This is a guest post written by Emilio Iasiello.
in December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them.
Russian information security doctrine
According to the document, one of the main directions of the information security is to ensure strategic deterrence and prevent military conflicts that may arise during the use of information technologies. Areas of concern addressed in the document include Russian concerns of “information-psychological” methods by foreign intelligence agencies bent on influencing its population with online information; attacks on systems of “information support for democratic institutions” and the spread of harmful, false information; and the “increasing scale of certain countries and organizations using information technologies for military and political goals.” Of particular note, the doctrine cites the importance of creating a system of non-contentious inter-state relations in the information field.
Chinese- Russian cooperation
Russia’s new signed information security doctrine dovetails with China’s recent passing of its new cyber security law. There has been increased cooperation between Russia and China on information security related issues, with both governments maintaining that sovereignty in cyber space and the ability to counter all information-based threats are inherent government rights. In April 2016, the two government established the first-ever China-Russia cyber forum, which was held in Moscow, which appears to have helped align the governments and pave the way for future information included Lu Wei, the head of China’s state internet information office, Fang Binxing, the so-called father of the Great Firewall and Igor Shchyogolev, President Vladimir Putin’s assistant on internet issues and former minister of communications.
The activities by the two countries in recent weeks are indicative of building on the April forum, with some reports suggesting that China and Russia have been collaborating on information sharing to better regulate and censor the Internet. While this may be an alarmist perspective on what is transpiring, the two have engaged in several joint events where Internet security has been the main focal point. In fact several of these Russian initiatives mirror the actions undertaken by China. Among them include:
Among them include:
- In early December, proposed amendments to the Russian Criminal Code and Criminal Procedure Code proposes new punitive measures to cyber attacks being conducted against Russian infrastructure will result in up to 10 years imprisonment and heavy fines. Included in the draft bill, which currently sits in the State Duma’s lower chamber, introduces a new article called “illegal influence upon the crucial information infrastructure of the Russian Federation.”
- In November 2016, Russia sought Chinese advice and looked to incorporate elements of China’s
“Great Firewall” into its own “Red Web” – Russia’s system of Internet filtering and control. According to one source, the Chinese digital equipment maker Huawei has been enlisted to help Russian telecom companies build the capacity necessary to comply with Yarovaya’s laws. This intimates that while Russia was reputed as being able to monitor and filter Internet content in country, the technology it implemented may not have been robust as previously thought
- In early November 2016, Russia’s communications regulator, blocked all public access to LinkedIn, arguing that it violated a 2015 law that requires Internet companies to store users’ personal data on servers located in Russia.
- The summer 2016 passing of “Yarovaya law, a package of amendments authored by the ruling United Russia party member Irina Yarovaya, who is known for previous legislative crackdowns on protesters and non-governmental organizations. Broadly speaking, the legislation makes it a crime to not warn the authorities of “reliable” information about planned terrorist attacks, armed uprisings, hijacking and several other crimes.
Getting governments on the same cyber security page continues to pose challenges as disagreements are found in trying to find a common lexicon from which to start. Broadly speaking, the West favors a technological focus and prefers a “cyber security” nomenclature, whereas governments from China and Russia prefer information security, pointing out that information as much as the technology on which it overrides is as potentially a dangerous weapon. The U.S. may have inadvertently given credence to this belief when the President Obama cited “fake news” as a concern that could “poison politics,” and essentially influence how people vote. This is the very concern being expressed by China and Russia when they always include information as part of the larger security talks and its potential effect on social, cultural, and psychological aspects of a population.
What remains to be seen is how the recent accusations of Russian hacking to influence the U.S. elections may actually encourage other nations to side with the China/Russia side that views hostile information is a destabilizing agent. China and Russia have led two proposals for nation state code of conduct in cyberspace to the United Nations, with an agreement among future signatories ”not to use information and communications technology to interfere in the affairs of other states with the purpose of undermining, political, economic, and social stability.” Those governments wishing to preserve this right as well as their autonomy in cyberspace may be continually drawn to the China/Russia side, particularly as the gap between cyber and information security is closely interwoven, and a focus on just the technology in this day and age is turning a blind eye toward the reality of the information space.
And in the end, that may be the real reason behind the uncertainty behind the alleged “hacked” U.S. elections – not to put a candidate in office, but to bring to light why information cannot be separated from the technology it uses to communicate.
And from this perspective, the Chinese/Russian approach may be more indicative of today’s reality than the West wants to acknowledge.