In the backdrop of seemingly flailing bilateral ties, India and Russia signed a far-reaching cyber security agreement on the sidelines of the BRICS summit in Goa that began today. At the insistence of Moscow, the text of the agreement is unlikely to be made public. Officials familiar with the agreement suggest it is “open-ended”, paving the way for cooperation not just in tackling cyber crime, but also in matters of defence and national security. In addition to establishing a high-level dialogue on cyber issues, the agreement also allows governmental agencies to start working together on counter-terrorism.

Negotiations around the India-Russia cyber agreement began early this year, but its timing is extraordinary. Moscow is ascendant on the world stage, with its display of military power in the Crimea and Syria pitting it against the United States and its allies in contests for zones of influence. Bilateral relations have plummeted after the US formally accused Russia of attempting to hack the Democratic National Committee’s communications, in addition to manipulating online electoral rolls. In August, the “crown jewels” of the US National Security Agency — its tool-kit of penetrative and exploitative cyber weapons — were leaked by a group identifying itself as “Shadow Brokers”, which some have asserted is based in Russia. Reports have since emerged that the US is considering a proportionate, retaliatory response, which is likely to have lasting consequences for the stability of cyberspace. Analysts were initially reluctant to compare cyber arms control negotiations with antecedents from the nuclear weapons regime or other Weapons of Mass Destruction (WMDs). At this stage, however, it looks like history is set to repeat itself: following a brief, but highly disruptive phase of confrontation or posturing between both, Russia and the United States will likely come to the table to negotiate “rules of the road” for the use or threat of use of cyber weapons. These conversations may trigger formal negotiations on arms control, culminating in a treaty, or at the very least, the creation of an entity akin to the UN Committee on the Peaceful Uses of Outer Space (COPUOS).

The UN Group of Governmental Experts tasked with identifying cyber norms — itself originally a Russian initiative — has done commendable work in fleshing out a code of conduct for states, and in particular, highlighting their responsibility to prevent non-state actors from using their territory or digital infrastructure. The GGE reports, nevertheless, are not legally binding on UN member countries. It is also likely the term of this group will come to an end after the current round of meetings involving 25 countries (India included) finish in the summer of 2017. The GGE is a useful initiative, but its work would come to naught if its reports are not followed up by any meaningful effort to codify them as international law.

Thanks to its pro-active diplomacy, India is unlikely to be blindsided by a bilateral conversation between Russia and the United States on cyber arms control. Its agreement with Russia leaves New Delhi as the only major power to have concluded formal negotiations with both Moscow and Washington D.C. (diplomats assert the US-India deal is a “framework”, while the one with Russia an “agreement”). This opens up a unique opportunity for India, not only to prevent the rise of exclusionary non-proliferation regimes, but also emerge as a crucial interlocutor and indeed, the convenor of important conversations on the stability of digital spaces.

The cyber agreement also appears to be an indicator of the desire on both sides to take bilateral relations forward. The initial push to sign a “memorandum of understanding” on “information security” came from Moscow, but India moved slowly, especially as Russia had been aggressively pushing for greater inter-governmental involvement in internet governance issues at the 2015 BRICS summit in Ufa and the Shanghai Cooperation Organisation (which, technically, India is yet to join). The signing of the US-India cyber framework agreement, however, opened up room for negotiation, because the baseline norms in that document clearly indicated India’s appetite for multi-stakeholder engagement, while ensuring greater government role in matters of security. (As a result, the agreement with Russia has been ‘security-heavy’, although it purportedly removes references to “information” security, because India interprets the term in a strictly technical sense, without any political or economic connotation.)

Formal negotiations on the agreement were concluded by mid-September, with a view to sign it during President Vladimir Putin’s visit to Goa for the BRICS summit. While there were delays in clearing the document, it is telling that the Prime Minister’s Office, led by the National Security Council Secretariat, made it clear this week to all concerned ministries this document had to be signed in Goa. Whether the India-Russia agreement will translate immediately into military-to-military cooperation on cyber defense is not certain, but it sets the ball rolling for sustained engagement and information sharing on both sides. For India, it is a chance to resuscitate what has been perceived as a weakening of strategic cooperation with one of the world’s most advanced cyber powers. For Russia, the deal is a coup: faced with strident criticism in Europe for its military actions, and adversarial signals from the United States, its agreement with New Delhi undermines any collective effort to isolate Moscow. Capitals in the West will be watching this development closely, especially the trajectory of India-Russia cooperation in the articulation of cyber norms.