President Biden and Russian President Vladimir Putin on Wednesday said they agreed to work together to outline what cybersecurity concerns, such as ransomware attacks on critical infrastructure, would be considered red lines for the two countries.
“We spent a great deal of time on cyber and cybersecurity. I talked about the proposition that certain critical infrastructure should be off limits to attack, period, by cyber or any other means,” Biden told reporters in Geneva following his first in-person meeting with Putin since taking office.
Biden noted that he had given Putin a list of 16 “specific entities,” such as the energy sector and water systems, that the U.S. views as critical infrastructure.
“Principle is one thing. It has to be backed up by practice. Responsible countries need to take action against criminals who conduct ransomware activities on their territory,” Biden said. “So we agreed to task experts of both our countries to work on specific understandings about what’s off limits and follow up on specific cases that originate in other countries, in either of our countries.”
Putin also discussed the understanding the two nations had come to on cybersecurity concerns, telling reporters during an earlier press conference that Russia would “begin consultations in this respect.”
“We agreed that we would start consultations, and we believe that the cybersecurity area is extremely important in the world at large, for the United States in particular as well as for the Russian Federation to the same extent,” Putin told reporters through a translator.
As part of the two nations’ work together, groups will be formed to investigate various cyber concerns, including whether the U.S. and Russia will take action against cyber criminals who attack the other nation while harbored within their respective borders.
“I think we have real opportunities to move, and I think that one of the things that I noticed when we had the larger meeting is that people who are very, very well informed started thinking that this could be a real problem,” Biden said. “It’s in everyone’s interests, but we’ll see, though, what happens from these groups we put together.”
Cybersecurity was expected to be a key topic of conversation between the leaders, with the summit coming on the heels of escalating attacks assessed by U.S. officials to have either originated in Russia or been backed by the Russian government.
These include the SolarWinds hack, which compromised nine federal agencies and which U.S. intelligence agencies assessed earlier this year was carried out by Russian government-backed hackers, along with ransomware attacks on Colonial Pipeline and JBS USA that the FBI tied to Russia-based cyber criminals.
Putin, in turn, used his press conference Wednesday to levy accusations about unspecified cyberattacks that originated in the U.S. and claimed U.S. officials hadn’t cooperated with Russian investigations.
Biden levied sweeping sanctions on Russia in April in retaliation for the SolarWinds hack and stressed to reporters Wednesday that he had made clear that more actions could be taken if Russia continued to attack the U.S. in cyberspace.
“I pointed out to him, we have significant cyber capability, and he knows it. He doesn’t know exactly what it is, but it’s significant,” Biden said. “If they violate these basic norms, we will respond.”