Russia Plans To Monitor Internet Access

The Russian government is one step away from essentially cutting its population off from the global Internet. 

The controversial “sovereign Internet law” passed recently by the legislature’s upper house needs only President Vladimir Putin’s signature to require online traffic to pass through servers run by the government’s Internet regulation agency by 2021, allowing the Kremlin to much better observe and control what Russian citizens are doing. 

Putin has long talked up the idea of a firewalled Russian Internet, claiming that his government needs a better defense against cyber-attacks from the West.

“But it’s more likely motivated by the Kremlin’s desire to control the flow of information online,” said Justin Sherman, Cybersecurity Policy Fellow at New America.

The move is not popular among Russians concerned about freedom of expression, notes Irina Borogan, deputy editor of Agentura.Ru, an independent Russian news site.

“There is a lot of protests against the law. Activists, some politicians and Internet users openly expressed their outrage,” Borogan said. “But main local telecoms supported the law because the Kremlin promised not to charge them for the black boxes.”

The new law is the latest and most far-reaching legal action to limit Russians’ ability to interact with the outside world. Earlier such moves curbed access to Western social media services such as Linkedin and messaging services such as Zello. In 2016, when Russia was exchanging encrypted messages with Julian Assange and Wikileaks in a bid to undermine the US election, Russian lawmakers authorised the government to read encrypted messages and save message content from Russian citizens for six months.

The new sovereign Internet law also requires internet service providers to use Russia’s internal domain name service. This will allow the government, for example, to redirect searches from independent news organisations to pro-government websites.

“Ultimately, this boils down to the fact that the Russian government, its military, and its security services regard the population’s unrestricted Internet, social media, and mobile access as a significant vulnerability in what they see as future Western efforts to launch information and cyber ops against the state in order to disorient, confuse and otherwise divide the population and the government,” said Samuel Bendett, research analyst with the Center for Naval Analyses’ International Affairs Group

“Therefore, monitoring user content and recording user information is seen as pivotal in such a defensive effort.”

“The Russian government saw what such free information access can do in other countries, and defensive information operations is now part of the defense strategy,” Bendett said. “Therefore, access to user data is seen as key in preventing what Moscow sees as Western efforts to ferment some kind of ‘color revolution’ in the country.”

The NGO Human Rights Watch issued the following statement: “These proposals are very broad, overly vague, and vest in the government unlimited and opaque discretion to define threats. They carry serious risks to the security and safety of commercial and private users and undermine the right to freedom of expression, access to information and media freedom.”

Last year, the Russian government was working on a related project: setting up an intranet for its own use, a project that Herman Klimenko, one of Putin’s top technical advisors, described as “painful.”

Borogan said the new firewall will be a drag on Russian businesses. “Experts say that the implementation of the law can slow down the Internet in Russia, which will have a negative effect on the economy.” As the rest of the world races to build networks with higher speeds and lower latency, Russia appears to be going in the opposite direction.

Still, the new firewall may encourage the government, the military, and its hired hackers to launch more, and more disruptive, cyber-attacks.

Said Sherman, “If Russia’s internet is isolated from the global one, it’s also possible that may remove or diminish some disincentives for the Russian government to wreak more havoc on the global network. 

“The state’s manipulation of the Border Gateway Protocol that routes global internet traffic, for instance, might be a more attractive cyber option should Russia know its own systems are insulated from the potential damage.”

DefenseOne

You Might Also Read: 

Russia Will Build A Separate Internet Directory:

China's Great Wall Into Russian Cybersecurity:

 

 

« GCHQ Chief Wants A Big Effort To Improve British Cybersecurity
Cyber Criminals Are Catching Up With Nation-state Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Data Eliminate

Data Eliminate

Data Eliminate provide data destruction, secure end-of-life IT asset disposal, and data protection consultancy services.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.