Often called a “safe haven” for cybercriminals, Russia was not invited to the recent Counter-Ransomware Initiative organised by the Biden administration. The Sciences Po Cybersecurity Association deems it important to offer a different perspective, one from the concerned country: Russia. We had the pleasure of exploring the answers to these questions with Oleg Shakirov during our online webinar.
Oleg Shakirov is Senior Expert at the Center for Advanced Governance (Moscow). He is also Consultant at PIR Center (Moscow) where he focuses on international security issues including arms control, cybersecurity, and Russia-U.S. relations and member of the Younger Generation Leaders Network on Euro-Atlantic Security. He holds a master’s degree from the Johns Hopkins University School of Advanced International Studies (2015) and a specialist degree from the South Ural State University (2010). Mr Shakirov delivered a unique insight into Russia’s strategy in cyberspace.
Mr. Shakirov started by exploring some of key differences in terminology between Russia and the West. In Russia the term cybersecurity is not used but is replaced by Information Security, which is defined broadly as “the state of protection of the individual, society and the State against internal and external information threats, allowing to ensure the constitutional human and civil rights and freedoms, the decent quality and standard of living for citizens, the sovereignty, the territorial integrity and sustainable socio-economic development of the Russian Federation, as well as defence and security of the State.”
One of the most significant domestic developments that has changed the information security landscape and approach in Russia, is the complete and strategic switch to domestically produced software and hardware for critical information infrastructure by 2023. While this shift has been long in the making, the issue remains contentious in Russia as it also creates new vulnerabilities for Russian companies. However, the motivation for this shift emerged in the early 2010s, the post-Snowden era, where Russian authorities have become distrusting of foreign made equipment in which any kind of backdoors and secret vulnerabilities could have been embedded. While very costly, this replacement allows authorities created control over the digital information environment and supposedly also greater security to critical infrastructures in times of potential crisis.
The move comes as part of a wider campaign to gain greater control and independence of the Russian digital infrastructure to counter potential threats emanating from inside and outside of Russia. The sovereign RuNet remains part of the global internet but increases control of Russian websites and users. The 2018 Law on Sovereign Internet increased control over traffic routed through Russia but also created a copy of the Russian DNS so that the country would remain unaffected in case of an attack or breakdown of the global DNS. Due to these attempts at state control, Russia has global tensions with digital companies such as Twitter.
The government is also channeling increasing resources into fighting cybercrime, specifically phishing websites and data theft which are the most common in Russia. Previously the government used private companies to fight these types of cybercrime but is increasingly building its own platforms for this. On other issues such as prevention of cyber bullying and the protection of children in the digital sphere, the government has allied with major tech companies to share best practices and raise awareness.
When it comes to pushing for legal definitions and the development of international norms about information security, Russia has been a pioneer. Proud of this history, Russian diplomats have been pushing for protection of sovereignty in the digital sphere and has taken part in the internal efforts and working groups such as the GGE (Group of Governmental Experts) and OEWGs (Open-Ended Working Groups) of the UN. In this issue, Russia is particularly strong in a diplomatic capacity, having signed many bilateral and regional cooperation agreements on information security with countries all over the world.