Background: "Autonomous Runet" - what is it and who needs it
Last year, the government approved an action plan for Information Security. This is part of the Digital Economy of the Russian Federation program. The plan introduced a bill on the need to ensure the operation of the Russian segment of the Internet in case of disconnection from foreign servers. The documents were prepared by a group of deputies, headed by the head of the committee of the Council of the Federation Andrei Klishas.
Why does Russia need an autonomous segment of the global network and what goals the authors of the initiative pursue - further in the article.
Why do we need such a bill?
In a TASS commentary, lawmakers said : "An opportunity is created to minimize the transfer abroad of data exchanged between Russian users."
The document on the goal of creating an autonomous Runet says : “In order to ensure the stable functioning of the Internet, a national system for obtaining information about domain names and (or network addresses) is created as a set of interconnected software and hardware designed to store and obtain information about network addresses in relation to "domain names, including those included in the Russian national domain zone, as well as authorization when resolving domain names."
The authors of the document began to prepare a bill “taking into account the aggressive nature of the US national cybersecurity strategy adopted in September 2018,” which proclaims the principle of “preserving peace by force,” and Russia, among other countries, “is directly and unprovenly accused of committing hacker attacks.”
Who will rule everything if the law is adopted?
The bill says that Roskomnadzor will establish the rules for routing traffic and monitor the implementation of these rules . The agency will also be responsible for minimizing the volume of Russian traffic that passes through foreign communication centers. The responsibility for managing the network infrastructure of Runet in critical situations will be assigned to a special center. It has already been created in the radio frequency service subordinate to Roskomnadzor.
The new structure , according to the government, should be created in the coming months. It should be called the "Public Communications Network Management Center." The government gave a year to Roskomnadzor to develop hardware and software for monitoring and managing the public communications network.
Who, for what and how much will pay?
Even the authors of the bill find it difficult to say how much the fully autonomous Runet will cost the budget.
Initially, lawmakers said that we are talking about 2 billion rubles. This year, the authors were going to absorb about 600 million of this amount . Later, information appeared that the sovereign Runet would soon rise in price to 30 billion .
Only the purchase of equipment that will ensure the security of the Russian segment will cost 21 billion rubles. Approximately 5 billion will be spent on collecting information about Internet addresses, numbers of autonomous systems and their connections, Internet traffic routes, and another 5 - on managing specialized software, plus the development of software and hardware tools for collecting and storing information.
It is still not clear who will pay for everything: either all funds will go from the budget, or the new infrastructure will be created by telecom operators who will have to install equipment and maintain it on their own.
The original document states that “the operation and modernization of these funds are not regulated, including with regard to the financial support of these processes, as well as liability for damage caused by interruptions in the operation of communication networks caused by the functioning of these funds, including to third parties ".
Only in mid-March last year, the Federation Council proposed to pay operators for the implementation of the bill from the budget. So, the legislators submitted another document with an amendment on compensation from the budget of the expenses of operators for servicing equipment for its implementation. In addition, providers will be exempted from liability for network failures to subscribers in the event that the cause of these failures is new equipment.
“Since the technical means planned for installation will be purchased from the budget, the maintenance of these devices should also be compensated from budgetary funds,” said Senator Lyudmila Bokova, co-author of the amendments.
The funds will mainly be used to install the DPI-system (Deep Packet Inspection), which was developed at RDP.RU. Roskomnadzor chose the equipment of this particular company after testing seven different Russian manufacturers.
“According to the results of testing on the Rostelecom network last year, the DPI-system from RDP.RU received, so to speak, a“ standoff ”. Regulators had some questions for her, but on the whole the system passed the test successfully. Therefore, I am not surprised that they decided to make testing more extensive. And deploy more networks of operators already on the networks, ”Anton Sushkevich, co-owner of RDP.RU , told reporters .
DPI Filter Operation Diagram ( Source )
DPI-system is a hardware-software complex that analyzes an integral part of a data packet passing through a network. The constituent parts of the packet are the header, destination and sender addresses, and body. Here is the last part of the DPI system and will analyze. If earlier Roskomnadzor looked only at the destination address, now signature analysis will be of importance. The composition of the package body is compared with the standard - the well-known Telegram package, for example. If the match is close to one, the packet is discarded.
The simplest DPI traffic filtering system includes:
- Network cards with Bypass mode, which connects interfaces on the first level. Even if the server’s power suddenly stops, the link between the ports continues to operate, passing traffic through battery power.
- Monitoring system. Remotely monitors network indicators and displays them on the screen.
- Two power supplies that can replace each other if necessary.
- Two hard drives, one or two processors.
The cost of the RDP.RU system is unknown, but the regional-level DPI complex consists of routers, hubs, servers, communication channels and some other elements. Such equipment cannot be cheap. And considering that DPI needs to be established for each provider (all types of communications) at each key communications point throughout the country, then 20 billion rubles can be far from the limit.
How are telecom operators involved in the implementation of the bill?
Operators will install equipment on their own. They are responsible for operation and maintenance. They will have to:
- adjust the routing of telecommunication messages at the request of the federal authority;
- to resolve domain names, use servers operating in the territory of the Russian Federation;
- in electronic form, provide information on the network addresses of subscribers and their interaction with other subscribers, as well as information on the routes of telecommunication messages to the federal executive body.
When is the start?
Very soon. At the end of March 2019, Roskomnadzor invited operators from the Big Four to test Runet for “sovereignty”. Mobile communications will become a kind of testing ground for testing the "autonomous Runet" in action. Testing will not be global; tests will be conducted in one of the regions of Russia.
During the tests, operators test the equipment for deep traffic filtering (DPI), developed by the Russian company RDP.RU. The purpose of testing is to test the performance of an idea. At the same time, telecom operators were asked to provide information on the structure of their network to Roskomnadzor. This is necessary in order to select a region for testing and find out in what configuration you need to install DPI equipment. They will select the region within a few weeks after receiving data from operators.
DPI equipment will make it possible to check the quality of blocking of resources and services prohibited in the Russian Federation, including Telegram. Plus, they also test the speed limit for access to certain resources (for example, Facebook and Google). Domestic lawmakers are not happy with the fact that both companies generate a very significant amount of traffic, without investing anything in the development of the Russian network infrastructure. This method is called traffic prioritization.
“Using DPI, you can quite successfully prioritize traffic and reduce the speed of access to YouTube or any other resource. In 2009-2010, when the popularity of torrent trackers was flourishing, many telecom operators set DPI just to recognize p2p traffic and reduce download speed on torrents, since communication channels could not withstand such a load. So, operators already have experience in pessimizing certain types of traffic, ”says Philippe Culin, Diphost CEO.
What difficulties and problems does the project have?
In addition to the high cost of the project, there are several more problems. The main one is the lack of development of the document on the “autonomous Runet” itself. This is evidenced by market participants and experts. Many points are unclear, but something is not indicated at all (as, for example, a source of funds for implementing the provisions of the bill).
If the operators have problems with the introduction of the new system, that is, the Internet is disrupted, then the state will have to compensate the operators about 124 billion rubles a year. This is a lot of money for the Russian budget.
President of the Russian Union of Industrialists and Entrepreneurs (RSPP) Alexander Shokhin even sent a letter to the State Duma Speaker Vyacheslav Volodin stating that the implementation of the bill could cause a catastrophic failure of communication networks in Russia.