At 7.50 a.m. Sunday, President Trump sent out a particularly odd tweet.
Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded..
— Donald J. Trump (@realDonaldTrump) July 9, 2017
It’s odd, in that establishing a joint Russia-U.S. “cyber security unit” would be like Hezbollah and Israel forming a joint “counterterrorism unit.”
Or cobras and mongooses forming a “reconciliation unit.”
Or bank managers and robbers forming an “efficiency unit.”
Put simply, this proposal isn’t just delusional, from an American point of view, it is utterly sadomasochistic. It would do nothing but harm U.S. national security. And while the president seemed to back away from his earlier tweet in another posting later on Sunday, we shouldn’t take that equivocation for granted.
Because this is a seriously dangerous idea.
For a start, it would enable Russian intelligence services, most specifically the GRU, to access U.S. cybersecurity capabilities, and protocols. At risk of overdoing the anecdotes, it would be, as former NSA-officer John Schindler put it to the Washington Examiner, “putting the fox in charge of the hen-house (while pilfering of chickens continues unabated).”
At whatever level, the fusion of U.S. and Russian cyber capabilities would mean sharing of U.S. methods of cyber defense. Even if the U.S. were to put in safeguards to prevent such sharing, you can bet that the vast majority of Russian officers assigned to the unit would have one primary assignment: to steal that proprietary information.
And Russia would certainly be creative in this effort. It might, for example, use cut-outs (deniable Russian assets) to launch cyberattacks on U.S. interests. The intent of these attacks would not be to steal U.S. intelligence or damage U.S. systems, but rather to see how U.S. personnel on the cyberunit respond to the attack. For Russia, the unit would thus offer a testing ground to assess U.S. tactics, techniques, and procedures. In turn, that knowledge would help Russia to prepare more effective attacks in the future.
But offering up a cyber classroom for Russian spies, Trump’s unit would also foster foreign perceptions of the president’s ignorance. It would fundamentally dilute Trump’s credibility in the eyes of American enemies, allies, and inbetweeners (those considering whether to forge closer relations with the U.S. or China/Russia). Other nations would look at this unit and ask “how stupid can the Americans be?”
Yet the damage to U.S. interests wouldn’t just be philosophical. Close allies such as Britain and Israel would likely reduce their intelligence cooperation with the U.S. on the cybersecurity front.
And considering that particular concern, this unit couldn’t come at a worse time. Thanks to his disclosure to Russia of an Israel cyber hack of the Islamic State, and in the context of broader suspicions about his relationship with Russia, allied foreign intelligence services doubt Trump’s ability to manage intelligence operations. But were this cyber unit to be formed, those doubts would become serious concerns. In that scenario, America’s closest spying partner, Britain’s NSA-equivalent, GCHQ, would limit cooperation with the U.S. on the most sensitive programs and issues.
This isn’t to say that cooperation with Russia is impossible.
Joint U.S.-Russian efforts to secure Russian nuclear weapons from terrorists and to some degree, the Iran nuclear deal, both illustrate that cooperation is possible.
Nor is it to say that Democrats have any particular credibility on these same issues. Note, for example, former President Barack Obama’s 2015 commitment with Chinese President Xi Jinping to end intellectual property-related cyber espionage (as its standard strategy, China immediately ignored the agreement).
Nevertheless, the idea of a U.S-Russia cybersecurity unit is bad in conception and would be terrible in application.
It should remain imprisoned on Twitter.
