As leaked details of ongoing network surveillance and espionage programs by the National Security Agency (NSA) continue to stir up international concern about how deep US intelligence is reaching into IT operations worldwide, Russia and the US have taken steps to cooperate on cybersecurity—or at least prevent an accidental cyberwar.

During talks at the G-8 Summit in Enniskillen, Northern Ireland, the US and Russia agreed to cooperate more fully on a number of security measures. In addition to agreeing to continue to work together in preventing nuclear proliferation, the two governments are taking steps to improve communications about the proliferation of information weaponry. "We recognize that threats to or in the use of ICT (information and computer technologies) include political, military, and criminal threats, as well as threats of a terrorist nature, and are some of the most serious national and international security challenges we face in the 21st century,” the governments said in a joint statement issued by Presidents Barack Obama and Vladimir Putin today.

Hotline to the Kremlin

In response to those threats, officials said that the US and Russian governments were taking steps "to increase transparency and reduce the possibility that a misunderstood cyber incident could create instability or a crisis in our bilateral relationship," a White House spokesperson wrote in a "fact sheet" on the agreements published today. Those steps include direct communications between the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) and the Russian equivalent organization.

"On a continuing basis, these two authorities will exchange technical information about malware or other malicious indicators appearing to originate from each other’s territory, to aid in proactive mitigation of threats," the White House statement said. "This kind of exchange helps expand the volume of technical cybersecurity information available to our countries, improving our ability to protect our critical networks."

This exchange of information includes a cyber equivalent to the Cold War era "hotline" between the White House and the Kremlin. There will be "a direct secure voice communications line between the US cybersecurity coordinator and the Russian deputy secretary of the security council, should there be a need to directly manage a crisis situation arising from an ICT security incident," the White House said.

Ironically, the agreement comes on the heels of revelations about the National Security Agency's wide-ranging surveillance of Internet traffic and as evidence of the NSA's own efforts to create cyberweapons based on "zero-day" vulnerabilities continues to mount.

The agreement covers civilian-to-civilian level communications on cyber-threats and doesn't connect the Russians with the NSA, which has an oversight role in US military cybersecurity, or the US Cyber Command, the Department of Defense (DOD) joint command in charge of the security of DOD networks. Both the NSA and US CYBERCOM are headed by General Keith Alexander.

Instead, the man on the phone will be Michael Daniel, US cybersecurity coordinator and a member of the White House's National Security staff. Before he took the job last year, Daniel spent the previous decade as chief of the Intelligence Branch of the Office of Management and Budget—overseeing Alexander's budget and other classified intelligence and defense program spending.

Do as I say…

The agreement between the US and Russia comes as the White House has continued to press for China to curtail cyberattacks alleged to come from units of its military against US companies and government agencies. As Foreign Policy's Matthew Aid reported last week, those pleas have been the cause of much protest from Chinese officials, largely because the NSA's Office of Tailored Access Operations (TAO) has been hacking Chinese networks for over 15 years.

Using systems installed by agents in foreign countries, including China, the TAO is able to bypass defensive perimeters such as national firewalls and other intrusion prevention systems to give the NSA a backdoor to monitor and exploit targeted systems. These systems can be used for things as innocuous as monitoring what parts of the Internet are visible through the Great Firewall or from within Iran, or they can be used to launch remote attacks on systems and steal data from within the networks of foreign governments.