Inside Cyber Warfare - Jeffrey Carr [130]
In order to meet the challenges of RF, security forces of the Federal Security Service could be assigned to public authorities, enterprises, institution, and organizations irrespective of ownership, with the consent of their managers in the manner prescribed by the President of Russia, leaving their military service.
Russian law ensures that significant Internet infrastructure remains under Russian control. Under the provisions of Federal Law No 57-FZ, The Strategic Companies Law, foreign entities cannot acquire a controlling interest in a strategic company without prior approval from the Russian government. Through provisions specifying which entities can perform data-encryption services, the law covers the telecommunications sector directly and the Internet sector indirectly.
The Russian government controls the critical Russian Internet structure. The Russian fiber optic network, which is owned by national and regional communications companies that are Russian Railways subsidiaries, is normally routed along railroad right of ways. Russian Railways is the state-owned company run by Vladimir Yakunin, a former KGB officer who is in Putin’s St. Petersburg circle.
The primary organization overseeing Russian Internet development is the Russian Institute for Public Networks (RIPN/RosNIIROS). According to its website (www.ripn.net), RIPN was started in 1992 as a nonprofit organization by the Russian State Committee for Science and Education and Kurchatov’s Institute of Atomic Energy. RIPN founded another nonprofit, the Moscow Internet Exchange (full name: ANO TSVKS MSK-IX), in 2001.
According to its website (www.msk-ix.ru), MSK-IX provides vendor-neutral Internet infrastructure. However, MSK-IX’s website shows that customers sign two contracts: one for ANO TSVKS MSK-IX basic services and one for technical connection to the Internet. The technical connection contract states that MSK-IX’s M9 facility is located at a facility owned by Open Joint Stock Company MMTS-9 (OAO MMTS-9) at Butlerova 7. OAO MMTS-9 is a subsidiary of Russia’s nationally owned telecom company Rostelecom. Essentially, this means that the Russian government ultimately controls the Internet connections.
Government Structures
A March 2011 article in Finansovaya Gazeta, a publication of the Russian Finance Ministry, provided a tutorial on the top-level structure of Russia’s “Comprehensive Information Protection System (KSZI).” (See Figure 15-1.) According to the article, the KSZI starts with two organizations: the Federal Service for Technical and Export Control (FSTEC[81]), subordinate to the Ministry of Defense, and the Federal Security Service (FSB), subordinate to the Russian president. The FSTEC certifies technical equipment and issues licenses to both private and government organizations for work with classified information. The FSB issues licenses for work with cryptographic material, and it controls the dissemination of cryptographic material, including technical equipment and software. Federal Law No. 40-FZ, On the Federal Security Service, assigns the FSB overall responsibility for protecting Russia’s information security and critical infrastructure—including telecommunications and the Internet—placing the FSB above the Ministry of Defense in the KSZI food chain. Indeed, FSB authority over Russia’s cryptographic infrastructure is nearly absolute.[82] Even the Russian Academy of Cryptography, a prestigious academic institution, is subordinate to the FSB.
Russian Presidential Decree No. 351 identifies one additional organization critical to the Russian Internet, the Federal Security Organization (FSO)[83]—also subordinate to the president. Decree No. 351 tasks the FSO with developing secure Internet connections for the Russian government that deali with classified information. The KSZI starts with the Russian Federation Security Council