President Biden and Russian President Vladimir Putin announced their commitment to future, lower-level cybersecurity discussions after their meeting in Geneva. Biden claimed he pushed Putin to crack down on cybercrime in Russia during a press conference conducted separately from Putin. Yet, just weeks later, over the July 4 weekend, a Russian criminal gang launched a ransomware attack on Kaseya, a managed service provider located in the United States.
Ransomware is currently all over the news. In a phone call with Putin on July 9, Biden urged him to stop recent ransomware assaults from within Russia, and the House Energy and Commerce Committee convened a ransomware hearing on July 20 that sparked more fruitful discussions about government solutions to the problem.
However, when discussing Russia and ransomware in particular, national security and cyber policymakers should not overlook another force shaping the Russian internet security landscape, one that the US and its NATO allies can no longer ignore: Putin’s push for a domestic internet that can be isolated.
Although Western arguments frequently isolate Russian domestic internet policy from the Russian cyber ecosystem, the two are inextricably linked. Fears about US meddling in Russian politics and with Russian interests via the open internet pushed Russia’s so-called domestic internet law, which was enacted in 2019. As Moscow works toward its aim of isolating Russia’s internet from the rest of the world, it’s worth considering what increased internet isolation may mean for cyber operations conducted within Russia — and the Kremlin’s calculations surrounding them.
However, if Beijing’s internet control model is considered as the primary model of digital repression, internet control in Russia is difficult to comprehend. The Kremlin employs a combination of conventional, offline techniques as well as certain technology measures to change behavior, as opposed to its Chinese counterpart. “Intimidation, harassment by security services, court-ordered penalties, and complicated, restricted, and inconsistently enforced speech regulations are all used to influence the internet in Russia and citizens’ relationships with it,” according to the Atlantic Council research.
Increased internet isolation might make the Kremlin feel more protected from external cyber attacks, leading to more aggressive, abroad activities in response. It could also cause the Russian government to increase its involvement with select cyber proxies in some cases, providing necessary infrastructure or other technical capacities to launch operations that require strong and long-term connectivity to the global internet, if isolation became widespread enough.
The White House stated that it does not think the Kremlin was engaged in the ransomware assaults on big American corporations earlier this year, and this might very well be accurate. Putin does not have complete authority over Russia. However, the regime’s dominance over local IT businesses, along with its broader control and coercion of regime-threatening groups, suggests that Putin could tighten down on cybercrime if he so wished.
This interaction must be confronted head-on by the United States and its NATO allies. Russian cyber activities should be linked to Russian internet policy in Washington’s strategic and operational interagency discussions. The Kremlin will not relent in its pursuit of internet isolation. The technological and economic problems the Putin government confronts in pursuing the “sovereign internet” may be putting more pressure on the regime than its broader political strategy.
Russia’s Deputy Foreign Minister recently called for the US and Russia to extend their cyber discussions beyond criminality, presumably to divert attention away from the ransomware problem by bringing in espionage, military cyber operations, and other issues. In the midst of all of these incidents, the US must prioritize a complete examination of Russian cyber strategy if it is to continue confronting cyber threats from within Russia.
