Inside Cyber Warfare

Jeffrey Carr

Part 24

Report Chapter

Russian Government Policy

The first Russian National Security Blueprint issued under President Yeltsin in December 1997 placed little emphasis on information warfare. Prime Minister Vladimir Putin chaired a fall 1999 series of Russian Security Council meetings to revise the doc.u.ment. The new National Security Concept, issued under President Putin in January 2000, pointed to "information warfare" and the disruptive threat to information, telecommunications, and data-storage systems. The new Military Doctrine issued in July 2000 discussed hostile information operations conducted through either technical or psychological means.[76]

In September 2000 the Security Council issued the first Russian Federation Information Security Doctrine.[77] The 46-page doc.u.ment provided the first authoritative summary of the Russian government's views on information security in the public, government, and military sectors. The doc.u.ment also provided the strategic plan for future legal, organizational, and economic developments. The Security Council's Department of Information Security,[78] one of seven Security Council Departments, drafted the doc.u.ment. Since September 2000, the Security Council has published additional supporting doc.u.ments identifying research areas and Russia's transition to an "Information Society." The most recent presidential decree in May 2011 augmented the Security Council's Interdepartmental Commission on Information Security's capability to coordinate government action. As a body, these doc.u.ments show a coherent government response to perceived information security threats.[79] Changes in government and military structures and procedures show the plan is being implemented aggressively.

New Laws and Amendments

The Information Security Doctrine stated that existing Russian law did not address Russia's information security needs. As a result, the government pa.s.sed a series of laws, and amendments to existing laws, addressing these deficiencies. However, certain laws also support information operations directed against perceived threats. For example, in 2009, amendments to Federal Law No. 149-FZ-On Information, Information Technologies, and Information Protection-mandated national identification numbers for Internet registration. The amendments also required that Russian operators provide authorities with registration information and other data needed for an investigation. The Russian press saw this as a threat to Internet freedom because the government could quickly identify who posted critical comments on a social media site.

At the same time, Federal Law No. 152-FZ, On Personal Data, prohibits Russian operators from releasing data to an "authority of a foreign state, a person or ent.i.ty of a foreign state," except under several limited and unlikely circ.u.mstances.[80] As a result, the law effectively prohibits Russian operators from pa.s.sing data to foreign law enforcement agencies investigating cyber crimes or Distributed Denial of Service (DDoS) attacks. Inquires must be made from government to government. Thus by controlling the information they choose to release, the Russian government can protect Russian Internet operations from investigations by foreign states.

The amendments to the Russian Federal Security Service (FSB) Law are particularly worrisome. The FSB Law authorizes activities in counterintelligence, combating terrorism, crime, intelligence gathering, border security, and information security. The FSB is responsible for protecting critical infrastructure, including communication networks. Article 15 defines modalities for relations between the FSB and other Russian inst.i.tutions in executing FSB responsibilities. Under Article 15: Public authorities, as well as enterprises, inst.i.tutions, and organizations, are obliged to provide a.s.sistance to the Federal Security Service in carrying out their a.s.signed duties.

Individuals and legal ent.i.ties in Russia providing postal services, telecommunications of all kinds, including systems, data communication, confidential, satellite communications are obliged at the request of the Federal Security Service to include in the extra hardware equipment and software, as well as create other conditions necessary for the operational and technical measures by the Federal Security Service.

In order to meet the challenges of RF, security forces of the Federal Security Service could be a.s.signed to public authorities, enterprises, inst.i.tution, and organizations irrespective of ownership, with the consent of their managers in the manner prescribed by the President of Russia, leaving their military service.

Russian law ensures that significant Internet infrastructure remains under Russian control. Under the provisions of Federal Law No 57-FZ, The Strategic Companies Law, foreign ent.i.ties cannot acquire a controlling interest in a strategic company without prior approval from the Russian government. Through provisions specifying which ent.i.ties can perform data-encryption services, the law covers the telecommunications sector directly and the Internet sector indirectly.

The Russian government controls the critical Russian Internet structure. The Russian fiber optic network, which is owned by national and regional communications companies that are Russian Railways subsidiaries, is normally routed along railroad right of ways. Russian Railways is the state-owned company run by Vladimir Yakunin, a former KGB officer who is in Putin's St. Petersburg circle.

The primary organization overseeing Russian Internet development is the Russian Inst.i.tute for Public Networks (RIPN/RosNIIROS). According to its website (, RIPN was started in 1992 as a nonprofit organization by the Russian State Committee for Science and Education and Kurchatov's Inst.i.tute of Atomic Energy. RIPN founded another nonprofit, the Moscow Internet Exchange (full name: ANO TSVKS MSK-IX), in 2001.

According to its website (, MSK-IX provides vendor-neutral Internet infrastructure. However, MSK-IX's website shows that customers sign two contracts: one for ANO TSVKS MSK-IX basic services and one for technical connection to the Internet. The technical connection contract states that MSK-IX's M9 facility is located at a facility owned by Open Joint Stock Company MMTS-9 (OAO MMTS-9) at Butlerova 7. OAO MMTS-9 is a subsidiary of Russia's nationally owned telecom company Rostelecom. Essentially, this means that the Russian government ultimately controls the Internet connections.

Government Structures

A March 2011 article in Finansovaya Gazeta, a publication of the Russian Finance Ministry, provided a tutorial on the top-level structure of Russia's "Comprehensive Information Protection System (KSZI)." (See Figure 15-1.) According to the article, the KSZI starts with two organizations: the Federal Service for Technical and Export Control (FSTEC[81]), subordinate to the Ministry of Defense, and the Federal Security Service (FSB), subordinate to the Russian president. The FSTEC certifies technical equipment and issues licenses to both private and government organizations for work with cla.s.sified information. The FSB issues licenses for work with cryptographic material, and it controls the dissemination of cryptographic material, including technical equipment and software. Federal Law No. 40-FZ, On the Federal Security Service, a.s.signs the FSB overall responsibility for protecting Russia's information security and critical infrastructure-including telecommunications and the Internet-placing the FSB above the Ministry of Defense in the KSZI food chain. Indeed, FSB authority over Russia's cryptographic infrastructure is nearly absolute.[82] Even the Russian Academy of Cryptography, a prestigious academic inst.i.tution, is subordinate to the FSB.

Russian Presidential Decree No. 351 identifies one additional organization critical to the Russian Internet, the Federal Security Organization (FSO)[83]-also subordinate to the president. Decree No. 351 tasks the FSO with developing secure Internet connections for the Russian government that deali with cla.s.sified information. The KSZI starts with the Russian Federation Security Council's Information Security Department, a Ministry of Defense body, and two security service components.

Figure 15-1. Russian cyber security structure *

[76] The uncla.s.sified Russian Military Doctrine is accompanied by cla.s.sified annexes with implementation instructions. Russian government and Russian military personnel comment on the uncla.s.sified doc.u.ments; however, references to the cla.s.sified annexes are infrequent. Nevertheless, they led to changes in force structure and training that can be tracked.

[77] The Russian Federation Security Council operates as an operational staff both coordinating and implementing policy through a system of Interdepartmental Commissions. It exercises more authority than the US National Security Council (NSC), which is a policy coordination body.

[78] Career intelligence officer Colonel-General (Ret.) Vladislav Petrovich Sherstyuk has headed the Information Security Department since 1999. Sherstyuk started in the signals intelligence components of the Committee on State Security (KGB). He is a cryptologist by training.

[79] The doctrine's threat definitions, especially technical threats, are similar to those found in US doc.u.ments. However, there are differences. For example, the doctrine repeatedly defines threats posed by "disinformation" and "propaganda" that threaten citizens' "spiritual life" and the Russian government's ability to communicate with domestic and foreign audiences. Foreign ownership of networks and media is defined as a threat. Monopolies-whether foreign or domestic-controlling dissemination of information are defined as threats. The "unlawful use of special techniques influencing the individual, group, and social consciousness" is also perceived as a threat.

[80] For example, the operator could release the data to "protect the life, health and other vital interests of the personal data subject or others if you cannot obtain the written consent of the subject of personal data."

[81] Frequently translated as FSTEK. However, they are the same organization.

[82] Under Russian law, even the Ministry of Defense uses cryptography that the FSB can monitor. The Federal Security Organization (FSO) provides presidential communications using FSB-approved cryptographic technology-however, the FSO maintains the keys.

[83] Depending on the translation source, this can also appear as the Federal Protection Service. They are the same organization.

Russian Ministry of Defense

We now turn to changes in the Russian Ministry of Defense (MOD) driven by the Information Security Doctrine. These changes enhance the MOD's ability to develop IO- relevant technology and rationalize IO force structures.

Administrative Changes

President Putin's Edict No. 1477 in November 2007 mandated changes in the Russian Ministry of Defense. The edict created two new deputy defense ministers. The Deputy for Information and Telecommunications Technologies now handles automated control systems, telecommunications, and information technology. Russian press commentary stated that this transferred responsibilities from the Directorate of Communication Troops and the General Staff's 8th Directorate (Information Security) to a civilian. Press commentary also stated that the General Staff was not pleased. Chief of General Staff Yuri Baluyevsky, his First Deputy, the chief of the Main Operations Directorate, the chairman of the General Staff Military Scientific Committee, and the chief of Armed Forces Communications all left their offices in protest over the diminution of their authority.[84] The first deputy minister was Major General (Reserves) Oleg Eskin, a former FSB officer.

While not stated specifically, the new deputy defense minister's portfolio almost certainly includes IO.

Electronic Warfare Troops

*** You are reading on ***

The decade after the 2000 Information Security Doctrine saw an explosion of IO writing by Russian military officers and defense oriented academics (see the sidebar, Russian Information Technology (IT) Security Training). Some, such as Noncontact Wars by Major General (Ret.) Vladimir Ivanovich Slipchenko, attracted foreign comment.[85] By decade's end, the Russian military was consolidating significant offensive and defensive IO capabilities in the Electronic Warfare (EW) Troops. Indeed, speaking at a conference in February 2008-before the August Russia-Georgia conflict-Deputy Chief of the General Staff Aleksandr Burutin stated that the military, and the security services, were creating appropriate units and conducting training. In an April 2010 Krasnaya Zvezda interview, Chief of Russian Electronic Warfare Troops Colonel Oleg Ivanov stated that the EW Troops had special equipment for operations against information management systems.[86]

Founded in 1960, the 5th TSNIII is the MOD's lead inst.i.tute for EW research. The 5th TSNIII has long been listed as an FSTEC-approved certification center for information security. Several official information security publications list the inst.i.tute as author. Russian social media sites and posted resumes include employment at the inst.i.tute and/or Vch 33872.[90]

The postings indicate that the inst.i.tute employs 100 to 1,000 range, or 1,000 to 10,000. An uncla.s.sified article on MOD research inst.i.tutes stated that the 5th TSNIII employs around 2,000 people, with approximately 200 of those personnel possessing PhDs.

The 5th TSNIII probably changed names during the 2010 MOD reorganization. The new name is Federal State Research and Test Center of Electronic Warfare and Evaluation of Low Observables (FSI FGNIITS EW OESZ).[91] The new center is located at the same Voronezh address as the 5th TSNIII, and is listed as an information certification center on the 2011 FSTEC list. For the first time since the late 1990s, the 5th TSNIII no longer appears. The VAIU website lists the new center as a VAIU component. However, while not mentioned specifically, Putin's 2008 Russian government decree reorganizing the military educational system does allow for "subsequent formation of separate structural subunits."[92] The center's location under VAIU might explain the high ratio of staff to students, as mentioned previously.

Voronezh city doc.u.ments and the VAIU website show VAIU's Department of Electronic Warfare and Information Security and the center located at the same Voronezh address. The co-location of an FSTEC information security certification center and VAIU's "hacker" training department is interesting (see the sidebar, ). A 2006 Russian military press article stated that VIRE-now a VAIU component-needed a unified teaching and research center for the quality EW training of personnel from the armed forces, FSB, and Interior Ministry (MVD). The co-location achieves that goal.

Structure of Russian EW (IO) Forces Since 2006, Russian military press has predicted that the EW Troops would become an independent combat arm. In 2010 Military Frontier, a Ukrainian hosted forum on Russian military developments, provided a projected structure for Russian EW Troops composed of military units (Vch) 21882, 77111, 33872, and 96010.

Research shows that Vch 77111 is the MOD Main Center for Computer Security located in the new General Staff building in Moscow (see Figure 15-2). Vch 33872 is the 5th TSNIII and-based on standard Russian military practice-is almost certainly the new research center's unit number. Indeed, the forum accurately projected the name change for Vch 33872 from 5th TSNIII to a new name including "low observables."

Russian doc.u.ments indicate that Vch 21882 is a component of the Federal Communications Agency (FCA) within the Ministry of Defense. According to the 2004 Russian Government Resolution, the Federal Communications Agency, under the Ministry of Communications, is responsible for managing communication, satellite, and broadcast networks.

The resolution also states that FCA manages Russia's entire telecommunications network during emergencies, organizes the certification system for communications, and deconflicts frequency a.s.signments. The FCA doc.u.ments do not list a MOD component. The organization chart, however, shows a Department of Special Communications and Information Protection that probably correspond to Vch 21882. The FCA's authorized strength is 112 (i.e., 112 staff members).

An organization like Vch 21882 is likely necessary to coordinate normal network operations with information operations during "emergencies." Establishing FCA is consistent with objectives set out in the 2000 Information Security Doctrine.

Figure 15-2. Old (bottom) and new (top) General Staff buildings in Moscow

18th Central Research Inst.i.tute of the Russian Defense Ministry (18th CRI MOD)-Military Unit (Vch) 11135

Subordinate to the General Staff's Main Intelligence Directorate (GRU), the 18th CRI is the MOD's main research center for signals intelligence. Originally focused on radio intercept and satellite communications, the 18th CRI also works on wireless devices, and it may have a role in Supervisory Control and Data Acquisition (SCADA) system security.[93] The FSTEC 2011 list on certified information security products lists Vch 11135 as a testing laboratory.[94] Russian press articles state that Vch 11135 developed the first electromagnetically shielded personal computer approved for use by the MOD, FSB, and MVD. The articles state the computer, produced in a Vch 11135 facility, is also used by financial inst.i.tutions. The 18th CRI employed approximately 5,700 people in 2010.

27th Central Research Inst.i.tute of the Russian Defense Ministry (27th CRI MOD)-Military Unit (Vch) 01168

The 27th CRI is the MOD's lead inst.i.tute on information technology and command and control systems. The 27th CRI's full t.i.tle includes the subt.i.tle "Scientific and Research Testing Center Communication Systems," reflecting the 2010 merger with the 16th Central Research and Testing Inst.i.tute (16th TSNIII-Vch 25871) done under Ministry of Defense Order No. 551. The 27th CRI headquarters is in Moscow; the test center is in Mytishchi, northeast of Moscow.

According to an uncla.s.sified history, the 27th CRI was founded in 1954 as the MOD's Computer Center No. 1. As the country's first computer center, the 27th CRI recruited personnel from the military academies and from Russia's most prestigious schools, including Moscow State University (MGU) and the Moscow State Engineering Physics Inst.i.tute (MEPHI). 27th CRI software personnel worked on the Soviet s.p.a.ce program and military missile programs. The 27th also provided support to the GRU. According to General of the Army Aleksandr Starovoytov (a KGB SIGINT officer), Vch 01168 examined ways to use computer networks to spread disinformation.

*** You are reading on ***

Popular Novel