Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Cyberbalkanization and the Future of the Internet

Cyberbalkanization and the Future of th

Cyberbalkanization and the Future of th

On May 1, 2019, Russia’s President Vladimir Putin signed into law what is generally known as the Sovereign Internet law. It came into effect on November 1, 2019, and is ostensibly designed as a defensive mechanism against any foreign attempts — namely U.S. — to harm the Russian internet by cutting access to foreign (non-Russian) servers.

In principle, the concept is relatively simple. Russia will establish its own shadow Russia-only DNS system. Under duress, or on-demand, Russian ISPs would be instructed to switch to the alternative DNS. This would ensure that all Russia-to-Russia communications never leave Russian territory, and a Russian national internet would be protected. Of course, it also means that all internal communication can be more easily intercepted, and that Russian citizens could be prevented from visiting selected websites in the rest of the world.

While pitched as a purely defensive option, it is widely seen as another example of the increasing balkanization, to one degree or another, of the world wide web; that is, the tendency for national governments to isolate, or protect, their country and citizens from the rest of the world. In this, Russia joins China, North Korea, Iran, and surprisingly but to currently a lesser extent, the United Kingdom.

While balkanization is the effect, national isolation is the process. We need to know why and how individual countries are isolating themselves from the internet to understand whether widespread balkanization is the future for the world wide web.

The purpose of isolation

The stated drivers for isolation are national security, law and order, and copyright protection – but the result is always control. It is a political decision provided by technology and legislation.

“Much like a country would want to physically protect its borders from outside threats, real or perceived, countries like China, Russia, and others want to secure their borders online as well,” says Attila Tomaschek a digital privacy expert at ProPrivacy (formerly BestVPN). “A country having complete control over its own internet would allow it to more effectively guard against hostile online threats and interference from other countries.”

Isolation is “done mainly for control,” believes Francis Dinha, CEO of OpenVPN, “but of course it’s under the guise of safety and security of the government’s citizens. Like most freedom and liberty encroaching laws and regulations citizens are told certain rights and liberties need to be taken away for their own security and protection.” In other words, the control aspect of isolation closely equates with censorship.

Advertisement. Scroll to continue reading.

Dinha has personal experience of state censorship. He was born and grew up in Saddam Hussein’s Iraq. He credits his and OpenVPN’s commitment to a free and accessible Internet to his experience growing up under a regime in which free speech was nonexistent and any criticism of the government could mean death. 

On March 28, 2019, OpenVPN was one of ten major VPN services contacted by Roskomnadzor (RKN), the Russian body charged with supervising the Sovereign Internet law, with a demand that they connect their services to a new Russian content filtering system, or face being banned. Dinha declined.

Tomaschek doesn’t disagree over the control aspect of isolation. “Authorities are more able to effectively control the information permitted to flow in and out of the country online and, as a result, control everything the general populace would have access to on the internet. Furthermore, controlling the internet is a powerful way for government authorities to quash any ideas or expressions that run counter to established political or religious principles.”

Talking about the Russian Sovereign Internet law, his colleague Douglas Crawford is more specific. “It is a move designed to consolidate the already vice-like grip that the current regime has on the reins of power in Russia.”

Joseph Carson, chief security scientist at Thycotic, has a slightly different take on the cause of internet isolationism. “Countries are doing this due to the fear of becoming less important than social media companies whom today have more influence than most governments and politicians,” he said. 

This is an important observation. If isolation is driven by political self-preservation, it is a driver that will affect all nations, and not just those with a history of authoritarianism. Russia used social media to interfere in both the U.S. 2016 presidential election, and the UK’s 2016 Brexit referendum

In January 2019, Facebook announced that it had removed a vast Iran-led manipulation campaign designed to promote the government view of the Middle East. China has a similar social media manipulation program. While Russia seeks to disrupt the balance of power in its favor, Iran and China seek to manipulate international public opinion in their favor. The reality, however, is that individual national governments are losing control over their own citizen’s opinions because of social media and the global internet.

If the west is unable to control social media, its governments may be compelled to control the internet – and they can only do that by isolating their citizens from the global internet. This driver will affect western democracies just as strongly as it affects Russia, China, Iran and North Korea.

While national security is a political driver, the copyright driver is primarily economic. The entertainment – or creative – industry in the west is huge, comprising film and television, music and video gaming. Its political lobbying is commensurate with its size. Its desire is not to isolate national infrastructures, but to isolate copyright infringement and infringing websites from national infrastructures. The two preferred methods are to force ISPs to block infringing websites, and to persuade – either through force of argument or force of sponsored legislation – third party content platforms to filter all content and block where necessary.

The industry’s role in internet isolationism is that these two methods, once implemented, provide governments with the technical means for both isolation and citizen censorship – key elements of the drive towards a fractured internet.

The means of isolation

The rise of right-wing nationalism is driven by concerns over uncontrolled immigration. President Trump was elected with a promise to secure the southern border – with a wall – to stop illegal entry. Brexit was largely about Britain’s loss of control, to the EU, of its own borders. Nationalism has grown throughout Europe for the same reason, with a common demand for national control over national borders; or at least some method of preventing uncontrolled passage.

On the internet, local ISPs and the domain name system (DNS) are the national borders. Controlling the DNS that ISPs use is a means of controlling national borders – internet isolation is based on ISP/DNS control.

China’s isolation is not complete isolation — it is more an expression of heavy state censorship. It doesn’t seek to completely isolate the internal internet, but to limit what websites can be visited and what services can be used from outside of China. It comprises a combination of legislative requirements and technological disruptions.

At least three technical means are used: DNS poisoning, URL filtering, and deep packet inspection (DPI).

“With the DNS blocking method,” said Dinha, “they will poison the users’ DNS, and instead of directing them to the IP of the root DNS servers, they will instead direct it to an IP that is not hosting the site and most likely redirects to a government site while stating the URL is blocked for some generic reason.”

There is no definitive list of which sites are blocked in this manner since it doesn’t seem to be a constant. Nevertheless, western social media including Facebook, Twitter, Instagram, Pinterest, Tumblr, and Snapchat are not available without a VPN. 

VPNs are not currently illegal, although use of them to access forbidden sites will be prevented where possible. There are suggestions that ISP filtering is ‘learning’ how to recognize encrypted VPN traffic.

URL filtering is pure censorship, with ISPs looking for ‘forbidden’ terms such as ‘Tiananmen’ and blocking URLs containing that term. This can allow access to sites, while preventing access to specific pages that will likely contain content not desired by the government. In this way, access to Wikipedia is allowed, but many individual pages are blocked.

The Russian approach is more uniform. It requires a complete Russia-only DNS alternative to the global DNS system. On demand from the government, the Russian ISPs will be required to switch from global to Russian. This could stop any data from leaving Russia, while ensuring that any data from outside of the country cannot get into Russian territory. This provides the Russian government with one of its favored diplomatic tools – plausible deniability. It can be sold to the Russian public and the world at large as a defensive tool designed solely to protect Russians from outside interference, whether that is cyber espionage, malware outbreaks or cyber warfare.

Russia to Russia traffic would never leave Russia. In theory, this would ensure its protection from interception by foreign powers, but would leave it open to interception by the Russian authorities. The cost of developing a new Russia-only DNS system will be high, and it is not certain it can be achieved. The economic cost of using a Russia-only DNS system will be even higher — so even if it can be done, it is likely to be used sparingly and only in times of ‘national emergency’ (a definition that is entirely in the hands of the Russian government).

David Barton, CISO at Stellar Cyber, has spent several years in countries that inhibit their users’ access to the global internet. “I was amazed at some of the people I met who still had access to some of the ‘blocked’ sites despite the restrictions placed on them by their countries. People have an amazing knack for finding ways around the controls placed on them by the authorities.” Where internet blocking is implemented within a country by ISPs alone, users can still circumvent the block with a VPN; and this is what lies behind Roskomnadzor’s earlier demand that VPN providers route their services through Russian state servers.

The problem for users is that VPNs may not provide a solution against a determined government. A complete Russia-only DNS system would prevent standard VPN traffic from leaving the country. Barton acknowledges this, but remains cautiously optimistic. “Individual nations, given enough resources and the intent to do so, can eventually block all VPNs. I do believe, however, that the human will for freedom of speech will continually seek ways to overcome those blocks.”

Carson agrees. “Governments can control for most citizens, but more tech savvy citizens will always find a way around such controls,” he said. “Users will absolutely be able to evade national blocks. With today’s technology, it is easy to bypass most security and monitoring controls.”

The UK model – a potential insight into the future

National internet isolation – or at the very least, national internet control – is growing. It is possible that current geo-politics make it an unstoppable, even if relatively slow, force. To examine this, it is worth looking at the UK, generally considered to be a democratic nation with a commitment to free speech.

Internet isolation has been linked to government control, and the UK has a history of government control. Its press is quietly controlled with D-notices (now known as Defense and Security Media Advisories – DSMA). This is a voluntary process that is designed to provide control while not publicly impacting on the freedom of the press.

The UK was an early convert to the creative industry demands for censorship, by forcing its ISPs to block The Pirate Bay (TPB) website. It is not a very effective block – TPB was able to break the domain name block by continually changing its IP address. Furthermore, users can easily reach TPB using a VPN to gain access from a nation where it is not blocked. After 15 years of blocking at the ISP, TPB is still easily accessible from the UK.

The UK is also at the forefront of applying controls to social media with plans to introduce ‘digital harms’ legislation, and is on the verge of applying censorship to porn sites (the theory is that adults would have to acquire a ‘porn pass’ while any (youngster) without a pass would be blocked at the ISP level. This increases the government’s use of ISPs as a blocking method – but still won’t work without additional control over VPNs.

The question, then, is whether the democratic UK is likely to continue along its current path of controlling ISPs and their use of deep packet inspection, censorship and platform control. If it does, it will have quietly implemented all the technical mean necessary to isolate its internal internet from the wider global internet, forcing its people to rely on VPNs. The question is whether, in the interest of national security, it is likely to take that final step.

Here opinion is divided. “I don’t believe the UK will move towards isolationism,” says Stellar Cyber’s Barton. “I also don’t believe the rest of a democratic Europe would follow suit.” However, it should be noted that stringent legislation, such as that enacted by GDPR, is in itself a form of legal isolation and therefore a form of balkanization.

ProPrivacy’s Tomaschek has a more nuanced view. “With increased internet regulations and proposals recently, the UK appears inclined towards a form of online isolation. Though not as drastic as what is happening in Russia, the UK is gearing towards controlling certain aspects of what is permitted online within its jurisdiction,” he warns. “Initiatives like that recently proposed in the government’s whitepaper detailing proposals in countering so-called ‘online harms’ can result in a form of online censorship if not executed properly. This type of control over the internet is a slippery slope indeed, and the UK must be careful not to isolate its online environment in a way that infringes upon fundamental human rights like the freedom of speech and expression.”

Thycotic’s Carson is more blunt. “Absolutely. The UK is following the same direction as Moscow, especially with Brexit and the political push to have access to more citizens’ data.”

National intranets and the future of the internet

“I think many countries will be implementing their own local intranets for different stated reasons,” warns OpenVPN’s Dinha. “The overall goal will be the same: to control their citizenry and hamper free thought and free speech. It will most likely spread as time goes on and governments find more excuses to propose blocks (terrorism, online bullying, hate-speech, etcetera). As soon as governments start to regulate this arena it is typically very slow and near impossible to undo.”

David Flint, commercial law consultant at UK law firm Inksters, takes a similar view. “Within both the UK and, possibly – but with First Amendment issues, less likely – the United States, there is a push for greater control over the internet. It is all too easy to push for greater state control in the name of terrorism, pornography and child abuse – all matters where it is difficult for the guardians of internet freedom to mount a credible opposition. The argument ‘Surely you’re not in favor of child pornography?’ is a difficult one to overcome. Politicians and civil servants generally have little understanding of the internet and are easily swayed by the prophets of doom.”

Flint is not slow to invoke both 1984 and the rise of the far-right. “Once the principle of some form of content control is established, this may be the slippery slope towards an Orwellian nightmare. Some of the more extreme outbursts on the subject of Brexit suggest that it might not take much for a less democratic regime to use these internet filters to control speech and ideas which are none of the buzzwords but are an anathema to their views – think Gilets Jaunes, Animal Rights activists etc.”

The consensus is that the world is moving inexorably towards a far more fractured internet, with more and more nations isolating themselves from the wider free internet. This may be the future of the internet. All countries already have the means to do so through controlling their ISPs – and it is possible that the UK can be interpreted as a work in progress.

But one final thought from a Chinese venture capitalist (Fred Hu, chairman and founder of Primavera Capital Group): “With the entire global economy becoming inextricably linked to the Internet and digital technologies, stronger regulation is more important than ever. But if that regulation is fragmented, clumsy, heavy-handed, or inconsistent, the consequences for economic integration – and, in turn, prosperity – could be severe.”

It may be that the desire and need for global trade is ultimately the world’s best defense against unrestrained balkanization of the internet.

Related: Talking Global Cyberwar With Kaspersky Lab’s Anton Shingarev

Related: Trust and Temptation in the Internet as a Shared Commons

Related: The Increasing Effect of Geopolitics on Cybersecurity

Related: Microsoft Calls for Cyber Geneva Convention

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture