An internet "kill switch" has been published in Russia's legislative plans for some time – but it's not entirely about defense.
As soon as it came out of Russian-language newswire RBK (and what's sloppily reported), it was easy to get the impression that this was a complete, countrywide internet shutdown.
Rather, the country would use Runet, a sovereign, government-run internal web that would keep citizens connected, but only within the country. Runet would run an internet blackout in the event of "targeted large-scale external influence."
A national intranet is an IP-based walled garden used as a substitute for the United States real (global) internet. Typically, its purpose is to control and monitor the communications of citizens while thus restricting their access to outside media. Like in Iran.
After years of rumors, Iran rolled out its state-run intranet in January 201
Another country that controls its population via intranet is North Korea. Its Kwangmyong network is the oldest known one in the world.
Interestingly, the upcoming disconnect experiment is run by Russia's Information Security Working Group, whose member are telcos – and is presided over by Natalya Kaspersky. Yes, that's Kaspersky. She co-founded the namesake security company, and her ex-husband is … Eugene Kaspersky.
The law (called the "Digital Economy National Program") dictates that Russian telcos must install technical means to funnel all internet traffic "to exchange points approved or managed by Roskomnazor, Russia's telecom watchdog," according to press. "Roskomnazor wants to inspect the traffic in the country and is not re-routed through servers abroad, where it could be intercepted."
The point of all this is so Russia can enact an internet blackout. For security purposes, it claims.
Not really. Oracle did a deep dive on this exact scenario and concluded that countrywide internet blackouts (with intranet reliance) actually make a country harder to defend. What makes the internet as a system, they explain, is its decentralization. Namely, diversity in infrastructure.
If a country has only five companies with licenses to carry and monitor traffic, then, it's a snap to make a phone call and send the country into a near-instant internet blackout. However, Oracle says: "This level of centralization also makes it much harder for the government to defend the nation's Internet infrastructure against a determined opponent."
Packet Clearing House's Bill Woodcock reminds us that the same idea, of a disconnection protocol, in the 2008-2009 era. The idea was abandoned. Mr. Woodcock told Engadget that a kill switch "is a pretty reasonable thing to test, and how to prepare for, how much the US is putting into cyber-open, and how little the US has for non-proliferation efforts in this area." Soberingly, Woodcock tells us that Russia may be taking cues from its own cyber-attack victims:
The apt comparison with Estonia in 2007 and Georgia in 2008. Estonia was prepared while in Georgia what is not. The Russian attack on Estonia was nearly unnoticed, from a network user's perspective, while the one on Georgia was almost completely effective, for a period of several months.
I think the thing many outlets are dancing around as they report on the blackout system implementation is Russia's intent to isolate its citizens and crack down on dissent. It's especially heartbreaking in light of new reports of a refreshed purge of LGBT men and women in Chechnya, where at least two are dead and dozens are being held. "The new wave of persecution started in late December," wrote The Guardian, "After an administrator for an online group for LGBT people on the social network" VKontakte was detained [others].
The Guardian confirmed the reports with a Russian newspaper, which was sent through messages via VKontakte (Russia's state-run version of Facebook).
When blackouts begin in Russia,