Will Russia really disconnect from the internet, and if so how?

Recently, an important second reading in the Russian parliament saw a proposed law to ensure the independence of the Russian internet (Runet) passed. With this, the proposals could become law and be enforced by November 1st, 2019. The goal of this law seems to be to trial how successful such an experiment would be and to suggest potential policy changes to the authorities in Russia.

Why is Russia looking to disconnect from the internet?

The internet is an extremely powerful channel due to it being a dense, interconnected and worldwide network in which information and digital services are able to flow free. Yet, it does have roots to the US government, who had oversight of the structure of governance during its earlier days. As a result of this, many essential resources that the internet relies upon are controlled by US-based organisations and, thus, are subject to its jurisdiction, including some of the world’s largest internet service providers (ISPs), domain name system (DNS) providers and public cloud vendors. Russian authorities are nervous about this as well as the increasing sway and importance of technology companies such as Facebook, Google, and Microsoft, which are all, of course, headquartered in the U.S. What’s unclear currently is if Russia views this as a strategic fragility, or if these proposals are seeking to contain the economic power of U.S. technology firms within the digital economy in Russia.

Seven in ten FTSE 100 companies are not ready for the next major DNS attack, says study

A report reveals that 68% of the top 50 companies listed in the Fortune 500 are not adequately prepared to be taken off the Internet by a targeted traffic-lead approach.

What would need to happen?

The truth is that unplugging from the internet will not be easy. It runs on complex dependencies, that ensure a seamless operation of the service. One of the first and most critical components of this infrastructure is the DNS, and this service, which is global, is provided by multiple DNS registrars. The resolvers may be located in a host of cities around the world, yet they all mirror a common global database that comprise the directory for the Internet. If Russia attempts to isolate itself from the internet, a copycat version of this whole system would need to be created, all within the borders of Russia. Supposedly, Russia has such a plan in place for this already, which has been tested previously, meaning that this part of the experiment might actually be possible.

It is important to note that there are numerous points of interconnection between Russian ISPs in other countries and Russian ISPs in Russia. This means that some of these connections are peering relationships, whereby traffic going to other countries may also flow through Russia, while some of these will also solely carry traffic that remains within Russia.

Due to this, there are two possible ways that Russia could ‘disconnect’ from the global internet. The first is to switch off all internet circuits going in and out of the country. However, this is a huge project which would require large-scale, coordinated changes across every ISP, both small and big, within the country’s borders. If this is not achieved in a highly coordinated manner, the internet will divert traffic to the remaining available circuits that failed to switch off, almost certainly overloading those paths through the internet and crippling the ISPs along the path.

The second approach may be to apply filtering to Border Gateway Protocol route announcements that are accepted and announced by Russian ISPs, creating a fragmented view of the Internet. Yet this may enable transit traffic to continue to flow through Russia to other countries. However, BGP changes are difficult to coordinate and one minor misconfiguration can be highly problematic.

One of the most complex issues around this is that the global ecosystem for software is increasingly delivered over cloud-based technologies. This ranges from consumer apps such as Gmail, but includes business applications also such as Office 365. Yet they all rely on a complex mix of back-end services that are hard to localise fully. Interestingly, four years ago, Russia introduced a law requiring all software-as-a-service (SaaS) vendors to create and maintain a local copy of all data points concerning Russian citizens, yet failure to comply, which many have not, hasn’t been fully enforced as of yet.

NCSC, FBI and DHS issue joint alert over Russian malicious cyber activity

‘Technical Alert’ warns Russia has been targeting UK and US government and private-sector organisations

Can it really happen?

The country is already densely integrated into the global internet and digital ecosystem. This sees a wide number of essential part of the Russian economy, from financial services to enterprise SaaS applications, depending heavily on interconnections to services outside of Russia. Isolation from the global Internet would most likely disrupt all of these services causing some sort of economic impact.

In addition, while it may be possible to recreate and replicate some mission-critical services including DNS within its own borders, an attempt to also replicate the public cloud and SaaS/API services in Russia is a near impossible project. This is because cooperation of all the technology firms, offering such services in the country, would be required.

This is likely to create a challenge-filled environment for global technology companies operating in the country

Finally, interrupting every transit and peering relationships between ISPs both within and outside Russia is a complex task, that again, would need significant coordination, at a level that the Internet has never seen before. This is still not enough to guarantee a complete isolation from the Internet. International roaming agreements, combined with mobile hotspots could create backdoors between Russian users and the global Internet through mobile networks.

Details emerge of Russian cyber attacks on Singapore Summit

F5 Networks witnessed a wave of Russian cyber attacks coinciding with the Singapore Summit and historic Trump-Kim meeting last week

Is testing already underway?

Over the past week, there has been two interesting packet loss events affecting Yandex.ru, which is the Russian equivalent of search engine giant Google. Delving deeper, these incidents have the signature of two potential issues. These packet loss events could have been a huge distributed denial-of-service (DDoS) attack targeted at Yandex from around the globe. Or, the testing of a new filtering infrastructure, designed to create well-defined choke points into Yandex’s network, in preparation for the new regulations.

What does this all mean?

It seems clear from these proposals that Russia is committing to a path of ‘Internet sovereignty’, however, this is likely to create a challenge-filled environment for global technology companies operating in the country, both in the near term and beyond.

Ameet Naik, is the Product Marketing Manager for ThousandEyes

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com

Related Topics