Russia’s cyber blindspot: Vulnerabilities and measures

Russia’s cyber blindspot: Vulnerabilities and measures

Russian officials have announced plans to disconnect the nation from the wider internet to protect against cyber-attacks. Frequently depicted as a cyber aggressor, Russia suffers from numerous significant weaknesses in its own approach with cyber-attacks. This article covers Russia’s past vulnerabilities to major cyber attacks and how these measures would be deficient in currently preventing one.


In February, Russian officials declared that the country would conduct a test to “unplug” itself from the global internet by April 1st. By this, Russia will not completely cut its citizens’ access to the web. Instead, it would route all data between Russian firms and citizens away from international servers towards only domestic ones. Under the draft law, known as the Digital Economy National Program, Internet Service Providers (ISPs) must be capable of servicing domestic users during a shutdown. The process is an internal safeguard. Officials may implement this in the event of any foreign attempts to take the country offline through a cyber-attack.  

On the surface, the draft law is another step in the Kremlin’s attempts to exert greater control. The focus is over internet traffic within Russian territory. This follows other efforts to censor internet content and force companies to erect data centres for Russian users. However, this exercise may also mask another reality for Russian officials: their ill-preparedness for a major cyber-attack.

Vulnerabilities exposed

Russia has a well-documented record of conducting cyber-attacks. This does not lend to the impression of being deficient in its own cybersecurity, which can be surprising. Even so, Russia has recently fallen victim rather often due to numerous events. These have exposed the vulnerability of its citizens and systems to attacks from cyber-space.

The 2017 WannaCry outbreak significantly impacted Russia. The ransomware infected thousands of corporate and government networks. These include those at the Ministry of Interior, whose remit includes protection from cyber-crimes.

Later that year, another ransomware worm called NotPetya appeared and spread globally. Networks infected included those belonging to natural gas giant Rosneft. The irony of this particular attack is that many speculated that the Russian government itself was responsible for launching NotPetya. The attack targeted Ukrainian institutions on the national holiday Constitution Day, only to see its own systems knocked offline.

The latest episode for Russia was the revelation that the United States military’s Cyber Command conducted operations on Russian disinformation proliferators. The purpose was to debilitate and deter these “trolls” associated with the St. Petersburg-based Internet Research Agency (IRA). The agency was called out as part of special counsel Robert Mueller’s investigation. This involved questions over Russian interference in the 2016 US presidential election.

A day after the report, Press Secretary Dmitriy Peskov implied that these attacks, as well as others he attributes origin to the West, played a part in drafting the Digital Economy National Program. That alone speaks to Kremlin’s fears. Russian cyber-defences, then, might be inadequate in the face of a foreign cyber actor targeting its most critical systems.

Russia’s domestic shortcomings

Creating its own corner of the Internet has long played into Russian advocacy for “sovereign democracy” in cyberspace. However, simply severing its connection to the wider web is not enough. It is more of a blunt measure for achieving security than a comprehensive solution to Russia’s poor cyber-security. Taking this approach may, to an extent, limit the ability of foreign hackers to harm important networks. On the other hand, it does nothing to prevent domestic cyber-attacks against businesses or citizens.

This insecurity is not lost on Russian citizens or businesses. Russia’s criminal underground is widely regarded for its sophistication in terms of malware creation and use. Moreover, special services have at times co-opted them against their enemies. Russian businesses, however, often find themselves victim to serious hacks. This also leads to annual losses, estimated to be worth billions in rubles. Sberbank, for instance, is one of Russia’s largest lenders. The company estimates that last year alone Russian firms saw 600 billion rubles lost to cyber-crime. Additionally, a large distributed denial of service (DDoS) operation in 2016 disrupted access to a number of financial institutions.

Why firms and citizens remain vulnerable has to do with a dearth of resources to improve their cyber-security. At the same time, this also concerns the amount of pirated software present within the country. Russia, since the Soviet era, has long made use of pirated software. This is because original copies were harder to acquire during the Cold War and more expensive in the present. While Russia today has signed onto international agreements that protect intellectual property rights, estimates from industry groups place the number of pirated programs that make up the Russian software market at 62%. This is almost double the global average.

What the data tells us

A survey of Russian companies by the firm Ernst & Young highlighted this problem. It found that 98% of participants did not think their organizations were adequately addressing their cyber-security weaknesses. Another 71% believed their resources for the task were lacking. Many cover up being a victim to avoid losing the trust of their customers, who in large part fear for the security of their online information.

The inherent insecurity of relying so heavily on pirated software has serious security implications for users. A timely patch Microsoft recently released mitigated WannaCry to protect users. The patch involved using a Windows exploit with American NSA stolen data. With pirated software, the patch was not readily available. This explains in part how it was a struggle to recover data from computers belonging to government ministries.

Attempts to address some of these structural weaknesses have been implemented, including regulations passed by the Central Bank. These regulations seek to encourage financial institutions to have their programs certified. They would also alert authorities in real time when their systems are compromised. New laws were also put in place to make it easier for authorities to shut down websites incorporating pirated content. As a result, the laws have banned these from further operation.

An international pariah

While Russia works extensively to build itself a fortress against perceived online security threats, it does so largely alone. Many nations in the West cooperate extensively in sharing intelligence. The focus is often related to cyber-criminal and nation-state cyber-attacks to enhance their security.

From concerted take-downs of criminal botnets to responding to a Russian GRU-supported hacking of the Organization for the Prohibition of Chemical Weapons (OPCW), Russia’s adversaries work together to secure their own sections of cyber-space.

Russia has found itself increasingly isolated from confronting cyber-threats. This is a product of its aggressive actions in Ukraine and accusations of meddling in Western elections through cyber methods.

Furthermore, Russian private firms, such as Kaspersky Labs and Group I.B have long worked together with international security services. Even so, a consequence of Russian cyber-activities in the West is that they have been painted as security threats themselves. Russian government agencies are also viewed suspiciously because of a belief that they are more likely to co-opt a suspect and obstruct investigations than aid in their completion. Even Russian police agencies may find themselves impeded by the double-game played by their intelligence counterparts. The latter is known to protect prolific hackers that will work for them. Consequently, they choose not to hand them over to other authorities.

Preparing for the worst

Russia remains a significant player with experience and sophistication in its cyber operations. Nevertheless, this does not disguise its own weaknesses in the domain. It is unlikely that Russian authorities will shake off their conspiratorial beliefs about the internet’s threat to stability. This includes choosing the hard measure’s approach, such as preparing for internet shutdowns or creating their own worldwide web corner.

Even as it seeks these measures to improve security, they will fail to address more deep-rooted structural weaknesses. These ultimately may hamper the country. Left unaddressed, weaknesses leave Russia’s citizens and systems still very exposed to cyber-attacks that can cause massive damage. History has already shown this is very likely.

About Author

Nicholas Morgan

Nicholas is a Masters student in Russian and Post-Soviet Politics at University College London (UCL) where he focuses on Russian foreign and security policies with a particular focus on its cyberwarfare elements. He also researches Turkish politics, terrorism, and intelligence agencies as well. Beyond international politics, he has written on technology topics for an independent online media site.