On the way to the cyberworld. Cyber weapons as a chance for Russia
A cyber world, based on digital equality and equal access, rights and responsibilities of all sovereign states in relation to the World Wide Web, is needed. It is these principles that are laid down in the “Fundamentals of the State Policy of the Russian Federation in the Field of International Information Security for the Period to 2020”. Other participants in such organizations as BRICS, SCO, EurAsEC adhere to similar positions.
Only the concerted efforts of the world community can prevent the transition from the passive to the active phase of cyberwar, and first of all close cooperation and interaction of the leading countries in the field of information technology in general and information security in particular.
The first necessary step on this road, stipulated by the “Fundamentals of the state policy of the Russian Federation in the field of international information security for the period up to 2020”, is the internationalization of Internet governance under the auspices of the UN, ensuring digital equality and sovereignty of all countries.
The transition from today's de facto and de jure internationally unregulated Internet to a clear and understandable unified Internet scheme consisting of information spaces of sovereign countries will clearly define not only the rights, but also the responsibility of each country to respect the security of the Internet as a whole and individual its segments. In practice, this means that a country must be held responsible for acts of cyber-aggression that are carried out from or using the information space of the country. Naturally, the measure of responsibility should depend on the degree of the country's involvement in provoking or participating in cyber war. At the same time, in the relevant international agreements, according to experts, possible sanctions and the conditions for their application to the violating country should be clearly stated. In conditions when the aggressor can be not only state or private structures, but also non-formalized network formations, recognition of digital sovereignty means state responsibility for suppressing the activities of such organizations and entities, first of all, by the power structures of the country itself, and if necessary with the consent of the country with the inclusion of international assistance.
Changing the structure of Internet governance and the development of relevant international agreements will naturally take some time, but all potential participants in this process should understand that the proliferation of cyber weapons does not occur in years, but literally in months. Accordingly, the risks of cyberwar and cyber terrorism increase. Therefore, in this case, a quick and coordinated work of all interested states is necessary.
Another obvious and possibly unpopular measure to curb the uncontrolled spread of cyber weapons and their private development is to tighten control over not only the Internet, but also other alternative Internet networks, including so-called mesh and peer-to-peer networks. Moreover, we are talking not only about deanonymization of the Internet and electronic communications users in the broad sense of the word, but also about expanding the possibilities of state control over the activities of companies and individuals involved in developments in information security, as well as developing penetration testing methods provided for by national laws. . Many believe that at the same time, national laws should be tightened in terms of hacking activities, mercenaries in the field of information technology, etc.
In the modern world, the choice between unrestricted personal freedom and responsible behavior that fits into a socially safe framework ceases to be a topic for discussion and a subject for speculation. If the international community wants to prevent cyber warfare, then it is necessary to publicly and openly introduce relevant norms into national and international legislation. These standards should allow for the strengthening of sovereign technical control over behavior, private and commercial activities on the Internet in order to ensure national and international security in cyberspace.
It may also be worth discussing the issue of creating, based on the potential of leading countries in the field of information technologies, first of all, the United States, Russia, China, Great Britain, Japan and other international forces for the early detection and suppression of cyberwar threats. The creation of such international forces would, on the one hand, rapidly mobilize the mutually complementary potential of various countries to curb cyberwar, and on the other hand, willy-nilly, would make their development more open and therefore less threatening to other pool members who voluntarily took assume increased responsibility for adhering to cyberworld.
Fighting for cyberworld, get ready for new cyber war
With all the desire for peace, as shown by the Russian story, the security of the country can be ensured only in the presence of powerful defensive and offensive cyber weapons.
As is known, in July 2013, the RIA "News"Referring to a source in the military department reported that a separate branch of the military, which will be engaged in the fight against cyber threats, should appear in the Russian army before the end of 2013 of the year.
In order to successfully accomplish the task of creating a forced cyber war, Russia has all the necessary prerequisites. It should be remembered that, unlike many other industries, Russian companies involved in information security and vulnerability testing are among the world leaders and sell their products on all continents. Russian hackers have become a world famous brand. The overwhelming part of the software that serves high-frequency trading and the most complex financial transactions on all major stock exchanges in the world have been created by Russian programmers and developers. Such examples can be multiplied and multiplied. And they relate, above all, to the creation of software that requires the highest level of mathematical training and knowledge of the most complex programming languages.
Unlike many other areas of science and technology in Russia, scientific schools in mathematics, computer science and programming over the past 20 years not only did not suffer damage, but also developed significantly, taking the leading world positions. Such Russian universities, such as MIPT (GU), Moscow State University. Lomonosov Moscow State Technical University. Bauman, NRNU MEPI, St. Petersburg State University, Ulyanovsk State Technical University, Kazan State University, etc. are recognized centers for the training of algorithms, developers and world-class programmers. From year to year, Russian programming teams win world programming championships among universities. The works of national algorithms are constantly cited in the world's leading journals. Russian mathematicians are constantly among the applicants for the Fields Prize.
By the way, it is interesting that in the midst of the Snowden scandal, one of the leading American public opinion research organizations, the Pew Internet & American Life Project, conducted a survey who most threatens the confidentiality of personal and corporate information. The results were as follows. 4% are law enforcement agencies, 5% are governments, 11% are other businesses, 28% are advertisers and internet giants, and 33% are hackers. At the same time, according to Wired magazine, perhaps the most popular publication about Internet technologies in America, Russian hackers hold the undoubted palm among hackers.
In other words, the necessary scientific, technological, software and personnel reserve for the accelerated formation of formidable cyber war in Russia is available. The question is how to attract to the cyber war, as well as companies that will be included in the national cyber security program, the most qualified, talented developers, programmers, testers of information security systems, etc. Here it is important not to repeat the situation that exists today in the branches of the military-industrial complex, where, due to low wages, high-quality personnel do not linger and go to various kinds of commercial developments, often with foreign investors.
The world has developed three main areas for recruiting the best programmers into government programs related to cyber warfare. Best known is the experience of the United States. It is based on a sort of three pillars. First, DARPA annually holds a lot of contests, events, round tables for the programming community, where the most talented young people are suitable for the Pentagon and intelligence tasks. Secondly, almost all of the leading IT companies in the United States are associated with the military intelligence community and programmers from the relevant departments of private companies, many of which are not even Pentagon contractors in their daily activities are engaged in developing programs in the field of cyber weapons. Thirdly, the NSA interacts directly with leading American universities, as well as without fail is present at all national hacker conferences and draws footage from there.
The Chinese approach is based on strict state discipline and the leadership role of the CPC in addressing key personnel issues of the Chinese armed forces. In fact, for a Chinese programmer or developer, work on cyber weapons is a manifestation of duty, a key characteristic of the behavioral patterns of the Chinese civilization tradition.
As for Europe, there is an emphasis on support in the majority of EU countries of the movement of so-called “ethical hackers”, i.e. developers and programmers who are not engaged in illegal actions, but specialize in cooperation with the commercial sector in terms of detecting information vulnerabilities and security forces, in creating cyber weapons.
It seems that in Russia it is possible in one way or another to use elements of the American, European, and Chinese experience. At the same time, it is quite obvious that the main thing should be the understanding on the part of the state that in the field of digital wars, it is the human factor that is decisive in the development and use of defensive and offensive cyber weapons.
In this regard, the initiative to create scientific companies, direct state support of start-ups related to the development of programs in the field of information security, penetration testing, etc. should be developed in every way. It is necessary, of course, to conduct a thorough inventory of the developments already existing in Russia today, which with a certain upgrade could become powerful cyber weapons. Such an inventory is necessary because, due to serious flaws and corruption in conducting public tenders, the overwhelming majority of small companies and talented programmers are, in fact, cut off from this task and are not claimed by security forces.
It is clear that the state, paradoxically, it is necessary to turn to face hackers.
Along with the possible tightening of criminal penalties for computer crimes, the state should provide an opportunity for hackers to use their abilities and skills in public benefit activities and, above all, in the development of cyber-defensive and cyber-offensive weapons, testing networks for malicious infiltration. It may be worth discussing the idea of creating a kind of “hacker penalties” where developers, programmers and testers who had certain offenses in Russia or abroad could atone for their guilt by deed.
And, of course, it should be remembered that perhaps the most popular professions in the world today are developers, programmers, specialists in Big Data, etc. Their wages are growing rapidly in our country and abroad. According to independent estimates by American and Russian experts, up to 20, thousands of Russian programmers are currently working in the United States. Therefore, bearing in mind that in cyber warriors the key link is a developer, a programmer, a patriotic hacker, you don’t need to spare money to pay for them and the social package, just as you didn’t save money on salaries and living conditions of scientists and engineers when developing a Soviet atomic project .
Defensive and offensive cyber weapons are one of the few areas where Russia is highly competitive in the world arena and can quickly create software tools that can not only significantly increase the level of security of their own critical networks and facilities, but also at the expense of offensive capabilities restrain any potential cyber aggressive.
For Russia, cyber weapons is a real and serious chance of an asymmetric response to the high-precision arms race unleashed in the world and one of the key elements of sufficient national security.
Information