We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

David Talbot

A View from David Talbot

Russia's Cyber Security Plans

As Washington airs plans for a new “cyber command,” a top Russian official discusses the threat of cyberweapons.

  • April 16, 2010

On Capitol Hill on Thursday, the National Security Agency director, Lt. Gen. Keith Alexander said the threat to U.S. computer networks was growing, with “hundreds of thousands of probes” daily. Alexander, who is slated to head a new cyber command to deal with this, characterized as “uncharted territory” the prospect of the United States launching cyber-based retaliation against future computer attacks.

The day before, I had a chance to interview a leading Russian cyber security official for his perspective. I asked Vladislav Sherstuyuk, a retired general who heads the Institute of Information Security Issues at Moscow State University and sits on the nation’s National Security Council, whether Russia was developing offensive cyberweapons. Through a translator, he gave me this reply: “It is not only Russia. It’s just the 21st century. It is because of the high technology. We didn’t invent the Internet. It was not Russia who invented the Internet. Without Internet there would be no cyberweapons, cyberattacks.”

A report late last year by the computer security company McAfee–a report based on interviews with third party experts–said that Russia, the United States, China, France, and Israel were all developing the capacity to attack and cripple computer networks including those that run critical infrastructure such as power grids.

Sherstuyuk hosted a cybersecurity conference this week in Garmisch-Partenkirchen, Germany, that represented his country’s efforts to set the rules of engagement. The meeting was noteworthy in that it was the first such Russian-sponsored event attended by White House and State Department officials. Russia wants to forge a kind of cyber arms-control agreement, but the United States is primarily interested in forging formal agreements to fight cybercrime.

Sherstuyuk explained his position to me. “Today we are talking about information weapons, about cyberweapons, and there is much in common between nuclear and cyberweapons, because cyber weapons can affect a huge amount of people as well as nuclear,” he said. “But there is one big difference between them. Cyberweapons are very cheap, almost free of charge.”

Even as such weapons are being developed, nations are increasingly trying to work together to fight crime and ward off such attacks. Hence the scene Wednesday night at the Hotel Nessen in Partenkirchen, where platters of pork and ham and shots of schnapps–sponsored by the Russian Interior Ministry–were passed around to the 140 attendees including researchers or government officials from India, China, Israel, and other nations, besides the United States.

But different nations are coming at the problem from different perspectives. The White House has set cybercrime as the highest priority. The White House senior director for cybersecurity, Christopher Painter went to the conference to tell the Russian hosts Tuesday that “the predominant threat we face is the criminal threat–the cybercrime threat in all of its varied aspects.” Online bank fraud and other such crimes that have been extremely costly to U.S. companies. (Russia is one major source of such crime, but the country has declined to sign a crime-cooperation convention, objecting to a provision that would allow law enforcement to access its networks.)

Russia has other priorities. Sherstuyk told me that Russia is itself more concerned about the use of the Internet by terrorists to recruit, organize, plan, and execute conventional attacks inside Russia. Just two weeks ago, two female suicide bombers detonated inside the Moscow subway system, killing 39 people. “We have no examples of cyberterrorism yet,” the general said, referring to attacks on computer networks. “So [the issue] is more about information that you can get from Internet, information about forthcoming terrorism attacks, so we can watch airport and railway stations to observe whether there are attacks or not.”

If there is one concern on which all parties agree, it is the need to be better able to determine who is doing the attacking–a problem known as “attribution.” It can be difficult or impossible to determine whether rogue hackers or a national defense ministry is behind an attack, such as those targeting Estonia’s computer networks in 2007. Improving attribution could be achieved by reducing online privacy, but it also could be achieved through better cooperation between nations to share existing information. “We want to make trust, and help set the rules in the information sphere,” the retired general told me. “And I bet that there are many things that we can do together.”

In written answers to the Senate Armed Services Committee prior to his testimony Thursday, Alexander said it is “reasonable to assume that returning fire in cyberspace” is lawful. His written answers were posted by The Washington Post here.

At the Tuesday dinner, various toasts were made, but none more lusty than the one made by a Russian attendee honoring Sherstuyuk himself. “Hoorah, Sherstuyuk!” he cried. Painter, who is a veteran federal computer crimes prosecutor, did his best to contribute to the merriment. Asked to make a toast, he offered a few guarded comments. Then he gamely told a joke about a hacker who was granted three wishes from a genie, on the condition that other hackers would get twice what he had wished. The first wish was for one million credit card numbers. The second was for a supercomputer to break cryptographic keys. The third was that he be able to donate one of his kidneys.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.