China's Great Wall Into Russian Cybersecurity

Uploaded on 2016-12-09 in INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News

The Kremlin has joined forces with Chinese authorities to bring the internet and its users under greater state control

Russia has been working on incorporating elements of China’s Great Firewall into the “Red Web”, the country’s system of internet filtering and control, after unprecedented cyber collaboration between the countries.

A decision recently to block the networking site LinkedIn in Russia is the most visible in a series of measures to bring the Internet under greater state control. Legislation was announced this month that gives the Kremlin primacy over cyberspace, the exchange points, domain names and cross-border fibre-optic cables that make up the architecture of the Internet.

In the summer, a measure known as Yarovaya’s law was introduced, which requires Russia’s telecoms and Internet providers to store users’ data for six months and metadata for three years.

A group of Kremlin and security officials is driving the offensive against internet freedoms. The government fears the web could be used to mobilise protesters and disseminate dangerous ideas and information and it is looking for ways to switch off connections in times of crisis.

Earlier this year, the security council secretary, Nikolai Patrushev, who was head of the Russian Federal Security Service during Putin’s 2000-08 presidency, had two meetings with Chinese politburo members on information security; and in June, Putin went to Beijing to sign a joint communique about cyberspace (pictured).

What the Russians want most from China is technology. Russia has no means of handling the vast amounts of data required by Yarovaya’s law, and it cannot rely on western technologies because of sanctions.

However, the Chinese are willing to lend a hand. In August it was reported that Blat, the Russian telecoms equipment manufacturer, was in talks with Huawei, the Chinese telecoms company, to buy technologies for data storage and produce servers to implement Yarovaya’s law.

The Chinese officials also ensured senior Huawei staff were present at key information security conferences in Russia, and the company was the major sponsor of the Russian information security forum held in Beijing in October.

“Huawei is essentially an arm of the Chinese state, whoever nominally owns it,” said Gordon Chang, author of The Coming Collapse of China. “Its origins are murky, its growth far too fast for a private company in China, state officials support its efforts, and the absence of competition from state enterprises is another important tell.”

The Russians apparently see no other option than to invite Chinese heavyweights into the heart of its IT strategy. “China remains our only serious ‘ally’, including in the IT sector,” said a source in the Russian information technology industry, adding that despite hopes that Russian manufacturers would fill the void created by sanctions “we are in fact actively switching to Chinese”.

In Russia, the strategy for greater collaboration with China has been developed and promoted by top-level Kremlin officials, generals and businessmen. These include Patrushev, Shchyogolev and Konstantin Malofeev, the billionaire founder of Orthodox channel Tsargrad TV who is the subject of EU sanctions for his connections to separatists in Ukraine. The group is believed to be the driving force behind Yarovaya’s law.

On 7 November, China adopted a controversial cybersecurity law that revived international concerns about censorship in the country. In a sign that collaboration between the countries is mutually beneficial, the legislation echoes Russia’s rules on data localisation and requires “critical information infrastructure operators” to be stored domestically, the law LinkedIn fell foul of. It seems the exchange of ideas has already borne fruit.

Guardian:      ‘Great Cannon’ China’s Weapon Shoots Down Internet Sites:   

Three Pronged Attack: Chinese Military In Cyberwarfare Buildup:


 

« Critical Cybersecurity Protocols To Implement
Codebreakers: Cybersecurity School At Bletchley Park »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

SequelNet

SequelNet

SequelNet is an emerging MSP, providing 360° business IT solutions and consulting services.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.

Sandfly Security

Sandfly Security

Sandfly focuses on Linux security that is high performance, high stability, high compatibility, and low risk.