Trump wants to work with Russia on infosec. Security experts: lol no
Thanks for Putin that out there
Security experts have poured scorn on plans by US president Donald Trump to work more closely with Russia on cybersecurity.
After the summit in Helsinki on Monday, both Trump and Russian president Vladimir Putin deflected questions related to the US intelligence community's assessment that Russia attempted to interfer in the 2016 US presidential election. That campaign of meddling was said to include hacking and leaking emails of senior Democrats and Clinton officials alongside the promotion of "fake news" stories to divide America.
Sir, you've been using Kaspersky Lab antivirus. Please come with us, sirREAD MORE
After two hours of face-to-face talks with Trump, Putin reiterated that Russia never interfered in US affairs. In spite of US intelligence assessments to the contrary, Trump accepted the denial of the former KGB officer, adding there had been no reason for Russia to meddle in the vote.
Trump said Putin had been "extremely strong and powerful in his denial" of any election interference.
"President Putin says it's not Russia. I don't see any reason why it should be," Trump said during a press conference after the summit, which followed days after 12 Russian military intelligence agents were indicted over accusations of hacking the presidential campaign of Hillary Clinton.
President Putin offered to allow US investigators to visit Russia to question the Kremlin's officers in exchange for access to individuals in the US that Russia suspects of criminal activity.
Sean Sullivan, a security advisor at F-Secure, said Russia had abused such co-operation in the past so there's little prospect of it being reinstated now.
FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'READ MORE
"Putin is bringing up a 1999 treaty on an agreement on criminal cases," Sullivan told El Reg, "suggesting that a working arrangement already exists and that the US is able to submit its concerns to Russia. But that sort of stuff halted years ago after the FBI found that the Russians were recruiting rather than arresting/investigating the criminal leads forwarded to the FSB."
Trump went on to talk about a joint US/Russia working group on cybersecurity. Recorded Future's Priscilla Moriuchi, who led the National Security Agency's East Asia and Pacific cyber threats office prior to joining the threat intel firm, described the scheme as a threat in itself.
"Without a doubt there are many issues within the cyber context that the US and Russia could work together on to improve," she said. "These include cyber operations in wartime, attacks on critical infrastructure, and cyber-enabled intellectual property theft among others.
"However, operating a joint working group on cybersecurity in order to examine the digital and forensic evidence of Russian interference in the 2016 US election would be both counterproductive and dangerous. Enabling Russia to gain an even greater understanding of US cyber defences and analytic capabilities would put American citizens and businesses at even greater risk of attack."
Moriuchi concluded: "Putin does not seek transparency in cyber operations with the United States, he seeks an advantage in what he views as a zero-sum power struggle with the West. A joint cyber operations working group would grant him that advantage."
For one thing, allowing Russia to get close to America intelligence may reveal Uncle Sam's sources and methods to a foreign power. F-Secure's Sullivan agreed that a joint cyber working group with Russia would be like "letting the fox into the hen house."
Sullivan, a graduate of political science who attended the Helsinki summit, added: "In an ideal world, Trump and Putin would discuss the possibility of working together to fight cybercrime and hackers. There was at one time a history of co-operation between the two countries in this respect. However, the current political climate means the chances of this happening are slim." ®
PS: Yes, the FBI did take the hacked Democrats' email server to probe, contrary to bonkers conspiracy theories.
Sponsored: Becoming a Pragmatic Security Leader