National security advisor John Bolton met with Russian President Vladimir Putin Wednesday to work out the details of a summit between Putin and President Trump, now planned for July 16 in Helsinki. Bolton's meeting took place on a date that happened to be fraught with cyberwarfare significance.
Wednesday was the one year anniversary of NotPetya, a massively destructive cyberweapon the Trump administration attributed to Russia. The day before, Ukraine announced it saw the beginnings of a massive Russian cyberattack. But neither of those issues seemed to land in Wednesday's meeting.
Why it matters: Moscow's reliance on cyberwarfare — not just spying, but the destructive stuff — doesn't appear to be slowing. Experts wonder whether any Russia-U.S. summit can achieve much without grappling with that issue.
During the part of the meeting open to cameras, Bolton played down any strife between the U.S. and Russia. "U.S.-Russian relations are not in their best shape...I believe this is in large part the result of an intense domestic political battle inside the U.S," he said.
It's more than elections: Bolton is pinning the sour state of U.S.-Russia relations on the 2016 election and the controversies surrounding it. But even if you were to forget Russian involvement in the last election (and why would you do that?), Russia poses a broad spectrum of national and global security threats. In purely cybersecurity terms, the U.S. agenda can and should go farther.
- Russia's best known destructive attacks are in Ukraine. "But they are not only destructive in Ukraine," said John Hulquist, director of intelligence analysis at FireEye. He notes that the OlympicDestroyer malware sent to South Korea for the Olympics was likely Russian as well.
- The U.S. is at risk even when it isn't the one being attacked. NotPetya damaged systems worldwide, including in Russia, despite originating as an attack on Ukraine.
- "When Ukraine warns about cyber attacks, as they did on Tuesday, we should take notice, because NotPetya showed Russia is willing to inflict massive collateral damage in those attacks," said Andrea Limbago, chief social scientist at the cybersecurity firm Endgame.
NotPetya, remembered: There is a good chance we don't talk about NotPetya as much as we should. The firm Cybereason tallied damages NotPetya caused just for publicly traded companies and arrived at $1.2 billion. That number doesn't include individuals, private companies or governments. The actual scope of the damages is likely much higher.
For a sense of scale, the median hurricane does $1.8 billion total in damage.
- "Within the infosec community, we think of NotPetya as a game changer. But to the business community and government, it isn't viewed the same way," said Limbago.
Also a concern: crime. The Russian threat isn't just the Russian government. There's a thriving cybercrime ecosystem that rarely sees participants prosecuted or extradited. Moscow is "consistently harboring the most dangerous cybercriminals. It demands action until addressed," said John Carlin, former assistant attorney general for the Department of Justice’s (DOJ) National Security Division, and a current attorney at Morrison and Foerster.
The bottom line: "Russia has not slowed down since NotPetya," said Hulquist.
When Trump meets with Putin, U.S. safety will be better served by treating Russian cyberthreats as a serious danger than by dismissing them as a partisan issue.