In the wake of the Snowden Affair, the Russian government should be taking steps to support the development of the nation’s growing IT industry.
Yevgeny Kaspersky, head of the Kaspersky's Laboratory company, and Russian then-President Dmitry Medvedev (right) attending the Russian Internet Forum 2008 in the Moscow Region. Source: RIA Novosti / Mikhail Klimentyev
It is impossible to ensure information security at the state and international levels without involving business. The recent disclosures by former CIA agent Edward Snowden revealed the extensive involvement of business – including global technology companies such as Apple, Facebook and Microsoft – in the work of the special services to provide security and support for the U.S. leadership in the information arena.
As Dmitry Rogozin noted, Snowden’s statements reinforced Russia’s conviction of the need to strengthen information security and to develop Russia’s IT business.
Many countries have made it a priority to cooperate with the domestic IT industry for the purposes of ensuring security, including the United States, China and some countries in Latin America. Curiously, public-private partnership in this area also exists at the international level.
Thus the International Telecommunication Union – a specialized UN agency – operates the IMPACT program, the aim of which is to ensure information security in the cooperation between states and business. Russia’s involvement in the program includes not just government agencies, but also Group IB and Kaspersky Lab.
Russia measures information security under two headings: technical and socio-humanitarian. The first is to do with ensuring the security of information systems, and the second with ensuring security for political and ideological issues associated with influencing public opinion on the Internet. Business plays a significant role in both areas.
In the technical area, the security of critical information infrastructures supporting the work of nuclear power stations, military agencies, e-government, banking, etc., is of key significance. The vulnerability of infrastructure was confirmed by the successful Stuxnet virus attack on a nuclear power plant in Iran. In the majority of cases, private firms own the critical information infrastructure, while other private companies develop the software that supports them.
The role played by business in the socio-humanitarian area is equally important. In light of recent events associated with the Arab Spring - which the press has called the ‘Twitter revolution’ - the potential to influence public opinion using information communicated via the Internet is becoming especially significant. Social networks, search engines and other such services usually function as private companies.
Business has just as great an interest as governments in cooperating to ensure security in the information area, since it is often the target of cyberattacks itself. In many countries, business has long been successfully involved in implementing a national information security strategy. In the United States, such a model of public-private partnership cooperation is laid down in law. Firms that own critically significant information infrastructure are required to cooperate with government agencies to ensure its security, handing over information about possible vulnerabilities and providing data on how they are addressed.
The proactive programs to ensure security and to strengthen the United States’ soft power, which have been dubbed ‘digital diplomacy’ and rely on the capabilities of U.S.-based Internet companies, are well known. At the same time, information security has become an engine for economic development in the United States – government procurements of IT systems have created the necessary level of security and boosted the IT sector, which in turn has become one of the United States’ main advantages in the international political and economic arena.
The countries that are most vulnerable in the information area are those that are dependent on software, information services and technical devices from abroad. As a rule, they become the objects of information influence and have no opportunity to counter it.
This is behind the drive by a number of states to develop this sector of their economy in order to ensure their information security. The United States is positioned to benefit from this – U.S. Internet companies are the most profitable and most popular among users all over the world.
Chinese companies are gaining in influence, primarily because of the country’s significant population and, consequently, its large number of Internet users. The policy for developing the IT sector of the economy in order to ensure security is, characteristically for China, accompanied by restrictions on foreign companies’ access to the domestic market, which fulfils the objective of both ensuring information security and developing the economy.
In Russia, the Internet sector currently accounts for 2 percent of the country’s GDP, and it is developing rapidly. Individual Russian companies have entered global markets and become leaders in their field, for example, Kaspersky Lab. In recent years, Russian Internet companies have also developed, such as Yandex and Vkontakte, and most of them are multinational in their ownership structure, despite being geared towards markets and users in the CIS countries.
The Snowden Affair shows that the Internet is a dynamic database containing information about all network users and is of enormous political and economic significance. Ensuring information security in cooperation between government and the Internet is also about creating our own database of the users of Russian Internet companies and then protecting it. To do this, it’s important to safeguard the competitiveness of Russian IT businesses on the domestic and foreign markets with the support of the state.
Thus, an important condition for ensuring cybersecurity is to create the right environment for Russian IT business to develop and move into foreign markets. This assumes that strategic government support will be given to the IT sector, including training specialist staff, setting up scientific schools and helping companies to penetrate international markets (such as by staging information and promotional events and helping them to make contacts).
Some steps have already been taken in this direction. Russia has already established the objective of integrating with the global information sector. In order to develop a strong Internet sector, it is important to adopt other nation’s practices and support the cooperation of Russian companies with their foreign counterparts. At the same time, despite the ongoing importance of economic development, we must find the right balance between economic development and national security.
The opinion of the author may not necessarily reflect the position of Russia Direct or its staff.