Important: information relating to the situation in Russia, Belarus and Ukraine.
In response to the evolving geopolitical situation in Ukraine, many SSL certification authorities are suspending the issuance and reissuance of all types of certificates affiliated with Russia and Belarus.
This includes suspending issuance and reissuance of certificates to TLDs related to Russia and Belarus, including .ru, .su, .by, .рф, as well as to organizations with addresses in Russia or Belarus. We will keep you informed as soon as the situation returns to normal.
Also, we observe a significant increase in phishing attacks. We advise you to be extra vigilant, especially when it comes to new domain name registrations using your trademarks.
Nameshield remains of course at your disposal to accompany and advise you in this complex context.
In a previous article of Lucie Loos dated of the 21st of last February, the study by the Duma, the lower Chamber of the Russian Parliament, of a draft legislation with the aim to create a “sovereign Internet” in Russia was mentioned. With this law, the country would be able to function in total independence if Russia was cut from the major global servers, by creating Russia’s internal DNS system, which would ensure the link between web address and IP address of the corresponding web servers, without relying on the root servers of the global Internet.
On Wednesday, the 1st
of May 2019, Vladimir Putin signed a bill to create Russia’s “Sovereign
Internet” into law, its entry into force is planned for November 2019.
Sovereign Internet: IT security or control of Internet?
The bill thus plans to create an “infrastructure
allowing to ensure the functioning of the Russian Internet resources in case of
the impossibility for the Russian operators to connect to the foreign sources
Internet servers”.
The Russian Internet service providers will
have to implement technical means allowing a “centralized control of the
traffic” on their networks in order to face potential cyberattacks from foreign
powerful countries. A control that will be done by Roskomnadzor, the agency in
charge of the monitoring of the Russian Telecom and Medias, which has been often
accused of arbitrarily blocking web content, and by the Russian Federal
Security Service (FSB).
Officially, the “sovereign Internet” was
created for the purpose of IT security, but according to many experts, this
might be an excuse. This bill is criticized and deemed by many militants as an
attempt to control web contents and progressively isolate the Russian Internet
in an environment of increasing pressure from the authorities regarding the
freedom of expression on Internet.
Many rallies against this bill were organized in Moscow and gathered thousands of Russians last March. Several weeks later, in a joint statement, many international human rights and freedom of expression organizations, of which Reporters without borders and Human Rights Watch, had called on Vladimir Putin not to sign the bill that is “against Moscow’s international commitments in terms of respect for Human rights and particularly poses a threat to media freedom and the rights to freedom of information for people in Russia”. Despite this, the Russian president chose to ignore it and thus the bill was signed on the 1st of May 2019, and will enter into force starting this coming November.
On February 13, 2019, the Duma (lower Chamber of the Russian Parliament)
has begun to study a draft legislation with the aim to create a “sovereign
Internet” in Russia, meaning an ability to function in total independence if
Russia was cut from the major global servers. To achieve this, it will be
necessary to create an “infrastructure allowing to ensure the functioning of
the Russian Internet resources in case of the impossibility for the Russian
operators to connect to the foreign sources Internet servers”.
The Internet providers will have to implement systems allowing a
“centralized control of the traffic” on their networks.
The measures proposed would allow the Russian Internet (RuNet) to ensure
that the Russian part of the Internet functions efficiently. In other words,
the test will allow Russia to ensure that its domestic networks can operate in
full autonomy.
A response to the penalty threats?
If Russia talks about an assurance for a maintained
local availability, particularly in case of a large-scale cyberattack, this
draft legislation is also and clearly presented as a response to the
“aggressive nature of the new American cybersecurity strategy adopted in
September 2018” [mentioning Russia as a threat]. Indeed, Russia is the object
of many accusations regarding cyberattacks and cyber espionage (disruptions of
the American presidential elections in 2016 -exhortation of Stuart Peach, Chief
of the UK Defence staff in NATO, to take measures against Russia in December
2017, after the Russian submarines were detected near the Atlantic submarine
cables, which carry the communications between Europe and the USA – in January
2018, the Minister of UK Defence, Gavin Williamson, also accuses Russia of
spying the critical infrastructure of his country with the aim to create a “total
chaos” which could “result in thousands and thousands of deaths”, etc). NATO
and its allies have then threatened to punish Russia for these cyberattacks.
It’s in this context that Russia is planning a
full-scale test of disconnection of the global Internet network.
A full-scale test
For several years, this test has been prepared
by Russian authorities, who planned a DNS local backup (tested in 2014 and in
2018).
Indeed, the law plans the creation of Russia’s
internal DNS system, which would ensure the link between web address and IP
address of the corresponding web servers, without resting on the root servers
of the global Internet.
Validated by president Poutine, the draft
legislation has all its chances to be quickly adopted despite the reluctance of
some branches of the government because of the potential expenses entailed. On
the Russian Internet providers’ side, they seem to agree with the draft
legislation, as mentioned in the Russian press, but to this date, they do not
validate its technical implementation, which could create important
disturbances and other traffic disruptions in Russia.
Of course, it is easy to see that this
experience will simultaneously test the Internet providers‘ ability to direct
data towards routing points controlled by the Russian government, since a
filter would be implemented to stop the flow of data towards foreign servers.
Would Russia move towards a system of traffic
filtering, beyond ensuring a national intranet that maintains an operational
connection inside the borders even in case of a massive cyberattack? It is reminiscent
of the significant Chinese firewall (Internet monitoring and censorship project
managed by the Ministry of Public Security of the People’s Republic of China,
initiated in 1998 and of which activities began in November 2003).
The Russian test could happen on the 1st of
April 2019. To be
continued.
Nameshield uses cookies
Nameshield wishes to use cookies to ensure the proper functioning of the site and, with our partners, to measure its audience🍪.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
