President Joe Biden and Russian President Vladimir Putin said at separate press conferences following their Wednesday meeting in Geneva that the two countries have agreed to start negotiations on a framework to prevent cyberattacks.
Putin, who was the first of the two leaders to talk to reporters, said of the overall tone of their meeting that, “there is no hostility, quite the contrary,” adding that “both sides showed a willingness to understand one another and to find ways to bring our positions closer together.”
It was a sentiment Biden shared in his remarks at a press conference following the meeting, saying that, while Russia and the United States did not see eye to eye on a number of matters, the two countries had agreed to work together to further the interests of stability.
Calling the talks “constructive,” Putin turned to the issue of cybersecurity, which was prompted by a reporter’s question about whether the Russian president had committed to “ceasing carrying out cyberattacks on the United States.”
“As for cybersecurity, we’ve reached an agreement, chiefly that we would start negotiations on that,” Putin said, adding that the issue of cybersecurity is “extremely important.”
He said the two countries “just need to abandon various insinuations, sit down at the expert level and start working in the interests of the U.S. and Russia.”
Biden, in his remarks, said that the two leaders discussed cybersecurity and that Biden proposed that “certain critical infrastructure should be off limits to attack,” adding that he gave Putin a list of 16 specific entities that should be considered as behind a red line.
“Responsible countries need to take action against criminals who conduct ransomware activities on their territory,” Biden said, adding that the two leaders had agreed to task experts in their respective countries to “work on specific understandings on what’s off limits and to follow up on specific cases” that originate in either the United States or Russia.
Putin, in his statement to reporters, pushed back against the idea that Russia was a cyberattack hotspot, claiming unspecified reports of a list purportedly showing that most of the world’s cyberattacks come from the “cyber realm” of the United States, and that “Russia’s not on the list.”
The United States and the European Union have attributed the most damaging cyberattacks on record to Russia’s GRU military intelligence agency, including the NotPetya virus that did more than $10 billion in economic damage in 2017, hitting companies including shipping giant Maersk, the pharmaceutical company Merck, and food company Mondolez.
Putin then said that Russia had received a total of ten requests from the United States regarding cyberattacks on America that were claimed to have originated from Russia’s “cyber realm,” including two this year. He was presumably referring to the recent ransomware attacks against the Colonial Pipeline and meat production giant JBS, which the White House has said likely came from criminal organizations based in Russia.
He said Russian authorities responded to the requests with dozens of “exhaustive responses,” while claiming that Moscow has yet to receive “a single response” in return.
In a bit of a broadside, Putin then suggested it is the United States, not Russia, that “has something to work on” in terms of cooperation on cybersecurity.
“And the question of who, to what degree, needs to take on responsibility, that should be resolved during the negotiation process,” Putin added.