Russia Plans To Monitor Internet Access

The Russian government is one step away from essentially cutting its population off from the global Internet. 

The controversial “sovereign Internet law” passed recently by the legislature’s upper house needs only President Vladimir Putin’s signature to require online traffic to pass through servers run by the government’s Internet regulation agency by 2021, allowing the Kremlin to much better observe and control what Russian citizens are doing. 

Putin has long talked up the idea of a firewalled Russian Internet, claiming that his government needs a better defense against cyber-attacks from the West.

“But it’s more likely motivated by the Kremlin’s desire to control the flow of information online,” said Justin Sherman, Cybersecurity Policy Fellow at New America.

The move is not popular among Russians concerned about freedom of expression, notes Irina Borogan, deputy editor of Agentura.Ru, an independent Russian news site.

“There is a lot of protests against the law. Activists, some politicians and Internet users openly expressed their outrage,” Borogan said. “But main local telecoms supported the law because the Kremlin promised not to charge them for the black boxes.”

The new law is the latest and most far-reaching legal action to limit Russians’ ability to interact with the outside world. Earlier such moves curbed access to Western social media services such as Linkedin and messaging services such as Zello. In 2016, when Russia was exchanging encrypted messages with Julian Assange and Wikileaks in a bid to undermine the US election, Russian lawmakers authorised the government to read encrypted messages and save message content from Russian citizens for six months.

The new sovereign Internet law also requires internet service providers to use Russia’s internal domain name service. This will allow the government, for example, to redirect searches from independent news organisations to pro-government websites.

“Ultimately, this boils down to the fact that the Russian government, its military, and its security services regard the population’s unrestricted Internet, social media, and mobile access as a significant vulnerability in what they see as future Western efforts to launch information and cyber ops against the state in order to disorient, confuse and otherwise divide the population and the government,” said Samuel Bendett, research analyst with the Center for Naval Analyses’ International Affairs Group

“Therefore, monitoring user content and recording user information is seen as pivotal in such a defensive effort.”

“The Russian government saw what such free information access can do in other countries, and defensive information operations is now part of the defense strategy,” Bendett said. “Therefore, access to user data is seen as key in preventing what Moscow sees as Western efforts to ferment some kind of ‘color revolution’ in the country.”

The NGO Human Rights Watch issued the following statement: “These proposals are very broad, overly vague, and vest in the government unlimited and opaque discretion to define threats. They carry serious risks to the security and safety of commercial and private users and undermine the right to freedom of expression, access to information and media freedom.”

Last year, the Russian government was working on a related project: setting up an intranet for its own use, a project that Herman Klimenko, one of Putin’s top technical advisors, described as “painful.”

Borogan said the new firewall will be a drag on Russian businesses. “Experts say that the implementation of the law can slow down the Internet in Russia, which will have a negative effect on the economy.” As the rest of the world races to build networks with higher speeds and lower latency, Russia appears to be going in the opposite direction.

Still, the new firewall may encourage the government, the military, and its hired hackers to launch more, and more disruptive, cyber-attacks.

Said Sherman, “If Russia’s internet is isolated from the global one, it’s also possible that may remove or diminish some disincentives for the Russian government to wreak more havoc on the global network. 

“The state’s manipulation of the Border Gateway Protocol that routes global internet traffic, for instance, might be a more attractive cyber option should Russia know its own systems are insulated from the potential damage.”

DefenseOne

You Might Also Read: 

Russia Will Build A Separate Internet Directory:

China's Great Wall Into Russian Cybersecurity:

 

 

« GCHQ Chief Wants A Big Effort To Improve British Cybersecurity
Cyber Criminals Are Catching Up With Nation-state Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

PortSwigger

PortSwigger

PortSwigger's Burp Suite is an integrated platform for performing security testing of web applications.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.