The new Russia Direct report titled “Digital Sovereignty: The Kremlin's Tangled Web of Internet Security”
examines to what extent state regulation of the Internet is taking
place in Russia. It also analyzes where Russian information security
policy fits into the wider context of global cybersecurity.
As the report points out, the evolution of Russian
information security policy has important implications for geopolitics
and the cyber dimension of global military conflicts. The unresolved
crisis in Russia’s relations with the West over Ukraine and now Syria
has put the leadership in the Kremlin in an interesting position that
could have important implications for the country’s information security
policy.
As long as Russian policymakers caution
about a new Cold War with the West and encourage the Russian public’s
suspicion toward the Internet as a potentially dangerous source of
anti-social, extremist and morally corrupt information for fostering
social protests (similar to the ones that took place in 2011-2012),
there is a risk that the government will tighten its control over the
Internet in the name of information security.
The
Bloggers Law and the Blacklist Law, among other initiatives put in
place in recent years, signify the growing state involvement in the
Internet. Moreover, just this week, Russian media reported that a new
law was in the making that could allow the authorities to regulate
Internet traffic in the country. This information, however, was denied by the Russian Minister of Communications and Mass Media Nikolay Nikiforov on March 1.
Previously, the Russian President’s press secretary Dmitry Peskov also stated
that the government does not aim to control the nation’s Internet
traffic. He pointed out, though, that cyberspace might potentially be
the source of threats for national security and thus Russia should have
the capability to face such risks and compensate for the possible
unfriendly steps aiming to bring down the whole segment of the Russian
Internet.
The authors of the report are Stanislav Budnitsky, Ph.D. candidate at Carleton University in Ottawa (Canada), and Alexandra Kulikova,
global stakeholder engagement management for Eastern Europe and Central
Asia at the Internet Corporation for Assigned Names and Numbers
(ICANN).
The analysis opens with a detailed explanation by Budnitsky
of how Moscow’s attitude toward cyberspace has changed over the past
decade. He defines the Kremlin’s strategy as “digital sovereignty” and
argues that the pivotal point that determined the shift of Russia’s
information security philosophy from being reasonably protectionist
toward a more reactionary may be found in 2012 when opposition rallies
and restrictive laws changed the face of the Russian Internet.
Assessing the reasons behind Russian public’s approval of
state’s initiatives to restrict the discourse on the Web and analyzing
the implications of such policies for the future, the expert states the
importance of wider geopolitical developments.
Domestic
and international politics, even if not directly related to the
Internet, will increasingly influence Russia’s cybersecurity philosophy
“Domestic
and international politics, even if not directly related to the
Internet, will increasingly influence Russia’s cybersecurity philosophy,” he says.
This argument is proved to an extent by the further
analysis of the cyber dimension of conflicts between different
international actors. Building on the recent reports of cyberattacks
involving Ukraine, Russia and Turkey, Alexandra Kulikova draws parallels
between military conflicts and the growing role of cyber capabilities
in current and future wars.
“Military cybercapacity is becoming a trump card many
nations would like to obtain for any possible future conflict and this
spiral of weaponization can hardly be stopped at the moment,” she says.
The threats of external attacks on a national segment of the Web are
something that the government in Russia seems anxious to avoid.
What is dangerous, however, is that the growing cyber
deterrence game poses serious challenges for critical infrastructure at
the national level and in order to minimize these risks and the amount
of potential incidents in cyberspace, actors should come up with
principles of conduct and establish viable platforms for dialogue,
states Kulikova.