President of the Association for the Export of Technological Sovereignty, Professor of MGIMO Andrey Bezrukov and journalist Maksim Voropaev discussed how real the threat of a massive attack in cyberspace is, how to defend against it and whether it is possible to create an international Digital Code that would regulate the development and use of cyber weapons, and how to control actions of individual countries in the absence of such a document.
A. Chelyshev
Why can the United States indiscriminately accuse everyone around (Russia and China in the first place) of cyberattacks on its facilities, while not saying a word about those strikes that are being carried out from American territory?
A. Bezrukov
The answer to this question is due to the entire history of the development of the US-Russian (formerly US-Soviet) and US-Chinese military confrontation. During the Cold War, Washington used the Soviet threat to justify the need for new budgetary injections into the defense industry. Today, the largest American software companies can be safely ranked among the defense industry. The very same Google is, in fact, a military corporation, because cyberspace and critical information infrastructure have already become a battlefield. And who controls the critical information infrastructure? .. That's right, the largest American software companies. This means that the arms race in cyberspace will continue. The United States will continue to declare cyber threats from Russia or, for example, China, while keeping silent about its own acts of cyber aggression. Whatever Biden said at a meeting with Vladimir Putin, he will never change American policy in this area.
A. Chelyshev
– Why?
A. Bezrukov
– First, the United States actually believes that it can, if necessary, strike at the information infrastructure of any country. And so powerful that the target country will not recover from it. This means that they really have to create and test cyber weapons. The second reason is, sorry, loot. Any arms race is, first of all, the income of those corporations that are engaged in the development of cyber weapons and artificial intelligence technologies, which, by the way, are developing by leaps and bounds. Both Google and other corporations will be contractors to the Pentagon and will earn trillions of dollars. Nobody wants to give up this money.
A. Chelyshev:
– One often hears from analysts that assertions in the US about the presence of a Russian or Chinese threat, as you rightly noted, are a harbinger of a request for additional budgets for the defense industry. This is not about the war, they say, but about money. In general, there is no need to worry, everything is under international control, there is no danger.
A. Bezrukov:
– In the nuclear sphere, the arms race is actually controlled. First, nuclear weapons exist physically, which means they can be counted. Secondly, no one is going to invest heavily in nuclear weapons now, simply because there is already enough of it, and no change will occur here.
Cyberwar is another matter. It is already in full swing. The means that are capable of destroying critical infrastructure are actively used to penetrate it, that is, for espionage purposes. If you managed to get into the system, then you can either take information from there and leave, or destroy everything there – at the moment when you need it. In addition, there is no yardstick for cyberwar by which we can determine exactly when it starts. All operations are hidden from prying eyes, it is often impossible to determine who exactly struck. Essentially, this is a blindfold war. Where it will lead is no longer possible to assess. This is precisely the destructive nature of cyberwar: it is uncontrollable (at least for now) and that is why it is dangerous.
M. Voropaev:
– I agree that it is impossible to control the conduct of cyber warfare. But trying to do this is necessary. Now there are no laws, no international codes that would somehow control the actions of countries in cyberspace. It all boils down to attempts by individual states to pass laws that would allow the authorities to somehow control international Internet corporations operating in the markets of these countries. At the international level, there is nothing like this yet – but it is necessary. Since there is the Internet and there are no agreements, we will always live with the threat of cyberattacks, which can lead to serious consequences. Just recall the example of Iran, which was subjected to a cyberattack that almost ended in a regional apocalypse with hundreds of thousands of deaths.
A. Chelyshev:
– Moreover, it happened in the early 2010s. That is, already 10 years ago this was possible.
A. Bezrukov:
– Yes, this is the case when the Stuxnet virus was launched into the German equipment installed at the Iranian uranium enrichment plant. As far as I understand, the operation was carried out by specialists from Israel, with the help of Americans and Germans. As a result, Iran's nuclear program has been severely slowed down.
A. Chelyshev
– Actually, Washington did not hide its role in this operation. Then-US Secretary of State Hillary Clinton said in 2011 that the attack would set Iran's nuclear program back several years. Later, this information, as far as I remember, surfaced in several books written by former US intelligence officers. One of them said that the intelligence services of the Netherlands were also involved in the operation.
A. Bezrukov
– Now there are two global coalitions that are trying to build a regulatory system. The first is the Western countries, led by the United States. The second coalition is all other states. The leader of this coalition is Russia. I must say that on the diplomatic front, Moscow has achieved significant success, more and more countries are beginning to share the Russian position on the regulation of cyber threats and the rules of conduct in cyberspace. First of all, China, which is our ally in this area. The West actively dislikes this; it tries to maintain its dominance.
A. Chelyshev:
– Is it possible, in principle, to achieve some kind of balance if the United States clearly has a dominant position and wants to preserve the status quo and control the world information space? Under such conditions, no one will conclude any international codes.
A. Bezrukov:
– You are absolutely right. That is why there is still no solution. Because what is the point of talking about the rules of the game if the United States immediately says that they will not abide by them. Either there are rules for everyone, or there are no rules. The world, unfortunately, is still following the second path. That is why we do not yet have a Digital Code, by analogy with the Marine or Air Code.
A. Chelyshev:
– Is it possible with the help of software to make the actions of one participant, one signatory of this code immediately visible to everyone else? Naturally, this refers to actions that violate this convention. That was, for example, as in the case of a rocket launch. If, relatively speaking, the United States launches an intercontinental ballistic missile, Russia and other countries see it – and can take measures to protect it.
A. Bezrukov:
– Unfortunately, this is not possible now. That is the problem.
A. Chelyshev:
– How then can you try to build a compromise? On the basis of what mutual restrictions?
A. Bezrukov:
– The problem is that mutual restrictions cannot provide an absolute guarantee of non-aggression. First, it is far from always possible to immediately understand where the blow came from. Second, any attack can be thought of as a simple hardware failure.
A. Chelyshev
– But you still need to strive for something …
A. Bezrukov:
“It would be nice if the leading countries pledged not to attack the critical infrastructure on which people depend for their survival, such as communications and energy. And I think that Putin and Biden raised this topic during their meeting. But, again, there is a question of control. And would a state that has already embarked on a cyber attack want to assume such obligations?
A. Chelyshev:
– We have already said that a number of countries are forcing foreign IT companies to localize and work according to the laws of their country. This is done, among other things, to control the movement of information. How effective is this measure? And should Russia follow this path?
A. Bezrukov:
– Unfortunately, the measure is not very effective, because if we are talking about a real war, then, of course, it will be conducted through third countries, third parties and all kinds of proxy companies.
A. Chelyshev:
– Countries that own nuclear weapons do not use them, because they understand that a retaliatory strike will be at least symmetrical. Much stronger as a maximum. And in any case, it will lead to catastrophic destruction. Can the same be said about cyber warfare? Do countries developing cyber weapons understand that if they strike, the retaliation could be even stronger? Is there a feeling of inevitability of retribution?
A. Bezrukov:
– I'm not sure about the inevitability of retaliation. But there is definitely an understanding of their own vulnerability. The United States, for example, has the greatest opportunities for cyber warfare, but it understands that, due to the digitalization process, they themselves also represent a large cyber target. Suffice it to recall the recent attacks on the Colonial Pipeline and the world's largest meat concern, JBS. And then: these were not cyberattacks with the aim of destruction, but blackmail – hackers forced them to pay in exchange for regaining control over the control system. However, both of these cases showed that in the conditions of a really operating digital economy, it is enough to knock out one link – and the entire supply chain will crumble. And the United States, I think, is well aware that this is a game with fire.
A. Chelyshev:
– Let's talk about the impact of the Internet space on an individual. We are already accustomed to the fact that social networks can block personal accounts for political reasons. The most striking example here is the attacks on Donald Trump in the midst of the US presidential election. Can the system of international law force IT companies to work in the legal field?
A. Bezrukov:
– I believe it will happen, and soon enough. The actions of social networks with regard to personal accounts, including Donald Trump, are so blatant that the realization of the power of Internet monopolies came very quickly. And therefore, even the Biden administration, which won the election thanks to these monopolies, is well aware that at any moment the same mechanisms can be used against it.
Internet access is becoming a kind of public service. The same as access to water, heat and electricity. The need to communicate via the Internet becomes basic. And this will lead to the fact that states recognize access to the Internet as a human right. Consequently, monopolies will have to work by strict rules. Moreover, in the States themselves they are quite loudly talking about the fact that such monopolies should not exist at all. Look at what is happening in China, where the state has very rigidly entered the cyber sphere and has clearly defined what is allowed and what is not allowed to whom. In making these decisions, Beijing was guided by state interests. The same will happen in other countries. Nowhere does the state want to give up the right to regulate communications. Especially the monopolists. To carry out demonopolization every 50-60 years is, in principle, in the traditions of the United States: 100 years ago it was dismantled there in parts
Standard Oil, which controlled the oil industry, and in the 60s of the XX century dismantled the telecommunications monopoly Bell AT&T. I think that if Google and Facebook continue with the current policies, it will be their turn. States do not like it very much when they are told “No”.
A. Chelyshev:
– Are there any examples when an injured party – a person, a company or an entire state – reported the damage that was caused to it through a cyber attack? Where can you even complain about this?
M. Voropaev:
– Everyone has the opportunity to file a complaint with the UN. Moreover, it is very easy to do. There is a special form on the UN website, everything is quite simple and accessible to everyone who has at least a little bit of Internet experience. Then I decided to file a complaint about US actions in cyberspace. Because the problem exists, and so far all attempts to solve it have not been successful. And I am very interested to know what position the United Nations takes on this matter. So it won't be long to wait. I have already written the text, consulted with lawyers and will send it in a few days.
A. Chelyshev
– When to expect an answer?
M. Voropaev
– As far as I remember, the Organization should react in a maximum of 30 days.
A. Chelyshev:
– We talked about how social networks influenced the results of the elections in the United States and did not at all touch upon similar attempts to influence the situation in Russia. Do we have countermeasures?
A. Bezrukov
– You have touched upon the main problem. Google, Facebook or someone else remains a monopoly only in the absence of real competition, sorry for the banality. And the solution to the problem is very simple. This is the development of Russian media sites that would be able to compete with foreign ones and pull traffic over to themselves. We have such sites, but they must be stronger. Their further growth and victory in the fight against foreign competitors is completely in the interests of our state. …
It is necessary to invest money in them – even budget money. Because this is not only a matter of business, but also of national security. Because foreign sites not only accumulate traffic, collect personal data and earn money from advertising, but also wage an ideological war against us. For our money.
A. Chelyshev:
– What should we do right now, when the cyber war is already underway, and there is no system of checks and balances and is not foreseen?
A. Bezrukov:
– Secure your critical infrastructure. Rebuild it in such a way that all control is carried out by our means. Only then can we say that control will be complete. This means that you need to invest in the creation of Russian-made components. There are not enough of them yet. But I know that this work is being carried out very actively in the Ministry of Industry and Trade, significant funds are allocated. And there are major breakthroughs. I think the key tasks will be solved within a few years. The second question is the organization of protection. Americans two years ago created a vertical of power to protect their critical infrastructure. They have an agency that deals only with this. Unfortunately, such a vertical has not yet been built in our country. This must be done.
A. Chelyshev:
– So, the main conclusions:
– cyber war is already underway, and any person, company or state can become its victim at any time;
– a global Digital Code is necessary, but the United States does not want to play by general rules, since it does not want to lose its global leadership in the cybersphere;
– in the coming days, an official complaint will be sent to the UN about the actions of the United States in cyberspace;
– Russia's main task right now is to strengthen the protection of critical infrastructure from external cyber threats.
This concludes our round table. However, we will return to this topic regularly.
