The world may soon see something unprecedented when it comes to our interconnected, Internet-driven daily life. One country, Russia, will attempt to "turn off" its Internet, scheduled to happen in the very near future.
For context, last December, the Russian parliament passed a law which it said was aimed at ensuring the independence of the Russian Internet (Runet), and reportedly are planning an experiment to disconnect the country from the global Internet at some point before the 1st of April. It is still not clear if this will happen, but the goal is to test the feasibility of such an operation and suggest potential policy ramifications to the country's authorities.
The Reasons Behind Russia's Concerns
Of course, the Internet is one of the most important inventions of the 20th century, allowing people from all over the world to freely share information and knowledge. However, the Internet has roots in the US government, and as a result, many critical resources that power the Internet, as we know it, are controlled by US-based organizations and are subject to US jurisdiction. Among these are some of the world's largest DNS providers, ISPs and public cloud providers. Furthermore, all social media platforms and a majority of the biggest technology companies including Apple, Microsoft and Amazon, are headquartered in the US. This is a big concern for Russian authorities, but it's not clear if they view it as a strategic weakness or if they're aiming to contain the economic powers of US tech giants within the Russian digital economy.
Key Challenges and Possible Scenarios
Disconnecting a country from the Internet is not easy, as the seamless operation of the Internet around the world is ensured by complex IT structures and also governance. One of its most critical parts is the Domain Name System (DNS).
DNS is a highly-important global service provided by hundreds of companies around the world. Still, while every country has multiple domain registrants, they all mirror a common global database that establishes the directory of the Internet. If Russia isolates itself from the Internet, it will need to replicate the whole system within the boundaries of the country. Unconfirmed reports previously stated that Russia was developing a plan for a backup DNS system since 2014, which makes this part of the experiment partly feasible.
Also, an important point to make is that there are multiple points of interconnection between Russian Internet Service Providers (ISPs) and ISPs around the globe. On some occasions the interconnections have peering relationships, meaning traffic is going through Russia to other countries, while part of traffic remains in the country.
In order to actually turn off the Internet in the country, there are two approaches available to Russia.
Firstly, it would have to switch off all Internet circuits going in and out of the country. This seems like the most rational option, however, it will require coordinating major changes across every ISP in Russia. If not performed correctly, the Internet will divert traffic to the circuits that failed to switch off, overloading those paths and the ISPs altogether.
The second approach would be filtering the Border Gateway Protocol (BGP) route announcements whether they're accepted or not by Russian ISPs. This would create a fragmented view of the Internet, allowing traffic to continue flowing to other countries through Russia. However, this is a high-risk scenario as BGB changes are difficult to coordinate, and one misconfiguration can ruin the whole system. Contractual agreements require ISPs to interconnect certain locations around the world, and violation can lead to suspension, expanding Internet outages beyond Russia's borders.
Finally, one of the biggest issues is the global software ecosystem, which is now primarily hosted in the cloud. Besides consumer-oriented services such as Google and Facebook, public cloud also hosts enterprise applications such as Office 365 and Salesforce. All of these services rely on an extremely complex mixture of back-end services that are almost impossible to entirely localize. In 2015, when Russian authorities passed a law requiring SaaS providers to keep data of Russian citizens inside the country, only a few companies complied with the regulation, despite this, the government took no action for those who didn't provide this information.
Is Full Internet Isolation Really Possible?
The simple fact is that Russia is heavily integrated into the global Internet ecosystem. Critical components of the Russian economy, from financial services to SaaS applications are relying on interconnections outside of Russia and disconnecting them will have a serious economic impact.
While replicating critical services such as DNS may be an achievable task, recreating public cloud and SaaS services in the country is nearly impossible, as this would require close cooperation with hundreds of companies - from tech giants to startups. Interrupting all transit and peering relationships between ISPs would require enormous coordination, however, it won't guarantee isolation from the global Internet, as Russian users still will be able to find gateways via mobile hotspots with help from international roaming agreements.
China has successfully isolated itself from the global internet a long time ago, however, two key factors made the situation completely different from a possible Russian scenario. Firstly, two state-run monopolies control all telecommunications within China. When Chinese authorities decided to censor the Internet, the state-run telecom companies compiled by building the largest traffic filtering infrastructure on the planet.
Secondly, the policy was created in the early days of the Internet, allowing the country's own Internet ecosystem to grow organically. Russia's Internet was integrated with the global Internet from the beginning, and with the complexity of this integration - it will be very difficult, if not impossible to separate.
With the great disconnect due to take place soon, it will be interesting to see how successful this unprecedented experiment goes for the Russian state, and if other countries may follow suit.
A vast majority of organizations are still unprepared to properly respond to cybersecurity incidents, with 77% of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise, according to The 2019 Study on the Cyber Resilient Organization, a study conducted by the Ponemon Institute on behalf of IBM ...
People and businesses today make mistakes similar to Troy, when they get too enamored by the latest, flashiest technology. These modern Trojan Horses work through their ability to "wow" us. Cybercriminals find IoT devices an easy target because they are the cool new technology on the block ...
Software security flaws cause the majority of product vulnerabilities, according to the 2019 Security Report from Ixia's Application and Threat Intelligence (ATI) Research Center ...
The majority of organizations (nearly 70 percent) do not prioritize the protection of the applications that their business depend on — such as ERP and CRM systems — any differently than how low-value data, applications or services are secured, according to a new survey from CyberArk ...
While 97 percent of organizations are currently undertaking or planning to undertake digital transformation initiatives, integration challenges are hindering efforts for 84 percent of organizations, according to the 2019 Connectivity Benchmark Report from MuleSoft ...