at hacking voting systems, transport networks or energy grids. There might be some clarity as to attribution mechanisms and appropriate responses. Intelligence could be shared if terrorist groups attempted to attack one of the two countries by cyber means.

Trump and Putin don’t need to be allies to agree on something like this; as heads of two largely hostile powers, they both have an interest in protecting their country’s vital infrastructure, physical and electoral, from hackers. Though voter opinion carries far more weight in the U.S. than in Russia, where opposition parties are kept weak, Putin would no doubt feel the heat if an attack was aimed against him.

It appears that Putin suggested forming the group in the same spirit as Russia and the U.S. have attempted to sort things out in Syria, where there’s a danger of direct military clashes. (The only specific result of the 136-minute meeting between Trump and Putin was a ceasefire in southwestern Syria — a possible precursor to the de facto partition of Syria into areas controlled by the Assad regime and its U.S. backed opponents.) And while the words “jointly controlling” sound ominous, in Russian, “control” is more oversight than dominance.

Trump, however, appears to have misunderstood the offer. In his mind, the working group turned into a joint “impenetrable unit” to guard against “negative things.”

That’s perhaps not surprising. Trump is still a political novice, and his mind must have been spinning after hours of discussion on subjects about which he’s only recently been learning. Unlike Putin, who prepares meticulously for every public appearance and every round of talks, taking pride in his memory for detail, Trump is unabashedly ad-hoc. Putin noted this trait during the meeting and spoke about it afterwards, masking it as praise:

“He analyzes rather quickly, answers the questions that are put to him or to certain new elements that arise during the discussion.”

Soon after tweeting about the “impenetrable unit,” Trump realized something was wrong with the idea as he’d grasped it. So he tried to walk back the earlier tweet, posting on Sunday,

“The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t — but a ceasefire can, & did!”

If some form of cooperation toward rule-making doesn’t take place, it will have been an opportunity lost in Trump’s poor translation of his own conversation. The implications for further interaction between Putin and Trump are even more troubling.

The lapse in understanding on a serious issue creates potential for frustration, false expectations and shaky deals. Perhaps, when the two meet again, they should have more people in the room who will be able to intervene, provide some background and make sure the presidents are clear on what they’re talking about.

©2017 Bloomberg L.P. All Rights Reserved. Article also appeared at bloomberg.com/view/articles/2017-07-10/how-trump-got-putin-wrong-on-cybersecurity

Comment