FSB's Cyber Silver Bullet
President Vladimir Putin recently ordered the Federal Security Service to create a system to allow the state to detect, prevent and disable cyberattacks in Russia and at diplomatic stations abroad. It is an ambitious goal and one that the FSB is well-equipped to tackle with the help of its Information Security Center and Communications Security Center. But the FSB might very well go beyond its immediate mandate to neutralize hacker attacks against Russia and expand its cyberspace presence among members of the Commonwealth of Independent States, or CIS, perhaps even gaining access to information on hacker attacks waged around the world.
Following the Arab Spring, the Kremlin ordered the FSB to create a unified system for protecting the cyberspace of the CIS, and the agency has struggled unsuccessfully for two years to comply. A possible solution came during a CIS summit in Minsk in 2009, when Moldovan intelligence officers suggested the creation of an agency along the lines of Computer Emergency Response Teams, or CERT. The idea was approved, but it proved problematic in implementation because, as it turned out, Russia still did not have such a center in place.
As the years passed, CIS leaders continued to emphasize the vital importance of creating such a center to protect cyberspace, with the last such appeal made at the CIS summit in Yalta in September. Meanwhile, Moscow promoted its own interests, and Russia's PVTI Research Institute became the main organization in the CIS dealing with information security. But according to a source at the institute, the task of creating a single agency that would protect the cyberspace of the entire CIS was postponed, owing to the lack of CERT-type organization.
Last summer, however, the Security Council published a document calling for the creation of a situational center and a unified state system for the detection and prevention of computer attacks. In June, the FSB initiated the Computer Security Incident Response Team. Exactly which computer attacks the FSB had in mind became clear the same month, when the agency accused a 19-year-old student in Krasnoyarsk of attacking the websites of the government and president last May after watching a video posted by the global "hactivist" group Anonymous.
But the new structure operating under the auspices of the FSB is unable to take on the function of a national CERT agency. It was founded by the FSB center to protect government websites from attacks, not the entire Russian cyberspace.
In a Jan. 15 decree, Putin ordered the FSB to create a system that would protect not only state information resources but also "other information systems." In addition, the FSB was instructed to establish an exchange of information with "authorized agencies of foreign states and international organizations." This apparently means that it should collaborate with the CERTs in other countries.
In fact, a national CERT would provide more than a structure under Russian control to protect the cyberspace of the CIS. Vladislav Shushin, information security adviser to the Collective Security Treaty Organization —or CSTO, a Kremlin-loyal military alliance of six CIS countries — said that "the CSTO member states consider information security from the standpoint of protecting national interests. This includes protection of not only technical equipment, such as computer networks and so on, but also the political and ideological sphere — that is, combating the wrongful use of information technologies to destabilize the political situation."
A national CERT would give Russia access to the exchange of information about hacking attacks that analogous centers in the West have been collecting since the first CERT was founded at Carnegie Mellon University in 1988. In practice, this would provide the FSB with information about computer incidents that have occurred all over the world.
While an increasing number of activists inspired by the Arab Spring, Wikileaks and the hactivist group Anonymous shift their protest activity to the Internet, the FSB, with its unimpressive track record online, will gain access to information that the world's most advanced intelligence agencies have compiled on high-tech abuses in cyberspace.