Part 25 (1/2)
The 27th CRI also provided the Russian MOD's initial Internet access. According to Russian press, prior to 2004 the 27th CRI formed the Strategiya Agency as an experimental Internet program for connecting the MOD. The connections provided service for a variety of MOD components, including the General Staff Main Operations Directorate and Electronic Warfare Directorate. The connections provided access to global information resources for research purposes. The 27th CRI works closely with Vch 49456, a MOD center for automation listed on MOD computer contracts. Vch 49456 might be directly subordinate to the 27th CRI; however, we cannot be certain.
The 27th CRI employed at least 1,700 personnel in 2010. Vch 49456 employed at least another 700.
[84] There is an unstated tension between the FSB and MOD on IO responsibility. Russian law a.s.signs the FSB lead information security responsibility. The MOD, however, sees IO as a military responsibility. MOD and government structures related to IO are usually filled by former FSB/KGB officers. During the 2008 Russia-Georgia conflict, the MOD Press Officer was transferred from the FSB. It seems that the FSB is making sure MOD plans don't hinder FSB prerogatives.
[85] Noncontact Wars was published in January 2000 while the Security Council was working on the new doctrine.
[86] Russian military commentators, including Ivanov, have speculated since 2005 that the EW Troops would become a separate combat arm. This had not occurred as of July 2011. Ivanov, whose last rank was Major-General, and who as a 2006 General Staff Academy Honors Graduate was seen as a rising star, was one of three General Staff officers who requested retirement in July 2011 for as-yet unspecified reasons.
[87] Dr. h.o.r.ev's web page also states he received an award from FSTEC in 2003 while serving in this position.
[88] Moscow Military University's distinguished alumni include arms dealer Viktor Bout and ”former” FSB officers Andrey Lugovoy and Dmitriy Kovtun, implicated in the Alexander Litvinenko a.s.sa.s.sination.
[89] FSTEC states that responsibilities include only ”key” networks. However, the definition of key is broad enough to allow FSTEC to operate anywhere.
[90] The same postings normally list VAIU and VAIU predecessors under education.
[91] The English translation is approximate. The Cyrillic name is eepaH ocyapcTBeHH HayHo-cceoBaTec cTaTeH eHTp paoeTpoHHo op oeH eTBHocT cHeH aMeTHocT (H ).
[92] It seems the ambiguity was designed to avoid drawing attention to the merger between VAIU and the 5th TSNIII.
[93] A former Vch 11135 employee is now a prominent Russian IT security expert who writes frequently on SCADA security. FSTEC doc.u.ments show its role in SCADA security.
[94] The FSTEC list tries to obfuscate by listing the 18th CRI as the organization requesting certification and Vch 11135 as the testing laboratory. However, the Russian tax identification number is the same for both, showing that they are the same organization. In short, the 18th CRI is certifying itself.
Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)
Russia's Information Security Doctrine shows a tension between the government's a.s.sessment that the Internet drives technical progress while spreading ideas threatening ”Russia's spiritual revival.” As a result, the FSB and the MVD have developed Internet-oriented components. These components are direct first at the internal threat to domestic stability. However, they also have offensive potential.
Federal Security Service Information Security Center (FSB ISC)-Military Unit (Vch) 64829
The FSB's Information Security Center (FSB ISC) is the FSB's component for counterintelligence operations involving Russia's Internet (RuNET). FSB ISC operations include monitoring RuNET and a.n.a.lyzing Internet content. However, FSB ISC also plays a role in offensive IO.
The FSB's Information Security Center was formed in 2002 when FSB Director Nikolay Patrushev reorganized the Department of Computer and Information Security. The reorganization transferred some administrative and developmental functions to other FSB components-including the Center for Communications Security; the Center for Licensing, Certification, and Protection of State Secrets; and the Scientific Technical Center-while focusing FSB ISC on counterintelligence operations on RuNET. FSB ISC is also designated as an FSB expert investigative center, performing forensic investigations for criminal prosecution. Russian law authorizes FSB ISC to conduct legal investigations and take action against Russian citizens. FSB ISC works closely with the Russian Ministry of the Interior Directorate K-the cyber crime directorate-headed by Lieutenant-General Boris Nikolayevich Miroshnikov, who transferred to the MVD after heading FSB ISC.
FSB ISC First Deputy Director Dmitri Frolov speaks frequently, stressing FSB ISC's role in preventing terrorist and criminal activity on RuNET. Frolov also speaks on the FSB's need for improved technical capabilities and increased legal authority to counter cyber terrorism and cyber crime.
The FSB monitors Internet traffic using hardware and software installed at Russian Internet Service Providers (ISPs), Internet access points, and Internet exchanges. The Internet monitoring system-known as SORM-was first established in the 1990s. The existing system began a major upgrade with contracts let during 2007 and 2008. The upgrade will enhance FSB ISC's ability to remotely task the Internet monitoring system and a.n.a.lyze collected information offline in a dedicated center located at the FSB ISC building. The upgrade also enhances FSB ISC nonattributable Internet operations.
FSB ISC capabilities can be used for offensive purposes. In 2008 Cnews.ru quoted deputy head of the Russian Armed Force General Staff Major-General Aleksandr Burutin on Russian Information Operations. General Burutin stated that the FSB, along with the Ministry of Defense, was developing ”special methods of conducting information warfare.” Websites named by FSB ISC First Deputy Director Frolov as supporting terrorist and extremist activity-such as Chechen-oriented Kavkazcenter.org-have suffered disruptive attacks. Russian press attributes the attacks to patriotic hackers, although they note FSB's tacit approval.[95] After Wikileaks threatened to publish embarra.s.sing information on Russia, including possible Russian intelligence service operations, a November 2010 article by Aleksey Mukhin stated that the FSB ISC had informed Russian leaders.h.i.+p that Wikileaks could be rendered inaccessible forever ”given the appropriate command.”
Russian Federal Security Service Center for Electronic Surveillance of Communications (FSB TSRRSS)-Military Unit (Vch) 71330
The FSB Center for Electronic Surveillance of Communications (FSB TSRRSS) is responsible for the interception, decryption, and processing of electronic communications. The center-also known as the 16th Center (Directorate) FSB-is directly subordinate to the FSB Director.
In 1991 Russian President Yeltsin broke up the KGB, transferring the 16th Directorate to the Federal Agency of Government Communications and Information (FAPSI). The 16th Directorate became FAPSI's Main Directorate for Communications Systems Signals Intelligence (GURRSS). The KGB's 8th Main Directorate-responsible for communications security-also went to FAPSI. In 2003 Russian President Putin disestablished FAPSI, with many communications security and intercept functions going to the FSB. Responsibility for government communication networks went to the Federal Security Organization (FSO).
The internal structure and size of the FSB 16th Center is uncertain. However, an uncla.s.sified history states that in 2003 FAPSI had 38,500 servicemen and 14,900 civilian employees. A 2003 Kommersant article estimated that most would transfer to the FSB, with the rest going to the FSO and Ministry of Defense.
Vch 71330 registered a small block of IP numbers with the European Internet authority, RIPE. The block is on Autonomous System Number 12695 (AS12695) registered to a Russian Closed Joint Stock Company (JSC) Digital Network (panies.
The FSB Communications Security Center (CBS FSB)-Military Unit (Vch) 43753 or 8th Directorate FSB-ensures that government communication systems use approved products. The center also ensures government communication projects meet security standards. While TSLSZ licenses a company for work with state-secret information, the Communications Security Center approves specific products developed by the company. Russian advertis.e.m.e.nts for software products frequently list their CBS FSB license so customers know they can be used in secure systems. Russian contracts for government communication projects are subject to CBS FSB approval if they involve state-secret information or financial transactions. The Russian press frequently quote CBS FSB personnel on information security topics. CBS FSB personnel also attend and give presentations at information security conferences; by contrast, TSLSZ personnel are less visible.
Russian Interior Ministry Center E (MVD Center E)
Government Decree N-1316 reorganized the Russian Interior Ministry (MVD), establis.h.i.+ng the Department for Combating Extremism (Center E, or DPE). In a 2009 Vremya Novostey interview, MVD Major-General Valery Kozhokar-Chief of the Main Administration Directorate-detailed the new department's mission: As for Center ”E,” it works in several fields: suppressing extremist organizations and a.s.sociations, including youth groups, and counteracting religious extremism and ethnic extremism. In short, it fights terrorism.
Independent Russian press, however, claim that Center E is focused on political dissent-especially critics of Prime Minister Putin-and vice extremism. The press draws a.n.a.logies between Center E and the Ministry of State Security (KGB) 5th Directorate, targeting ideological crime and dissent.
Russian government opponents and supporters both state that Center E is aggressively using the Internet to identify targets. MVD Lieutenant-General Yuri Kokov currently heads Center E. Kokov's press spokesman Yevgeniy Artemov detailed the methods available to Center E under Russian law: According to the law On Operational Investigative Activities, the list of operational investigative measures includes: interrogation; making inquires; surveillance; the searching of structures, buildings, facilities, parcels of land and transportation a.s.sets; the control of mail, telegraph and other communications; monitoring of telephone conversations; as well as operational penetration.