Russia’s Cyber Security Plans
As Washington airs plans for a new “cyber command,” a top Russian official discusses the threat of cyberweapons.
On Capitol Hill on Thursday, the National
Security Agency director, Lt. Gen. Keith Alexander said the threat to U.S. computer networks
was growing, with “hundreds of thousands of probes” daily. Alexander, who is slated to head a new cyber
command to deal with this, characterized
as “uncharted territory” the prospect of the United States launching
cyber-based retaliation against future computer attacks.
The day before, I had a chance to interview
a leading Russian cyber security official for his perspective. I asked Vladislav
Sherstuyuk, a retired general who heads the Institute of Information Security
Issues at Moscow State University and sits on the nation’s National Security
Council, whether Russia was developing offensive cyberweapons. Through a translator, he gave me this reply: “It
is not only Russia. It’s just the 21st century. It is because of the high
technology. We didn’t invent the Internet. It was not Russia who invented the
Internet. Without Internet there would be no cyberweapons, cyberattacks.”
A report late last year by the
computer security company McAfee–a report based on interviews with third party
experts–said that Russia, the United States, China, France, and Israel were
all developing the capacity to attack and cripple computer networks including
those that run critical infrastructure such as power grids.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
Subscribe now
Already a subscriber?
Sign in
You’ve read all your free stories.
MIT Technology Review provides an
intelligent and independent filter for the
flood of information about technology.
Subscribe now
Already a subscriber?
Sign in
Sherstuyuk hosted a cybersecurity conference this week
in Garmisch-Partenkirchen, Germany, that represented his country’s efforts to
set the rules of engagement. The meeting
was noteworthy in that it was the first such Russian-sponsored event attended
by White House and State Department officials. Russia wants to forge a kind of cyber
arms-control agreement, but the United States is primarily interested in forging
formal agreements to fight cybercrime.
Sherstuyuk explained his position to
me. “Today we are talking about information weapons, about cyberweapons,
and there is much in common between nuclear and cyberweapons, because cyber
weapons can affect a huge amount of people as well as nuclear,” he said.
“But there is one big difference between them. Cyberweapons are very
cheap, almost free of charge.”
Even as such weapons are being
developed, nations are increasingly trying to work together to fight crime and
ward off such attacks. Hence the scene Wednesday night at the Hotel Nessen in
Partenkirchen, where platters of pork and ham and shots of schnapps–sponsored
by the Russian Interior Ministry–were passed around to the 140 attendees
including researchers or government officials from India, China, Israel, and
other nations, besides the United States.
But different nations are coming at
the problem from different perspectives. The White House has set cybercrime as
the highest priority. The White House senior director for cybersecurity,
Christopher Painter went to the conference to tell the Russian hosts Tuesday that “the predominant threat we face is the criminal
threat–the cybercrime threat in all of its varied aspects.” Online bank
fraud and other such crimes that have been extremely costly to U.S. companies.
(Russia is one major source of such crime, but the country has declined to sign
a crime-cooperation convention, objecting to a provision that would allow law
enforcement to access its networks.)
Russia has other priorities.
Sherstuyk told me that Russia is itself more concerned about the use of the
Internet by terrorists to recruit, organize, plan, and execute conventional
attacks inside Russia. Just two weeks ago, two female suicide bombers detonated
inside the Moscow subway system, killing 39 people. “We have no examples
of cyberterrorism yet,” the general said, referring to attacks on computer
networks. “So [the issue] is more about information that you can get from
Internet, information about forthcoming terrorism attacks, so we can watch
airport and railway stations to observe whether there are attacks or not.”
If there is one concern on which all
parties agree, it is the need to be better able to determine who is doing the
attacking–a problem known as “attribution.” It can be difficult or
impossible to determine whether rogue hackers or a national defense ministry is
behind an attack, such as those targeting Estonia’s computer networks in 2007.
Improving attribution could be achieved by reducing online privacy, but it also
could be achieved through better cooperation between nations to share existing
information. “We want to make trust, and help set the rules in the
information sphere,” the retired general told me. “And I bet that
there are many things that we can do together.”
In written answers to the Senate
Armed Services Committee prior to his testimony Thursday, Alexander said it is
“reasonable to assume that returning fire in cyberspace” is lawful.
His written answers were posted by The
Washington Post here.
At the Tuesday dinner, various
toasts were made, but none more lusty than the one made by a Russian attendee
honoring Sherstuyuk himself. “Hoorah, Sherstuyuk!” he cried. Painter,
who is a veteran federal computer crimes prosecutor, did his best to contribute
to the merriment. Asked to make a toast, he offered a few guarded comments.
Then he gamely told a joke about a hacker who was granted three wishes from a
genie, on the condition that other hackers would get twice what he had wished.
The first wish was for one million credit card numbers. The second was for a
supercomputer to break cryptographic keys. The third was that he be able to
donate one of his kidneys.