Internet Use and Cyber Security in Russia

The culture of mass communication in Russia has been challenged by the emergence of new communication systems. This has forced the state to seek ways to adapt to today’s globalized and decentralized information sphere. The Internet penetration in Russia has grown quickly during the past decade, requiring state leaders to look for ways to master social media as a means of quick and potentially two-way communication, enabling it to be a tool for themselves and for promoting national security goals. The intention of this article is to deliver insights into how the current Russian information security policies are related to by the top strategic and operational level. In the first part, this article explores the various related policies and doctrines. The insights are then put into the context of social media narratives of President Vladimir Putin and Prime Minister Dmitry Medvedev and the practices of the Federal Security Service. This approach reveals that Russia’s top leadership recognizes the importance of social media, but struggles with the implementation of the aspects that are regarded as significant for Russia’s information security. It is argued, that Russia is recreating the traditional state-centric forms of control in the modern information space and thereby is trying to establish digital sovereignty.

2019

The Information Security Doctrine of the Russian Federation (RF) defines the threat to information security as a complex of actions and factors that represent a danger to Russia in the information space. These threats can be informationpsychological (i.e., when the adversary tries to influence a person's mind) or information-technical (i.e., when the object of influence is the information infrastructure). The information infrastructure of the RF is a combination of information systems, websites, and communication networks located in the territory of the RF, or those used as part of international treaties signed by the RF. A cyber threat is an illegal penetration or threat of penetration by an internal or external actor into the information infrastructure of the RF to achieve political, social, or other goals. Cyber threats against Russia are increasing and becoming more diverse. The Russian assessment of the cyber threat contains the same besieged fortress narrative as the country's other threat assessments do. In this narrative, Russia is surrounded by hostile states and non-state actors in cyberspace. The sources of the cyber threat are Western intelligence services, terrorists, extremist movements, and criminals. To protect itself against cyber threats, Russia is increasing its digital sovereignty by preparing to isolate the Russian segment of the Internet, RUNET, from the global Internet. Russia is also improving the protection of its critical information infrastructure. To protect itself against cyber threats but also to monitor the opposition, Russia has increased surveillance of RUNET and banned user anonymity. Russia is also making an effort to replace imported information and communication technology (ICT) with Russian production. This paper discuss Russia's defense against cyber threats. After the introduction, the paper begins with a description of the Russian cyber threat perception. The main section then discusses Russia's response to this threat. This study uses grounded theory, an appropriate method for this subject because little theoretical and structured information has, to date, been published on the Russian response to cyber threats. The study data are drawn from official Russian documents such as strategies, doctrines, laws, and presidential decrees.

FOI Report

The elections in 2011-2012 in Russia sparked waves of protests. Throughout these events, political usage of the internet could be widely observed, including people distributing information and appeals for action, crowdsourcing participants and documenting demonstrations, not least for protective purposes. The political role of the Internet should not be exaggerated, but even so it became clear that state-controlled television was beginning to lose its monopoly on shaping public perceptions -at least within a growing urban middle class that could use the Internet to find alternative information.

Russian views on the nature, potential and use of cyberspace differ signifi cantly from the Western consensus. In particular Russia has deep concerns on the principle of uncontrolled exchange of information in cyberspace, and over the presumption that national borders are of limited relevance there. Circulation of information which poses a perceived threat to society or the state, and sovereignty of the "national internet", are key security concerns in Russia. This divergence undermines attempts to reach agreement on common principles or rules of behaviour for cyberspace with Russia, despite repeated Russian attempts to present norms of this kind to which other states are invited to subscribe. This paper examines aspects of the two most recently released public statements of Russian policy on cyberspace: the "Draft Convention on International Information Security" (released 24 September 2011) and the Russian military cyber proto-doctrine "Conceptual Views on the Activity of the Russian Federation Armed Forces in Information Space" (released 22 December 2011) in order to describe the Russian public stance on cyberspace. Conclusions are drawn from the "Conceptual Views" on how the Russian Armed Forces see their role in cyberspace. The documents are referenced to the Information Security Doctrine of the Russian Federation (2000) as the underpinning policy document prescribing Russia's approach to information security overall, including its cyber elements. The Russian authorities considered that protests over the State Duma election results in December 2011 arose at least in part because of a cyber/information warfare campaign against Russia. The informational and political response of the Russian authorities to this is taken as a case study to measure the practical impact of the Russian views outlined above. In addition, the dynamics of the London International Conference on Cyberspace are referenced in order to illustrate failure to achieve dialogue over the difference of these views from the Western consensus.

Technological Forecasting and Social Change, 2010

Turkish Journal of Russian Studies Issue(TJORS), 2020

National security policies have attained a more fragile structure with the results of globalization in recent years. States have started to give importance to information and technology security rather than border security today. The concept of cyber security is one of the security areas that have developed in recent years at this point. In the face of the incredible speed of technology, it becomes more difficult to ensure security day by day. For this reason, states had to constantly update their measures in the field of cyber security. Besides the field of cyber security in interstate relations resembles an ongoing flag race. Similar to the arms race that started before the First World War, interstate competition continues in the field of cyber security. Undoubtedly, Russia is one of the states that actively exist in this competition. The cyber security field, which has become a state policy in the 2000s in Russia, continues its development today. The concept of cyber security, which came to the agenda again with the 2016 Presidential elections in the United States of America (USA), will continue its effective presence in security policies today and in the coming years. The concept of cyber security generally brought to minds and intelligence organizations. Russia, on the other hand, tried to use this technology in all other areas as well as strengthening its cyber domination in military and intelligence activities and wanted to control the information resources of its citizens. Russia has not limited its activities in the field of cyber security to certain state institutions only. Cyber security activities are supported by hacker groups under state control but not affiliated with any government agency. This article aims to analyze Russia's cyber security and cyber espionage policies in light of this information. In this context, the development of Russia's cyber security activities has been handled with a historical process and the cyber security capacity of Russia has been analyzed by revealing state and non-state actors operating in the field of cyber security in Russia.

2023

— Russia’s use of cyber and information warfare against Ukraine has confirmed some previous assessments of Russian doctrine and capabilities and invalidated others. In both cases, observation of operations in the war to date provides valuable insights for other states and coalitions seeking to defend themselves effectively against Russia in the future. — Russia’s operations in Ukraine have provided a clear practical demonstration of the holistic and integrated nature of Russia’s approach to using information for effect in wartime conditions. This implies that potential future victims of Russian aggression should recognize the crucial interdependencies this approach exploits – not only between cyber and information activities but also between these and the physical environment and cognitive domain – and adjust defensive strategies accordingly. — In particular, information and assets not normally thought to be targets for combat operations must be protected. Private personal information captured before and during military operations has been used by Russia with lethal consequences for its subjects. — Ukraine’s successful resistance to Russian cyber campaigns has been substantially enabled by support from international partners but also, critically, from private industry. The involvement of private industry in hostilities raises issues of accountability and legal status, as well as the question of financial and other support for the organizations offering their services. These issues should be addressed as a matter of urgency so that policies are in place before they are next required. — The participation of private citizens in information activities as part of the defence of Ukraine potentially undermines the notional protection they are afforded as civilians rather than combatants. While there is no expectation that Russia will observe international humanitarian law, this has the potential to complicate eventual prosecutions for breaches of it. — This research paper offers policy recommendations for enhancing the resilience of Western states to cyber and information operations by Russia. These recommendations, by their nature, will also be relevant for protection against any other state or non-state threat actor seeking to exploit similar vulnerabilities.

In pursuit of solutions to curb cybercrime, legislators engage in an analysis proportionally weighing freedom of expression and other societal interests. The balance between the two concepts differs dramatically across different jurisdictions. This Article looks into a widely discussed legislative package regulating the online domain, enacted by the Sixth Convocation of the Russian Parliament (2011–2016)—the State Duma. The authors operate under the assumption that the Russian approach might have a broad spillover effect. With this in mind, the authors outline the current status quo regarding Internet regulations in the EU, disentangle and contextualize the legislation under scrutiny, emphasize Russian influence over Eastern European countries, and describe the tumultuous relationship between the Russian Federation and the European Court of Human Rights.

Liberal Arts and Social Sciences International Journal (LASSIJ), 2021

The world has shifted to a digital landscape in the recent decade with both its perks and underlying threats. Russia, throughout history has experimented with its information along with cyber channels and have been able to generate fruitful results that are manifested in the contemporary era. Russian expertise towards merging cyber domain into its military capabilities is praiseworthy to the point that its Western adversaries, despite the fact being economically and technologically advanced compared to Russia, have not been able to effectively counter Russian aggression. This research examines the essentiality of cyber security as a mere software or cyber command can create instability and drastic consequences requiring millions for clean-up by examining Russian cyber-attacks on Estonia, Georgia, Ukraine, US and Western Europe and concludes that the first steps towards Cyber and Information Warfare have been made, it is now to be made sure this does not escalate into a Cyber Arms Ra...

Laboratorium: Russian Review of Social Research, 2019

State control over the Russian internet (Runet) has been enforced by dedicated administrations and private digital entrepreneurs since the early 2010s. Along with them, groups of digital vigilantes report on "negative" online content and claim to be fighting against activities considered to be criminal or contrary to social norms. However, their ideological convictions and moral supports are diverse and changing. This article analyses two nonprofits: Molodezhnaia Sluzhba Bezopasnosti (MSB, Youth Security Service) and Liga Bezopasnogo Interneta (LBI, Safe Internet League), which sponsors an emergent "cyber Cossack" movement. MSB, which can be referred to as "citizen investigators," has developed a high degree of technical and legal experience and cooperates actively with the police. LBI promotes a conservative vigilantism to ensure "virtuous browsing," with a strong focus on education. In March 2019 hearings at the Russian Civic Chamber on a bill addressing the activity of kiberdruzhiny (cyber patrols) revealed tensions between the "politically involved" (Duma members and kiberdruzhiny's organizations) supporting the bill and the "experts" (representatives of internet companies and security specialists) opposed to it alleging the proposed law's inefficiency. A third group, the supporters of a free and democratic Runet, is absent from the official debates but speaks out on social networks and through independent media against the development of civil surveillance.