The governments of countries like China, Iran, and Russia now invest tremendous effort in controlling domestic online activity while conducting cyber operations abroad. In May, President Putin approved the “internet sovereignty” law. To explain the reason of this law, the Kremlin government declared that Russia needs to have the ability to disconnect its cyberspace from the world, in case of a national emergency and/or a foreign threat like a cyberattack.
Heart of the Runet
According to the state-owned Tass news agency, the tests had assessed the vulnerability of internet-of-things devices, and also involved an exercise to test Runet’s ability to stand up to “external negative influences”. In Russia, the land-based internet uses broadband access cables laid alongside railway lines. These cables are under the control of Transtelekom (TTK), which is owned by Russian Railways, a state-owned joint-stock company. Internet cables are then connected through exchange points, a sort of “data road junction”.
The internet exchange points located in the territory of the Russian Federation are managed by an organization called MSK-IX, nicknamed the “heart of the Runet”, which is ultimately controlled by the state-owned Rostelekom. Russia-based core physical infrastructure may, therefore, seem to fall under the total control of the Kremlin. To save money and increase efficiency, MSK-IX exchange points, therefore, split their distributed DNS between servers located in Asia, Europe, South America, and North America.
In practice, this means that a connection from a Russian computer to a website hosted by a US-based server may transit Prague and New York at a given time but Singapore and Los Angeles a few hours later. Total sovereignty over land-based connections would, therefore, imply enforcing sovereignty over shared infrastructure located in other countries or even in sovereignty-free territories.