Russia is on the verge of passing its “Digital Economy National Program.” This law requires Russian Internet Service Providers (ISPs) to implement fail safes that guarantee their continued function in the event they lose connection to the global internet. As part of a nationwide resiliency test, the country will intentionally disconnect as early as April 1.
Why would Russia purposefully disconnect from the global internet? Well… Why do schools and businesses perform fire drills? Why did our parents or grandparents practice duck and cover exercises in the 1950s? Why does the military practice war games every few months? All these questions have the same answer: to be prepared. More specifically, to test preparedness.
But, there may be other motives at play here as well. Let’s take a deeper look at Russia’s decision, its potential intent and what other countries might learn from this exercise.
Countries all around the world have become heavily dependent on the Internet, and Russia is no exception. Bank transactions, company communications, hospital monitoring data and more are likely all going over internet connections. This gives Internet connectivity nearly the same level of influence and importance as critical infrastructure. Therefore, much like all other types of critical infrastructure, the Internet should be tested thoroughly and deemed reliable. While it would be easier and less disruptive to test individual networks or individual ISPs to ensure they respond to interruption reliably, anyone familiar with managing large complex systems knows that there’s nothing more comprehensive than a large-scale, end-to-end test.
Imagine Russia’s Internet connectivity as a car. Each part of this car has received rigorous examination and testing. Large subsystems of the car – like the engine and the transmission – are tested by themselves. But, let’s say that for this particular car, different groups of people at different times tested the pieces and subsystems, but no one ever tested the entire car as a whole. Would you buy it? Would you even take it for a test drive? Probably not – because all these parts and subsystems are interconnected and have the potential to impact the performance and safety of the whole. You can’t know how the entire car works and if it’s reliable without putting it all together to test it in its final state.
These types of end-to-end tests often reveal that incorrect assumptions or a lack of adequate preparations. For example, after the Internet connection is severed, an end user might be able to get to all of their favorite websites, but critical things like financial transactions or healthcare communications might fail. The only way to know for sure how your nation reacts to an all-out Internet blackout is just to shut it all off – exactly the approach Russia will be taking. But, this might not be the only consideration behind their decision.
Some experts are under the impression that there are more sinister motives in play. The BBC reported that funneling internet connectivity though government-owned network nodes would enable Russia’s governing bodies to selectively disconnect the country from the sites it wants to censor (much like China does with The Great Firewall). Given the fact that Russia attempted to block access to an app called Telegram last year after claims it was used in a terrorist plot, it makes sense that its government would move to make censorship easier to enforce. Even more troubling would be if they intend or decide to use these central nodes as a means to spy on Russian citizens.
A First World nation like Russia definitely has the technology and resources to make that happen, but you might wonder why now? Russia successfully executed cyber attacks as part of military actions in 2008 against Georgia and against Crimea in 2014, but what moved them to move forward with the law and pursue a test for resilience against Denial of Service attacks now?
After Russian interference in the 2016 U.S. presidential election brought Russian cyber operations under the scrutiny of the U.S. Government, the Washington Post reported that U.S. Cyber Command “blocked Internet access to an infamous Russian entity called the Internet Research Agency (IRA) seeking to sow discord among Americans during the 2018 midterms… They basically took the IRA offline.” If Russia interpreted this activity as an escalation, then this test could very well be a preparation for further cyber warfare in the future.
All Things Considered, Is This a Good Idea?
Motives aside, based simply on the idea of operational preparedness, testing back-up procedures to defend against a large-scale Denial of Service attack is a sensible move. What makes Russia’s solution to preparedness questionable, though, is the opportunities their government will have to abuse and misuse the access given to them by the law’s mandate to funnel all Internet access through government-owned nodes.
Unlike Russia’s proposed approach, it’s likely that if the U.S. government were to enact a similar law, it would contract the creation and maintenance of these central Internet nodes to private companies. Those organizations would maintain control and ownership, operational preparedness and resilience against disconnect from the bigger internet, while abiding to laws and processes in place to monitor traffic as legally necessary. This might be the best of both worlds.
What’s Around the Corner?
Russia’s resilience test is happening, potentially as soon as April 1. On the surface, the exercise seems legitimate as a wide scale test of resiliency against cyber attacks that could disconnect them from the broader Internet. In general, this is a sentiment the U.S. should share, especially considering recent cyber-fueled conflicts related to Russian influence in our political processes. That said, Russia’s proposed solution can lead to a misuse of government power, which has now spurred outrage and protests from its citizens.
Only time will tell if this is part of a larger scheme with more nefarious intentions. The U.S. (and its allies) should closely examine how this all plays out, and begin thinking about the benefits of implementing a similar approach to Denial of Service attack preparedness, while protecting citizens from government espionage and censorship, and preserving their privacy and freedom.
About Ricardo Arroyo
Ricardo Arroyo is a Sr. Technical Product Manager & ThreatSync Guru, WatchGuard Technologies. Ricardo is responsible for guiding the design and implementation of Threat Detection and Response at WatchGuard Technologies. Following a 15 year career at the NSA, where he worked as an Analyst and Cyber Operator, Ricardo now uses his extensive Offensive Cyber Security experience to solve complex security problems and develop the latest defenses for small and midsized enterprises. He currently holds or has previously held the following certifications: Certified Ethical Hacker, Certified Sans Forensics Analyst and Certified Scrum Product Owner.