Skip to content
Commentary | 16 January 2018

Understanding the Russian Approach to Information Security

Image of Pasha Sharikov

Pasha Sharikov |Head of the Center for Applied Research in the Institute for USA and Canadian Studies, Moscow State University

Cyber Russia Global Security

The current state of relations between Russia and the West is probably at its worst since the most severe times of the Cold War. The crisis is not simply political contradictions over a number of issues, it is a systematic problem related to the general trends in international relations. The issue of cyber- and information security provides a perfect example of the challenges we are facing.

Many of the problems that exist today are caused by the transformations linked with the information revolution and the global conversion into the information age. These problems are not only technological but first of all of political nature. Every nation – including European democracies, Russia and the United States – has its own way of transforming its political system and dealing with the information revolution challenge. Along with that, certain controversies appear due to the fact that the cyberspace is global and exists beyond national borders.

While protecting information resources is a top national security priority, it cannot be guaranteed solely by government institutions. The government’s ability to control individual production and consumption of information is very limited.

The necessity of a stable and reliable global information infrastructure is unquestionable. It is also evident that the legal international norms of cybersecurity should be the result of a multinational and multi-stakeholder effort. Interests of states and various actors (including non-state ones) should be taken into account. Negotiations on this matter have been held within the United Nations since the late 1990s when Russia and the United States represented two different and almost incompatible positions.

Among the different suggestions related to global internet governance, one of the most popular ones is the “net neutrality rule”. This approach ensures equal access and speed of communication for every user, thus excluding any possibility of manipulating the content. The net neutrality principle was accepted, until recently, in the United States by the Obama Administration. Net neutrality has also been adopted in most of European cybersecurity strategies.

To a certain extent, the Russian approach to cyber policies is opposite to the American and European ones. The Russian approach is based on the responsibility of the government to secure not only the infrastructure but also the information itself. This reflects Russia’s traditional understanding of national sovereignty. While Western countries understand sovereignty in the information era as encouraging global information exchange through safe technological infrastructure, the Russian government understands information sovereignty as “nonproliferation” of foreign information among Russian citizens, and sharing the “proper information about Russia with foreign partners” [1]. Such an approach is reflected in all major pieces of legislation adopted in Russia as well as in the major doctrines of information security.

The difference of approaches between Russia and the United States is mostly clear on the issue of information security policies. The Western approach is based on the secure communications: Net neutrality rule means that information is safe as long as technological infrastructure is safe. The responsibility of the government is to ensure that every citizen is free to use secure technologies.

The problem of global internet governance is where the Russian approach does not align with the American and Western one. Evidently all states need to reach an agreement on universal norms of using the cyberspace. However, domestic approaches to sovereignty in the information age clash, and that is why such an international agreement failed to be reached. Russia suggests norms that include strong government control over information, while the American approach perceives it as a threat to political stability.

Russia’s official approach is called “international information security”. The position is reflected in the concept of the Convention of International Information Security. The Convention sees “actions in the information space aimed at undermining the political, economic, and social system of another government, and psychological campaigns carried out against the population of a State with the intent of destabilizing society” as one of the main threats in the information space. The convention stresses that “political authority in connection with governmental policy issues related to the Internet is a sovereign right of States, and that the governments of States have rights and responsibilities as regards governmental policy issues related to the Internet on an international level”.

Russia’s foreign policy is based on promoting international information security. According to the “Frameworks of Russia’s government policies in regard to international information security until 2020”, the Russian position should be promoted mainly under the auspices of the United Nations. Besides, Russia seeks cooperation on these issues with partners in other international organizations – Shanghai Organization for Cooperation, Commonwealth of independent States, Collective Security Treaty Organization and members of BRICS. Russia initiated also work of a Group of Government Experts (GGE) – a UN body that unites experts from different countries to discuss internet governance issues and seek common understanding.

At the same time, Russian diplomats promote the official position in other organizations. However, Russia’s approach is not shared by the Western community. These controversies were evident long before the current crisis. For example, in 2012 Russia blocked the resolution on early warning of cyberattacks at the OSCE. It was reported that Russian officials denied to agree on the suggested transparency measures claiming that they threaten national sovereignty.

Russia’s idea of international information security implies significant government responsibility and control over information resources. Russia, which promotes these ideas on the international level, faces strong opposition from Western countries. Contradictions on cybersecurity and internet governance between Russia and the West bring additional heat, especially prior to elections. While Western political systems proved more effective in the information era, Russia sticks to conservative political traditions. American and European countries benefit from the advantages of information era, while the Russian economy still relies heavily on the production of crude industrial products. The inability of the Russian political system to adapt to the realities of information era causes lack of trust with the Western world.

The lack of trust is also caused by the accusation that Russia has attacked the core and the most valuable feature of Western democracies: their electoral systems. First, Russia was allegedly accused of interfering with the American presidential election, and then with the Brexit vote, the French and German elections, and finally the Catalonia referendum on independence. While each of these cases has mostly national specifics, it is hardly imaginable that the Russian government could have orchestrated all of those interferences. Even if certain individuals from Russia have participated in those acts of information aggression, it proves the inability of the Russian government to control criminal activities on the web and its inability to deliver proper information policies.

Every time Russia is criticized by the Western media, the Russian government reacts through strengthening of the information policies at the domestic level. This trend leads to further fragmentation of the Russian piece of cyberspace and to the isolation of Russia in international relations. Such a development would definitely destabilize the fragile international peace. Thus, one of the most important ways of preventing further escalation is to continue dialogue, especially through unofficial tracks, such as expert community, educational exchanges, research and think tank communications.

 

[1] Russian Federation Doctrine of information security, 2016

 

The opinions articulated above represent the views of the author(s), and do not necessarily reflect the position of the European Leadership Network or any of its members. The ELN’s aim is to encourage debates that will help develop Europe’s capacity to address the pressing foreign, defence, and security challenges of our time.

 

Related content

Commentary

Law and Order in Cyberspace

Maarja Naagel, Researcher at the NATO Cooperative Cyber Defence Centre of Excellence, argues that we should reject the mystifying rhetoric of “legal vacuum” in cyberspace and instead stay firm in our commitment to the rules-based international order.

Commentary

Cyber-deterrence starts with defining a Cyberattack

The YGLN’s Sam Rebo, and Clark Street Associates’ Taylor Grosman, argue that NATO governments must begin to better define what specific actions constitute a cyberattack. Foreign governments have grown bolder and NATO must be clearer in response.