Russia Playing Catch-Up in Cyber Security

Publication: Eurasia Daily Monitor Volume: 13 Issue: 172

(Source: Modern Diplomacy)

On October 19, the Russian Ministry of Defense finalized the creation of a special communications system (“closed segment data transfer”) that can function autonomously from the global Internet (Izvestia.ru, October 19). Reportedly, this so-called “Military Internet” allows for exchanging secret electronic data (even marked “Top Secret”) without using the civilian computer networks (Russkoe Oruzhye, October 19). All preparatory work for this system have already been completed and the system is being put into operation across all military units (Voenno-Promyshlennyi Kurier, October 19). Igor Shchyogolev, a former Russian minister of telecommunications who currently serves as an advisor to President Vladimir Putin, declared that Russia’s main goal is to achieve self-sufficiency in the domain of cyber security. Furthermore, he noted, Russia is seeking to “[overcome] American control of the ‘civilian’ Internet in Russia.” The first step in this direction has now apparently been accomplished (Tsargrad, October 19).

Incidentally, concrete actions toward this objective were conducted as early as 2013, when Russian Defense Minister Sergei Shoigu announced the creation of special “scientific units” assembled from among the most talented Russian IT specialists (Newsru.com, May 12, 2014). Furthermore, the “Edward Snowden affair” itself had a profound impact on the Kremlin. In 2014, the defense ministry launched so-called “cyber troops,” tasked with the protection of Russian military cyber systems and maintaining control over secret information. Consisting of mathematicians, IT and communication specialists, engineers, as well as cryptographers, the work of these groups is said to be coordinated by the Ministry of Defense and headed by an individual with the rank of general (Vesti.ru, May 12, 2014).

Vladimir Putin has also been increasingly referencing cyber security as a vital issue for the Russian Federation and its growing global ambitions. These concerns are reflected in the Russian Military Doctrine (2014) and are also stressed in the Russian Federation’s National Security Strategy (NSS—2015). Namely, the 2015 NSS directly links the development of information technologies with such categories as “attainment of geopolitical goals,” “the manipulation of public consciousness” and “the falsification of history.” Moreover, the document identifies “the employment of information and communication technologies in the proliferation of Fascist ideology [sic], extremism, terrorism and separatism” as among the main threats to the Russian state (Rossiyskaya Gazeta, December 31, 2015).

The fact that cyber security has become a vital priority for the Kremlin is further reflected in the draft of the new Russian Information Security Doctrine (Scrf.gov.ru, accessed October 25). The document, which aims to replace the earlier Information Security Doctrine adopted in 2000, is supposed to be signed by Putin at the end of 2016 or in early 2017. This draft Doctrine should not be perceived as a reactionary response to changing geopolitical realities facing Russia. Rather, it is as a well-calculated strategic step that was planned well in advance. In July 2013—even before the outbreak of the Ukrainian crisis and the ensuing debacle in Russia’s relations with the West—during a session of the Russian Security Council, Putin first addressed the necessity of information security reform (Oruzhye Rossii, March 30, 2015).

A closer look at the proposed draft document confirms that, for Moscow, the notion of “cyber security” has become inseparable from such categories as “political stability” and “state defense” (Scrf.gov.ru, accessed October 25). It is also clear that the gap between the Russian Federation and the leading global players in this realm is still quite wide, which puzzles and worries the Kremlin. According to the document, this gap in cyber operations capabilities “enables foreign special services and NGOs [non-governmental organizations] to use Information and Communication Technologies as an instrument for breaching the sovereignty and territorial integrity of other countries” and cause the “destabilization of the internal political and social situation” (RBC, June 24).

The Russian side apparently feels ill at ease with the perceived superiority of “certain states” in the domain of cyber technologies since it allows them to “discredit Russian domestic and foreign policy” as well as to “influence the younger generation in order to dilute its cultural and spiritual values, historical foundation and patriotic traditions.” Even though the document does not specifically identify who these “certain actors” are, it should not come as a surprise that the blame is implicitly being leveled foremost on the United States. Identification of the US as the main “culprit” can be deduced from the document’s call on Russia “to use the Internet in order to hinder the spread of ideas of ‘exceptionalism’ pursued by certain nations.” The proposed Information Security Doctrine does not explicitly detail how this policy will be carried out. However, the document does state that Russia has the right to exercise “powers and means of informational confrontation” on its own behalf and on behalf of its (unnamed) allies (Scrf.gov.ru, accessed October 25).

According to Oleg Demidov, a cyber security expert at the PIR Center, in Moscow, the new information security doctrine reflects both old and new Russian phobias. Namely, he states that President Putin was seriously alarmed while watching the outbreak of the so-called “Arab Spring” and the role played by social media in mounting public protest movement across the Middle East and North Africa. The Kremlin viewed these processes as clandestinely inspired and coordinated by external forces that extensively used the Internet and new media in order to breed anti-government sentiments. And at home, severe economic hardship coupled with continuing international ostracism make the aging Russian elites particularly sensitive to such supposed scenarios (Moscoweveryday.com, October 25).

Four main conclusions can be drawn based on Moscow’s actions regarding cyber security and operations to date. First, Russia is ready to revise its policies in the domain of cyber security in accordance with the changing international environment, which entails the transformation of the existing legislative framework. Second, Russia can be expected to act much more assertively in the future. Moscow will likely continue using the Internet as a tool of foreign policy and as a means of retaliation in a much more sophisticated and coordinated manner. Third, Moscow consciously recognizes its current feebleness in the domain of cyber security. In the short term, this is likely to lead to a further intensification of activities aimed at overcoming the existing gap between Russia and other international actors. And finally, the fact that the Russian Armed Forces enjoy the privilege of being a testing ground for new inventions means that the so-called “Army first” approach pursued during the Soviet period is being recreated in full when it comes to the cyber realm.