Cyber Security Strategy and Cyber Cooperation of Russian Federation

Transcription

1 , pp Cyber Security Strategy and Cyber Cooperation of Russian Federation Daeun Sung Dasan Building r.202a, Bakebeom-ro 35, Mapo-gu Seoul, Republic of Korea Abstract. In today s world, cyber security has become an important international agenda. As the information age has arrived, the need of cyber defense against cyber attacks is mounting, and the significance of cyber cooperation in the international community is drawing attention. Through the course, international society has agreed that the institutionalization of international norms dealing with cyber space and cyber security is crucial ever. Nevertheless, the West, led by the United States of America, and the East, composed of China and Russia, have shown conflicting views on forming international norms and principles which would regulate and ward off the possible threats in cyber space. Thus, the international community hasn t yet to reach an agreement on cyber security. In other words, the difference between both sides on the strategies and understanding of principles, objects, and the definition has rendered such. Firstly, this dissertation will cover the Russia s perception, strategy, and definition on cyber security through analyzing primary source. Then, it will delve into the Russia s cyber diplomacy policy. And in the conclusion, it will seek the possible solution for the cooperation in the field of cyber security. It is quite worthwhile to look into Russia s views, which is the main counterpart to the US in this field, especially when the efforts to institutionalize cyber security by the US led international community have met with their boundaries, and when the legitimacy of them have been challenged. Keywords: Cyber Security, Cyber Security Strategy, Cyber Security of Russian Federation, Cyber Coopertion 1 Introduction The allegation that the Kremlin might have intervened the US presidential election through cyber-attack in 2016 shows the competition among nations is not only physically confined to geography, but it is now spread on to the cyber-field, being carried out elaborately. Thus, it is fair to claim that the national cyber-strategy could yield meaningful results in reality, and accordingly, cyber security has become one of the pillars of national security. For the appearance of cyber security, the subject of security-threat and its spectrum have expanded; and the value of information have risen; and the information is introduced as a new standard for measuring national power. As the worth of ISSN: ASTL Copyright 2018 SERSC

2 information valued more, the threats and attacks on the cyber space accordingly have increased. Hence, the claims have been made to fortify the deterrence ability on cyber space. But for the traditional deterrence model is not applicable, international cooperation is furthermore needed on cyber space. Though, it is not easy to yield the cyber cooperation in international society because each nation has its own standards of perception, strategy, ability, and norm on cyber security. Russia is the classic rival of the US in cyber security. At this point, Russia forges counter-axis with China against Western powers, led by the US, under the protectionist standpoint that it requires national power on internet and web space. But on the other hand, it differentiates with China in that it does not control the cyber space thoroughly. In short, the Russian cyber security policy seems rather undervalued in that its national interest toward both the sovereignty and international cooperation in cyber space is considered to be the rational stance to achieve the institutionalization of the international cyber norms. 2 Russia s Cyber Security 2.1 Information Security and Cyber Security Russia uses both information security and cyber security as a definition of cyber security. 1 Looking into the official documents of Russian cyber policy, it shows that the word cyber security is adopted rather recently. Generally speaking, information security is used as a comprehensive term, so that it covers cyber security as its subordinate part. Russia s official documents states that the term cyber security cannot be separated from the domain of information security. Despite these facts, the reason behind the adoption of the term cyber security is that thorough national control and regulation on cyber space is almost impossible, and that Russia seeks conformity in naming with those of other nations. Thus, the adoption and usage of cyber security means that Russia has full intention to construct the international norms and cooperation on cyber space(concept of Russia s Cyber Security Strategy 2014). 2.2 Cyber Security Perspective and Strategy One of the most remarking traits of Russian cyber security is that it claims national sovereignty on cyber or information space. So, the cyber sovereignty, the nation involving in information space, is the fundamental notion of Russian cyber security. This sovereignty rules over the Russia cyber security strategy: nation-centric regulation and control. This interventionist strategy becomes controversial in building international norms on cyber security. 1 Computer security is often used as rather narrower term of it. Copyright 2018 SERSC 81

3 In order to understand Russian s perspective and strategy on information and cyber security, it is necessary to look into the national official documents. Those documents include Information Security Doctrine of the Russian Federation(2016); Concept of Russia s Cyber Security Strategy(2014); Basic Principles for State Policy of the Russian Federation in the Field of International Information Security(2013), and many others. Information Security Doctrine of the Russian Federation 2 defines and introduces key terms that used in Russian information security. And among them is the assurance of information security, which shows the intention of Russian government to lead the field of assuring cyber security. The method of the assurance introduces legal, institutional, technological, and other methods term, which is very comprehensive, and it also suggests the clear standard on the subject of the assurance of information security, which is a national institution or public officials and regional governments with the power to determine the legislation of Russian Federation on information security. Russian government tries to hold the power of regulation and protection in cyber security. For this reason, Russia is not free from the criticisms of Western powers like the US. that it is an excessive control on cyber space. However, the fact that guarantee of freedom and constitutional rights of citizens to information is stipulated as the first principle of Russian cyber security strategy raises hopes that Russia would not indiscreetly and imprudently abuse the sovereignty on cyber space to the level of total control, but at most to the level of censorship. 2.3 Cyber Security Coorporation In cyber security, Russia maintains cooperative relationship with China through the process like Russo-Sino Cyber Security agreement(2015.5) and Shanghai Cooperation Organisation(SCO), while it has intermittently cooperative but basically competitive relationship with the US. Russia has kept insisting to found the international cyber norms through international societal cooperation. Because perspectives between Russia and the Western powers on creating international cyber norms contrast much. And in that bottom of the cognitive difference is the notion of cyber space and cyber sovereignty. Table 1. Views on cyber space Category The US & the UK Russia, China, etc On cyber space Anarchical space Sovereign space On regulation Private-centered (No necessary for the governmental involvement) Nation-centered (Necessary for the governmental involvement) Copyright 2018 SERSC

4 Internet governance model The participation of multi stakeholders (Multi-stakeholder Model) The participation of Nations (New norms, International organizations, etc) source: Sangbae Kim et al. 2017: 33 The difference between the West and Russia on wielding sovereign power on cyber space stems from the dissimilar perceptions on cyber threats. Russia defines the cyber threats under the broader term as information security threats. Russia separates the information security threats between the external and internal ones before to list the whole threats. This is where the US and Russia s views on cyber threats diverge. The threats that the US terms as external cyber threats generally accepted as such in Russia. However, adding internally oriented cyber threats to the information security threats means that Russia is more sensitive to cyber threats, and it is seriously concerned the influence that cyber threats would bring to domestic politics. 3 This gap between the two makes it even harder to create unified international cyber norms. 3 Conclusion At this point, Russia forges counter-axis with China against Western powers, led by the US, under the protectionist standpoint that it requires national power on internet and web space. Russian government tries to hold the power of regulation and protection in cyber security. For this reason, Russia is not free from the criticisms of Western powers like the US. that it is an excessive control on cyber space. However, the fact that guarantee of freedom and constitutional rights of citizens to information is stipulated as the first principle of Russian cyber security strategy raises hopes that Russia would not indiscreetly and imprudently abuse the sovereignty on cyber space to the level of total control, but at most to the level of censorship. Russia s cyber security that does not overtly control the cyber space, but still does claim national sovereignty over it and stress international cooperation could be the cross bridge between disparate Chinese and American cyber security strategies and stances. Thus, the Russian cyber security policy is the rational compromise proposal for current institutionalization of international cyber norms, and it needs to be reviewed without criticisms that deem Russian policy as simple controls or statistics or censorship. 3 Russian information security s internal threats are following: 1) illegal activities of generation, transmission, and use of information under political and economic structures, 2) illegal actions of state structures, apparatus, leading to violation of legitimate rights of citizens and organizations in the information sphere, 3) violations of regulations on collection, processing, and transmission of information, 4) intended actions of information system units and unintended malfunction and errors, 5) the failures of hardware and software of information and communication system(concept of Russia s Cyber Security Strategy 2014). Copyright 2018 SERSC 83

5 References 1. Doctrine of Information Security of the Russian Federation (2016), 2. Concept of Russia s Cyber Security Strategy (2014), 3. Beomsik Shin: Russia s Strategy on the Cyber Security. The Korean Association of Clavic Studies, Slave newspaper 32(1), , pp (2017) 4. Fischer, Eric A.: Cybersecurity Issues and Challenges: In Brief. CRS Report No. R (2016) 84 Copyright 2018 SERSC