When will they make a “Cheburnet” from the Internet: a review of the project

As you remember, in early May 2019, the president signed the law “On the sovereign Internet”, which will come into force on November 1. The law is nominally designed to ensure the stable operation of the Russian segment of the Internet when disconnected from the worldwide network or coordinated attacks. What's next?

At the end of May, the Ministry of Communications and Mass Media prepared a draft government decree “On approval of the procedure for centralized management of a public telecommunications network”. You can get acquainted with the full text of the project and the course of its discussion on the federal portal of regulatory documents .
')
This resolution defines the “Procedure for centralized management of a public telecommunications network”. That is, under what conditions the domestic segment of the Internet will be made sovereign. And also who and on what basis will do it ( well, or under what pretext, is it to each his own ).

In general, the project includes:

• types of threats to the stability, security and integrity of the network;
• regulations for the identification of threats, measures to eliminate them;
• requirements for organizational and technical cooperation in the framework of centralized network management;
• methods for determining by Roskomnadzor the technical ability to fulfill instructions, within the framework of centralized network management;
• the conditions and cases in which a telecoms operator has the right not to send traffic through technical means to counter threats.

When the internet is especially dangerous

As for the last item in the list, the project identifies three types of threats:

1. threats to the integrity of the network - threats to the interoperability of communication networks, in which it becomes impossible to establish a connection and (or) transfer information between users of communication services.
2. threats to network stability - threats that violate the ability of the network to maintain its integrity in standard operating modes, when part of the communication network elements fail and return to the initial state (reliability of the communication network), as well as under external destabilizing effects of natural and man-made nature (survivability of the communication network ).
3. threats to the safety of the network - threats to the ability of a telecom operator to resist attempts of unauthorized access to network hardware and software and deliberate attacks, which could result in disruptions in the functioning of a communications network.

The Ministry of Communications and Matters, in coordination with the FSB, determines the list of current threats. The likelihood of a threat can be assigned to levels: low, medium, high. The danger level of the threat can be set: low, medium, high.

The probability of implementation and the level of danger are determined by Rosokomnadzor, based on network monitoring data. The list of current threats should be published on their official website.

But most importantly:

“Centralized management of a public telecommunications network is carried out in the event that a threat is topical, the probability of the realization of which is high and (or) the danger level of which is determined to be high.”

Pot, do not cook

In addition to the "Order of centralized management ..." another bill was introduced. “On Approval of the Provision on the Conduct of Exercises on Ensuring Sustainable, Safe and Holistic Operation of the Information and Telecommunication Network“ Internet ”and Public Communication Network in the Territory of the Russian Federation” ( full text ).

This project "determines the order of conducting exercises to improve information security, integrity and sustainability of the information and telecommunications network" Internet "and public communication network in the territory of the Russian Federation ...". The definition of exercises in this project is given as follows:

“Exercises are a set of organizational, technical and tactical activities aimed at the training participants accomplishing training tasks in the context of a specific situation, threats to the integrity, sustainability and safety of the Internet and public communication networks in the Russian Federation.”

Exercises are held at the federal and regional levels. Participants in these exercises, according to the decree, are:

“Communication operators, owners or other owners of technological communication networks, owners or other owners of traffic exchange points, owners or other owners of communication lines crossing the state border of the Russian Federation, other persons, if such persons have an autonomous system number, and the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation, Federal Security Service of the Russian Federation, Ministry of Defense of the Russian Federation, Federal Security Service of the Russian Federation, M Ministries of the Russian Federation for Civil Defense, Emergencies and Elimination of Consequences of Natural Disasters, Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications, Federal Communications Agency. Other state authorities and local governments may be involved in the exercise by decision of the Ministry of Digital Development, Telecommunications and Mass Communications of the Russian Federation. ”

The stated objectives of the exercises are:

• ensuring the security, integrity and sustainability of the Internet and public communication network in the territory of the Russian Federation;
• ensuring the security, integrity and sustainability of the Internet of the Russian Federation (yes, they have already determined what the Internet of the Russian Federation is);
• restoration of communication networks during natural and man-made emergencies.

The main tasks of the exercises are as follows:

• determination and practical implementation of measures to identify threats to information security, integrity and sustainability of the information and telecommunications network "Internet" and public communication networks in the territory of the Russian Federation, as well as clarification of threat models;
• updating the standards aimed at ensuring the sustainability of the information and telecommunications network "Internet" and public communication networks in the territory of the Russian Federation;
• training in the use of techniques to ensure the sustainability of the information and telecommunication network "Internet" and public communication networks in the territory of the Russian Federation;
• research and improvement of methods and methods to ensure the security of the Internet information and telecommunications network and public communication networks in the Russian Federation.

On the basis of the plan, the order of the Ministry of Communications and Mass Media of Russia determines the head of the exercise and officials within the leadership of the exercise, the mediation apparatus, control and research (if necessary) groups, as well as communications organizations involved in the exercise.

The organizations participating in the exercise may include communication operators, including owners of traffic exchange points, owners of communication lines and technological communication networks, persons having autonomous system numbers.

Within a month after the end of the exercise, the Center for Monitoring and Control of a Public Communication Network in cooperation with federal executive authorities and organizations in the field of communication is carried out a comprehensive analysis, comparison, testing and synthesis of materials about the exercises, the conclusion is developed based on the results.

The conclusion is approved by the Ministry of Communications in coordination with the Ministry of Defense of the Russian Federation, the Federal Security Service and the Federal Security Service, and contains recommendations for improving information security, integrity and sustainability of the Internet and public telecommunications network in the Russian Federation and an action plan for their implementation.

findings

And they will not. Too many guesses about this. It is likely that, in addition to all IT-companies, for normal operation, it will be necessary to obtain the next licenses of the FSB, FSTEC or other very important organizations. Or maybe there will be tests for the ability to work in conditions of disconnection from the worldwide network. Who knows what the coming day is preparing for us?