Following the G-20 summit in Hangzhou, China, President Obama said in a press conference Monday that he and Russian President Putin talked about cybersecurity issues at the conference, acknowledging past intrusions from them, but noted the U.S. has the greatest capacity of any country.
Initially asked about allegations that Russia is meddling in the U.S. presidential election Obama said he would not comment on specific investigations, “But I will tell you that we’ve had problems with cyber intrusions from Russia in the past, from other countries in the past. And, look, we’re moving into a new era here where a number of countries have significant capacities.”
However, the president said “and, frankly, we got more capacity than anybody both offensively and defensively,” but the U.S. goal is to start instituting norms so that countries act responsibly. He said the goal of these discussions on cyber norms is to avoid duplicating a cycle of escalation, like with other previous arms races.
Obama noted that countries are going to have enough problems with non-state actors stealing and using the internet for various illicit practices while countries try to protect critical infrastructure and financial systems.
“What we cannot do is have a situation in which suddenly this becomes the Wild, Wild West, where countries that have significant cyber capacity start engaging in competition — unhealthy competition or conflict through these means when, I think, wisely we’ve put in place some norms when it comes to using other weapons.”
Obama said this was a topic of conversation with Putin as well as other countries more generally. He highlighted that the U.S. has started to get other countries to adopt norms on cyber rules of behavior. Indeed, the U.S. has reached agreements with Singapore (Defense Daily, Aug. 4), India (Defense Daily, June 9), Germany (Defense Daily, March 24), Australia (Defense Daily, Jan. 21), South Korea (Defense Daily, Oct. 20, 2015), China (Defense Daily, Sept. 25, 2015) and India (Defense Daily, Aug. 17, 2015) over the past year broadly agreeing that countries should not conduct or support cyber attacks damaging critical infrastructure or cyber-enabled theft of intellectual property and also should cooperative with requests of assistance with other states to investigate cybercrimes.
“We’ve started to get some willingness on the part of a lot of countries around the world, including through our G-20 process, to adopt these norms, but we’ve got to make sure that we’re observing them,” Obama said.
Obama’s discussion of cyber norms of behavior at the G-20 summit is a continuation of a focus at the previous G-20 summit in Antalya, Turkey last year (Defense Daily, Nov. 15, 2015).