Russia Will Try Leaving The Global Internet

Russia will test its internal RuNet network to see whether the country can function without the global Internet. The tests will begin after November 1st and will recur at least annually, and possibly more frequently. 

It’s the latest move in a series of technical and policy steps intended to allow the Russian government to cut its citizens off from the rest of the world. The exercises follow April’s passage of the Internet Law that will require all Internet traffic in Russia to pass through official checkpoints, allowing the government to shut down foreign access.

The reason for the experiment is to gather insight and provide feedback and modifications to a proposed law introduced in the Russian Parliament last year. 

A first draft of the law mandated that Russian internet providers should ensure the independence of the Russian internet space (Runet) in the case of foreign aggression to disconnect the country from the rest of the internet. In addition, Russian telecom firms would also have to install "technical means" to re-route all Russian Internet traffic to exchange points approved or managed by Roskomnazor, Russia's telecom watchdog. 

Background
In 2016, Russia launched the Closed Data Transfer Segment: basically, a big military Intranet for classified data, similar to the Pentagon’s Joint Worldwide Intelligence Communications System. The following year, Russia said that it intends to build its own domain name directory, which would allow it to re-route Internet traffic.  Last year, Putin’s top IT advisor Herman Klimenko and others suggested that the military intranet, properly expanded, might be able to carry the rest of the country’s Internet traffic. 

Klimenko cautioned that moving to the new system would be painful, and as recently as March, Gen. Paul Nakasone, director of US Cyber Command and the NSA, expressed doubt that Russia would succeed. Samuel Bendett, an adviser at the CNA Corporation and a fellow in Russia studies at the American Foreign Policy Council, said the announcement shows that the Russian government wants to address any strategic vulnerability which is reliance on Western IT. 

“The larger context is Russia’s dependence as a nation on imported/foreign hi-tech and the perceived vulnerabilities that Russia sees in such technology use..... With so many government, public, and private-sector nodes using such foreign tech, the Russian government is seeking to impose a measure of control over how Internet communication over this technology is conducted,” Bendett said. 

“In the event of what the government sees as outside influence affecting RuNet, the state can act, hence the annual exercise.”

RuNet isn’t expected to improve the online experience for Russian people or companies. It’s all about control, making the country more technologically independent, and reducing the Putin regime’s vulnerability to popular uprising.
“The Russian government, particularly since seeing the role social media played in the Arab Spring, has wanted over the last decade to exert tight control over the online information space within Russia’s borders,” said Justin Sherman, a cybersecurity policy fellow at New America.

As the Russian government has built infrastructure that can disconnect Russia from the global Internet, it has also worked to limit Russian citizens’ access to sites and services that allow citizens to mobilise and protest. Access to services such as LinkedIn, Zello, and Telegram is limited by a 2006 Russian law that requires foreign companies to open their software to Russian security services and to hand user data to law enforcement agencies. Sherman said the passage of the sovereign internet law is one more item in this trend.

“When Russia passed its domestic internet bill into law, it wasn’t clear how much the government would actually work to make it happen, but now it’s clear they do intend to modify systems so the internet within Russian borders can be cut off from the global net at will,” Sherman said. 

“They also line up with a series of international pushes by authoritarian governments to make ‘cyber sovereignty’ of this kind more palatable to the global community.”

Euronews:     Defense One:        ZDNet:      

You Might Also Read: 

Russia Will Build A Separate Internet Directory:

Great Wall: China Bans Foreign Online Publishing:

 


 

 

« A £370m Investment To Boost AI In Britain
2020 Will Be A Landmark Year For AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Alliance for Cyber Security (ACS)

Alliance for Cyber Security (ACS)

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.