On Nov. 1, Russia is poised to disconnect from the internet—in theory.
That is when a long-planned internet bill will go into effect and lay the foundation for a national network whereby internet service providers are controlled by Roskomnadzor, Russia's telecom agency. The goal is to give Russia the power to disconnect from the global internet in the event of a cyberwar and, in the interim, serve up a walled-off version of the web sanctioned by the Russians. It also gives President Vladimir Putin greater control over Russian citizens.
Details of the bill are sketchy. Russian news agency RIA-Novosti says the aim is to provide a "sustainable, secure, and fully functioning" internet. And it will reportedly do so by developing its own version of the internet's address system so Russian web users attempting to reach international sites will instead be directed to Russian versions. Citizens hoping to visit Facebook, for example, might be redirected to Russian social network VK.
Russian officials have argued that this so-called sovereign internet will protect the country from harm, but experts argue it could make Russia, and the entire open web, more vulnerable to attack.
Russia's Great Firewall? Not Quite
With all the talk of clouds and wireless connectivity, many people think of the internet as an ephemeral tool. But it's powered by vast server farms, interconnected cables, and networking infrastructure that cross borders and oceans. That makes it difficult to control, which is why Russia's law targets the internet's address book, the Domain Name System (DNS).
In essence, the DNS converts a web address (such as www.pcmag.com) into an IP address (such as 192.168.1.1) that fetches the site you want. Russia's system uses a proxy to steer packets of information away from the public DNS resolver by default, look at where the data is located, and either let that information through, redirect it, or block it completely.
We see examples of this kind of control in Saudi Arabia, Turkey, and China. But Russia might have some difficulty in recreating China's Great Firewall, in part because Russia's internet was built to be open, according to Alex Henthorn-Iwane, VP of Product Marketing for network monitoring company ThousandEyes.
China restricted its web access from the start, with the Communist Party legislating in 1996 (two years after the internet arrived there) that all service providers be licensed by the government and that all internet traffic go through state-owned telecommunication companies. Since then, it's poured vast amounts of money into the effort, and it's still is not completely airtight.
Russia has reportedly spent about $300 million on its sovereign internet plan. But while the country has restricted access to certain services in recent years—from VPNs to encrypted messaging apps—Henthorn-Iwane says it's unlikely the Russian government will be able to exert on its citizens the level of control China has accomplished with its Great Firewall by Nov. 1.
How a VPN Works
"One of the major benefits about the internet is [its] cross-border trade mechanism, and Russia won't be able to replicate every single service that is provided by non-Russian companies," Henthorn-Iwane says. "If China allows Western companies to use SAAS (software as a service) tools, that tells you it's not realistic. Office 365, or Salesforce, I would imagine they're going to have to keep open if they want to attract foreign direct investment."
Considering that China has also fostered a powerful e-commerce and mobile app ecosystem where Russia hasn't, that makes it less likely that Russia will ever actually turn its internet off.
It's also questionable from a cybersecurity standpoint. "If cyber criminals or nation-states want to infiltrate and infect a machine, to command and control, you don't need a lot of bandwidth. You could have a cross-border cell phone to get on the internal internet of the country. For that matter, you could have people inside the country, which all major states do, to enable cyber warfare."
Breaking the Internet
Yet despite the low likelihood of Russia closing the doors on external internet connections, the proposed policy is indicative of a greater trend among governments: creating a "splinternet."
The term was first used in 2001 to describe "parallel internets," or multiple privately run networks that exist to avoid heavy-handed and changing government regulation. It's now more likely to describe secondary networks run by those governments.
The concept is not alien to the West. San Francisco-based Twitter, which regularly comes under criticism from users in the United States for not taking enough action against white supremacists and other bad actors, is required by law to block those same harmful users in Germany. Google has also agreed to change names and borders on its mapping products upon request from certain governments. GDPR regulation, meanwhile, means many US news publishers are unable to show their content in European countries due to how they store data on European citizens.
The amount of regulatory control governments place on the internet is a sliding scale based on political ideology. For some, that's shutting the internet off completely (or, at least, attempting to) while others focus on how data can or cannot move across countries.
However, while the American view of the internet—heavily influenced by its history of free markets and free speech—might be closer in theory to the open internet that was proposed by the web's pioneers, the hegemony of Silicon Valley has created a state in which the majority of the internet is de facto under the control of the US government.
Google parent company Alphabet, for example, dominates how many people around the world access the web, whether that's through search, the browser (Chrome), or the operating system (Android or Chrome OS). But should the US government wish to exercise its control in the name of security, as it did with Huawei, it's entirely possible.
In a world of splinternets, it's easier to say that you have an open system when the nexus of power is within your borders. The future will likely bring more legislation like Russia's, albeit with varying degrees of severity.
What Is Two-Factor Authentication?
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
