Analysis: The war in cyber space goes on, but there is a surprising level of cooperation between rivals.
It might be a surprise to learn that the US and UK are collaborating on cyber security matters with countries such as Russia or China.
After all, in the case of the former, geopolitical tensions over Syria and Ukraine periodically flair up and the US has repeatedly accused China of orchestrating cyber attacks.
When large portions of each country’s resources are probably dedicated to defending against cyber attacks from the other, it would seem counter-productive to try and collaborate.
It makes more sense for close allies such as the EU and US to collaborate, for example. In March, students from the University of Cambridge and the Massachussetts Institute of Technology (MIT) took part in a 48-hour transatlantic hackathon in the latest collaboration between the US and UK in cybersecurity.
However, in April, Russia and the US held talks in Geneva to discuss cyber security. The meetings included White House, State Department and FBI officials from the USA and corresponding officials from Russia.
In late 2015, the US and China reached an agreement on how to cooperate in the space. A meeting of Attorney General Lynch and Secretary Johnson from the US with State Councillor Guo of China established guidelines for requesting assistance on cyber crime and responding to requests.
They also agreed on a tabletop exercise with the two countries, establishing a hotline mechanism for escalating issues to do with cyber crime and agreed to enhance cooperation on fighting ‘cyber-enabled’ crime, including things like theft of trade secrets, fraud and misuse of technology and communications for terrorist activities, and to enhance exchanges on network protection.
What explains this discrepancy between apparent political hostility and cyber cordiality? Eugene Kaspersky, founder of the eponymous company, gave an explanation at a recent Kaspersky event at the Science Museum.
"As a Russian citizen, I can answer this. What is going on at the political level sometimes does not reflect on the technical level.
"For example, cyber police from Russia, from the US, from Europol, they cooperate and don’t have political problems. When they face the same enemy, they work together, and the political issues stay behind the door."
These common enemies could mean international organisations engaging in cyber crime, or common geopolitical enemies such as ISIS.
It could also mean the many criminals that use the cyber realm to commit conventional crimes.
For example, in June 2015, police in six European countries worked together to dismantle a cyber fraud gang in a joint operation.
49 people were arrested in the UK, Italy, Spain, Poland, Belgium and Georgia for financial fraud involving email intrusions.
John Watters, CEO of iSIGHT Partners has a similar perspective: "The information sharing in cyber will parallel what it does in the kinetic space. You’ve got tight alignment between say GCHQ and the NSA, the Australians, the Canadians and Kiwis. Then you get less sharing as you move away from that inner core."
In this sense, Watters explains, the cyber discipline is not meaningfully different from other disciplines in terms of sharing philosophies.
He says that the national cyber security agencies have highly advanced compartmentalisation capabilities, so that sharing information about one area of cyber security will not reveal too much about a country’s techniques in another area.
However, Watters thinks that cyber security agencies tend to "over-classify" information, which does not work in such a fast-moving world.
"Cyber moves so quickly, so yesterday’s tool is not valuable tomorrow. By the time they declassify and share something it is yesterday’s news."
While cyber security companies, many of which operate institutionally like Kaspersky, obviously have a significant role in global intelligence-sharing, national governments have a very specific type of cyber security knowledge.
Watters says that the government’s coverage is historically "very narrow and very deep."
This will mean targeting a few threat concerns – for example, Watters says, the US might focus on North Korea and Iran – and using large resources to get very deep knowledge of them.
"They have resources that the commercial sector will never have, like satellite imagery, and will have authorities that the commercial sector will have to execute their mission."
However, Watters says that in terms of broad coverage, national governments cannot compete with the commercial sector. This means that however much national governments collaborate on shared cyber crime concerns, they will not be able to get a complete picture.
In essence, as Kaspersky says, cyber security collaboration will continue to mirror collaboration within ordinary geopolitics.