By the end of 2014, the Russian government plans to review a law on critical information infrastructure that would enable the country to build a comprehensive defense system against cyber attacks.
Igor Sheremet, one of the co-authors of the bill and board chairman of the Governmental Military-Industrial Commission, gave an interview to talk about the initiative.
What cyber defense system does Russia already have in its arsenal?
A state system to detect and warn against computer attacks is being created under the guidance of the Federal Security Service (FSB). Three cyber intelligence networks belonging to foreign countries were identified in 2013 alone, which prevented the theft of two million pages of secret information.
Today, in some cases cybernetic espionage is more effective than classic espionage with agents. Foreign James Bonds are unlikely to be able to penetrate another state’s structures so deeply as to have the opportunity to steal an entire secret archive.
Is eavesdropping on computer networks a real thing or a myth about spies?
You can meet with both unintended and subversive defects in all devices – smart phones, tablets, personal computers, and even network formation tools such as servers and routers.As a rule, unintended bugs are a result of developer errors, as well as ordinary manufacturing mistakes. Subversive defects are software and hardware implants that are planned in advance. These defects make leaks of confidential information possible.
A whole host of testing laboratories in Russia is involved in searching for these defects. Since 2008, just one of these labs has detected more than 40 subversive defects in foreign-produced hardware and software.
Programmable chips that are outwardly identical but function differently depending on the state of their memory are becoming more and more widespread. What this means is that not only the circuit, but also the program inside the memory needs to be analyzed. We perform that kind of analysis.
Who manufactures these microchips?
Microchips are produced using fabless technology. Design centers develop them and then ship the result off to a factory in the form of a file.
The factory produces the necessary number of microchips and transfers them to the client. Substantial financial resources are needed to create these factories, which are called foundries. There aren’t very many foundries in the world and as a rule they are co-owned by large transnational corporations.
Most foundries are located in Southeast Asia because the work force there is still very cheap. But the real owners of these assembly plants may not be Chinese at all.
Many hack attacks come from China. Why is that?
Botnets are used to hide the IP addresses of the true cyber criminals. Botnets are special program modules (bots) secretly installed by the hacker on personal computers connected to the Internet. They serve to readdress in order to hide the IP address of the true message source.
The creation and sale of botnets is one of the most widespread criminal Internet services. Using a botnet, a hacker in Thailand can attack an Internet resource located, for example, in Brazil. And it can do that through “jumps,” passing through computers physically located in Japan, Finland, Italy, Qatar, Indonesia or other countries.
The lengths taken to make the chain anonymous can reach several dozens of bots. Then the law of large numbers comes into play. Because China is the largest country in the world by population it has more Internet users than any other country. The same goes for bots installed by hackers from various countries on Chinese computers. That’s why externally it looks like cyber attacks are made from China on the rest of the world.
How will new-generation technology be developed in Russia?
According to expert estimates, a new electronic component base will start being produced on a mass scale using new physical principles and materials in 2030. Russia has the opportunity to occupy a leading position in several areas, primarily in quantum computers and quantum communication.
Quantum communication is characterized by complete Intel security. It’s theoretically impossible to intercept a quantum information flow. Quantum computers are a way to solve problems associated with the massive enumeration of variants at a speed that is unattainable for traditional computers.
For example, the world’s most powerful computer – the American Titan Cray XK7 supercomputer – can solve the well known problem in cryptanalysis of expanding an integer into prime factors for a number made up of 250 digits in one year. A quantum computer with a frequency of just one megahertz can do that in four seconds. For a number made up of 1,000 digits, that would take hundreds of billions of years and 1.5 minutes, respectively. Just think – hundreds of billions of years worth of computation or 1.5 minutes! However, it will definitely take a very serious effort and investments to create such computers.
Published by Russia’s official government newspaper Rossiyskaya Gazeta, this interview first appeared in English in Russia Beyond The Headlines.