China's Great Wall Into Russian Cybersecurity

The Kremlin has joined forces with Chinese authorities to bring the internet and its users under greater state control

Russia has been working on incorporating elements of China’s Great Firewall into the “Red Web”, the country’s system of internet filtering and control, after unprecedented cyber collaboration between the countries.

A decision recently to block the networking site LinkedIn in Russia is the most visible in a series of measures to bring the Internet under greater state control. Legislation was announced this month that gives the Kremlin primacy over cyberspace, the exchange points, domain names and cross-border fibre-optic cables that make up the architecture of the Internet.

In the summer, a measure known as Yarovaya’s law was introduced, which requires Russia’s telecoms and Internet providers to store users’ data for six months and metadata for three years.

A group of Kremlin and security officials is driving the offensive against internet freedoms. The government fears the web could be used to mobilise protesters and disseminate dangerous ideas and information and it is looking for ways to switch off connections in times of crisis.

Earlier this year, the security council secretary, Nikolai Patrushev, who was head of the Russian Federal Security Service during Putin’s 2000-08 presidency, had two meetings with Chinese politburo members on information security; and in June, Putin went to Beijing to sign a joint communique about cyberspace (pictured).

What the Russians want most from China is technology. Russia has no means of handling the vast amounts of data required by Yarovaya’s law, and it cannot rely on western technologies because of sanctions.

However, the Chinese are willing to lend a hand. In August it was reported that Blat, the Russian telecoms equipment manufacturer, was in talks with Huawei, the Chinese telecoms company, to buy technologies for data storage and produce servers to implement Yarovaya’s law.

The Chinese officials also ensured senior Huawei staff were present at key information security conferences in Russia, and the company was the major sponsor of the Russian information security forum held in Beijing in October.

“Huawei is essentially an arm of the Chinese state, whoever nominally owns it,” said Gordon Chang, author of The Coming Collapse of China. “Its origins are murky, its growth far too fast for a private company in China, state officials support its efforts, and the absence of competition from state enterprises is another important tell.”

The Russians apparently see no other option than to invite Chinese heavyweights into the heart of its IT strategy. “China remains our only serious ‘ally’, including in the IT sector,” said a source in the Russian information technology industry, adding that despite hopes that Russian manufacturers would fill the void created by sanctions “we are in fact actively switching to Chinese”.

In Russia, the strategy for greater collaboration with China has been developed and promoted by top-level Kremlin officials, generals and businessmen. These include Patrushev, Shchyogolev and Konstantin Malofeev, the billionaire founder of Orthodox channel Tsargrad TV who is the subject of EU sanctions for his connections to separatists in Ukraine. The group is believed to be the driving force behind Yarovaya’s law.

On 7 November, China adopted a controversial cybersecurity law that revived international concerns about censorship in the country. In a sign that collaboration between the countries is mutually beneficial, the legislation echoes Russia’s rules on data localisation and requires “critical information infrastructure operators” to be stored domestically, the law LinkedIn fell foul of. It seems the exchange of ideas has already borne fruit.

Guardian:      ‘Great Cannon’ China’s Weapon Shoots Down Internet Sites:   

Three Pronged Attack: Chinese Military In Cyberwarfare Buildup:


 

« Critical Cybersecurity Protocols To Implement
Codebreakers: Cybersecurity School At Bletchley Park »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.

Rapifuzz

Rapifuzz

At Rapifuzz, our goal is to help organizations test and secure their APIs enabling trust, innovation and Seamless Secured Digital Experiences.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

SecAI

SecAI

SecAI is an innovative threat intelligence-driven, and AI-powered vendor aiming at cyber threat detection and response.