Despite the unfolding cyber arms race and, in fact, the beginning of the passive phase of cyber war, in the long term, a new digital war does not meet the interests of any country in the world and can have unpredictable economic, political, and possibly military consequences for everyone. Therefore, large-scale cyberwar must be avoided.
A cyber world is needed, which is based on digital equality and equal access, rights and responsibilities of all sovereign states in relation to the World Wide Web. It is these principles that are laid down in the "Fundamentals of the State Policy of the Russian Federation in the Field of International Information Security for the Period up to 2020" Other members of such organizations as BRICS, SCO, EurAsEC adhere to similar positions.
Only concerted efforts of the world community, and first of all, close cooperation and interaction of the leading countries in the field of information technology in general and information security, in particular, can prevent the transition from a passive to an active phase of cyber war.
The first necessary step on this path, stipulated by the "Fundamentals of the state policy of the Russian Federation in the field of international information security for the period up to 2020" is the internationalization of Internet governance under the auspices of the UN, ensuring digital equality and sovereignty of all countries.
The transition from today's both de facto and de jure internationally unregulated Internet to a clear and understandable scheme of a single Internet, consisting of the information spaces of sovereign countries, will clearly define not only the rights, but also the responsibility of each country for observing the security of the Internet in general and individual its segments. In practice, this means that a country should be held accountable for acts of cyber aggression that are carried out from or using the country's information space. Naturally, the degree of responsibility should depend on the degree of the country's involvement in provoking or participating in cyber war. At the same time, in the relevant international agreements, according to experts, the possible sanctions and the conditions for their application to the violating country should be clearly spelled out. In conditions when the aggressor can be not only state or private structures, but also non-formalized network formations, the recognition of digital sovereignty means state responsibility for suppressing the activities of such organizations and formations, first of all, by the power structures of the country itself, and, if necessary, and with the consent of the country - with the connection of international assistance.
Changing the structure of Internet governance and the development of relevant international agreements will naturally take some time, but all potential participants in this process must understand that the proliferation of cyber weapons is happening not by years, but literally by months. Accordingly, the risks of cyber war and cyber terrorism are increasing. Therefore, in this case, fast and coordinated work of all interested states is necessary.
Another obvious and possibly unpopular measure to curb the uncontrolled proliferation of cyber weapons and their private development is to tighten control not only over the Internet, but also other networks alternative to the Internet, including the so-called mesh and peer-to-peer networks. Moreover, we are talking not only about the deanonymization of the Internet and users of electronic communications in the broad sense of the word, but also about the expansion of the possibilities of state control over the activities of companies and individuals involved in developments in the field of information security, provided for by national legislation, as well as the development of penetration testing techniques. … Many believe that at the same time national legislation should be tightened in terms of hacker activities, mercenaries in the field of information technology, etc.
In the modern world, the choice between unlimited personal freedom and responsible behavior that fits into a socially safe framework is no longer a topic for discussion and a subject for speculation. If the international community wants to prevent cyber wars, then it is necessary to publicly and openly introduce relevant norms into national and international legislation. These rules should allow for the strengthening of sovereign technical control over behavior, private and commercial activities on the Internet in order to ensure national and international security in cyberspace.
Perhaps, the issue of creating on the basis of the potential of leading countries in the field of information technology, primarily the United States, Russia, China, Great Britain, Japan and other international forces for the early detection and suppression of the threat of cyber war, deserves discussion. The creation of such international forces would make it possible, on the one hand, in an accelerated manner, to mobilize the largely complementary potential of various countries to suppress cyber wars, and on the other hand, willy-nilly, would make their developments more open and, accordingly, less threatening for other participants in the pool, who voluntarily took take on increased responsibility for cyber peace.
Fighting for the cyber world, prepare for new cyber wars
With all the desire for peace, as Russian history shows, the country's security can be ensured only with powerful defensive and offensive cyber weapons.
As you know, in July 2013, RIA Novosti, citing a source in the military department, reported that a separate branch of the military that will deal with cyber threats should appear in the Russian army by the end of 2013.
To successfully solve the problem of the forced creation of cyber troops, Russia has all the necessary prerequisites. It should be remembered that unlike many other industries, Russian information security and vulnerability testing companies are among the world's leaders and sell their products on all continents. Russian hackers have become a world famous brand. The overwhelming majority of the software serving high-frequency trading and the most complex financial transactions on all major stock exchanges in the world was created by Russian programmers and developers. Such examples can be multiplied and multiplied. And they relate, first of all, to the creation of software that requires the highest level of mathematical training and knowledge of the most complex programming languages.
Unlike many other areas of science and technology in Russia, scientific schools in mathematics, computer science and programming, over the past 20 years, not only have not suffered damage, but have also significantly developed, have come to a leading position in the world. Such Russian universities as Moscow Institute of Physics and Technology (GU), Moscow State University. Lomonosov, MSTU im. Bauman, NRNU MEPhI, St. Petersburg State University, Ulyanovsk State Technical University, Kazan State University, etc. are recognized training centers for world-class algorithms, developers and programmers. From year to year, Russian teams of programmers win the world university programming championships. The works of Russian algorithms are constantly cited in leading world journals. Russian mathematicians are constantly nominated for the Fields Prize.
By the way, it is interesting that in the midst of the Snowden scandal, one of the leading American public opinion research organizations, the Pew Internet & American Life Project, conducted a survey who most threatens the confidentiality of personal and corporate information. The results were as follows. 4% are law enforcement agencies, 5% are governments, 11% are other businesses, 28% are advertisers and internet giants, and 33% are hackers. At the same time, according to Wired magazine, perhaps the most popular publication about Internet technologies in America, Russian hackers hold the undoubted palm among hackers.
In other words, Russia has the necessary scientific, technological, software and personnel reserve for the accelerated formation of formidable cyber troops. The question is how to attract the most qualified, talented developers, programmers, testers of information security systems, etc. to the cyber troops, as well as the companies that will be included in the national cyber security program. It is important here not to repeat the situation that is taking place today in the branches of the military-industrial complex, where, due to low salaries, high-quality personnel do not linger and go into various kinds of commercial developments, often with foreign investors.
In the world, there are three main directions of recruiting the best programmers in government programs related to cyberwar. The experience of the United States is best known. It is based on a kind of three whales. First, every year DARPA holds many competitions, events, round tables for the programming community, where the selection of the most talented young people suitable for the tasks of the Pentagon and intelligence is taking place. Secondly, almost all the leading IT companies in the United States are associated with the military-intelligence community and the programmers of the corresponding divisions of private companies, many of whom are not even Pentagon contractors in their daily activities are engaged in the development of programs in the field of cyber weapons. Third, the NSA directly interacts with leading American universities, and is also required to attend all nationwide hacker conferences and draws personnel from there.
The Chinese approach is based on strict state discipline and the CCP's leadership in addressing key personnel issues for the Chinese military. In fact, for a Chinese programmer or developer, working on cyber weapons is a manifestation of duty, a key characteristic of the behavioral patterns of the Chinese civilizational tradition.
As for Europe, the emphasis is placed on the support in most EU countries of the movement of the so-called "ethical hackers", ie. developers and programmers who do not engage in illegal actions, but specialize in cooperation with the commercial sector in terms of detecting information vulnerabilities and law enforcement agencies in terms of creating cyber weapons.
It seems that in Russia it is possible to use, to one degree or another, elements of the American, European, and Chinese experience. At the same time, it is quite obvious that the main thing should be the understanding on the part of the state that in the field of digital wars it is the human factor that is decisive in the development and use of defensive and offensive cyber weapons.
In this regard, the initiative to create scientific companies, direct government support for startups related to the development of programs in the field of information security, penetration testing, etc. should be developed in every possible way. It is, of course, necessary to conduct a thorough inventory of the developments already available in Russia, which, with a certain upgrade, could become powerful cyber weapons. Such an inventory is necessary because, due to serious shortcomings and corruption in government tenders, the vast majority of small companies and talented programmers, in fact, are cut off from this task and are not in demand by law enforcement agencies.
It is clear that the state, paradoxical as it may seem, needs to turn its face to hackers.
Along with the possible toughening of criminal penalties for computer crimes, the state should provide an opportunity for hackers to apply their abilities and skills in socially useful activities and, above all, in the development of cyber-defensive and cyber-offensive weapons, testing networks for malicious penetration. Perhaps the idea of creating a kind of "hacker penal battalions" is worth discussing, where developers, programmers and testers who have committed various offenses in Russia or abroad could redeem themselves in deed.
And, of course, it should be remembered that perhaps the most demanded professions in the world today are developers, programmers, Big Data specialists, etc. Their salaries are growing rapidly both in our country and abroad. According to independent estimates of American and Russian experts, up to 20 thousand Russian programmers are now working in the United States. Therefore, keeping in mind that the key link in the cyber troops is a developer, programmer, patriotic hacker, you should not spare money to pay for them and a social package, just as you did not save money on salaries and living conditions of scientists and engineers in their time when developing a Soviet atomic project …
Defensive and offensive cyber weapons are one of the few areas where Russia is highly competitive on the world stage and can quickly create software that can not only significantly increase the security level of its own critical networks and facilities, but also through offensive capabilities to deter any potential cyber attacker.
Cyber weapons for Russia are a real and serious chance of an asymmetric response to the high-precision arms race unleashed in the world and one of the key elements of sufficient national security.