Russia's Cyber Sector Reacts to Western Sanctions and Tech Isolationism
A major Russian cybersecurity conference highlights the industry's views on Western sanctions, tech isolationism, and Putin's domestic tech push.
Despite receiving hardly any Western press, the Russian cybersecurity sector’s reactions to Western sanctions, growing tech isolation, and Vladimir Putin’s domestic technology push were on full display in 2022 at a major Russian cybersecurity conference: Positive Hack Days. The conference is put on by Positive Technologies, a Russian cybersecurity firm sanctioned by the US government for supporting Russian government cyber operations and for helping the Russian intelligence services recruit hackers. This post dives into the key takeaways from the conference — and what it says about Russia’s cybersecurity sector as the Russia-Ukraine War continues. Brought to you by Global Cyber Strategies.
The One-Liner
Russian officials are barraging Russia’s cybersecurity sector with propagandistic narratives, and members of Russia’s cyber sector are responding differently to Western sanctions, growing tech isolation, and Putin’s domestic technology push — with motivations ranging from self-preservation to self-serving business interests to genuine belief in the regime and its propaganda.
Russia’s Private-Sector Tech Actors: The Analytical Gap
When studying Russia’s cyber power, Western analysis often focuses on government actors and several prominent criminal groups. These organizations certainly play vital roles in Russia’s cyber ecosystem; for the state’s part, the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence agency (formally, Main Directorate of the General Staff of the Russian Armed Forces, or GRU) all have active cyber units. Criminals play a central role in Moscow’s cyber activity, too.
However, this focus overlooks the important private-sector actors in Russia’s cyber ecosystem — from companies providing defensive services to other firms, with no state interaction; to companies helping cultivate talent and build up the Russian hacker community broadly; to companies directly supporting vulnerability research, offensive capability development, and cyber operations for the Russian government. Russia also has a globally active cybersecurity sector that has market share around the world, takes foreign investments, and partners with foreign businesses.
These companies sit along a spectrum, and their engagement with the Russian government varies. It is a common but misguided analytical decision to assume or believe that all cybersecurity (or even technology) companies in Russia have active involvement with the government — and that among those who do interact with the government, that those relationships are all the same. This is not true.
Studying the Positive Hack Days conference and other ones like it is thus essential.
Positive Hack Days 2022 and Russia’s Cyber Sector
The Positive Hack Days conference was founded in 2011, and its 2022 conference was its best-attended yet: around 8,700 people showed up in Moscow. I recently conducted an analysis of the conference, some of which I described in a post for the Brookings Institution. Here are some of the key excerpts and takeaways from that article, in block quotes, combined with additional insights at the end of this post.
Positive Technologies is sanctioned by the US government for supporting the Russian government’s cyber operations.
Reportedly, it discovers vulnerabilities in technology products, develops exploits for those vulnerabilities, and provides them to Russia’s Federal Security Service. It plays a key role in Russia’s national cyber threat response program (GosSOPKA), too.
Prior to US government sanctions, Positive Technologies was already known as a recruiting source for the Russian intelligence community, particularly the GRU. While this is not unique to Russia — certainly, US intelligence organizations attend cybersecurity conferences to recruit talent, and other countries’ intelligence services do the same at their own cybersecurity industry events — it is still significant.
At Positive Hack Days 2022, the Kremlin sent several prominent officials to speak at the conference and spread propagandistic rhetoric. For example:
Maria Zakharova, the infamous spokesperson for Russia’s Ministry of Foreign Affairs once dubbed Russia’s “troll-in-chief” for her lies and what-about-ism, headlined a discussion on “Creating a Multipolar World.” The conversation was laden with nationalistic talking points about tech isolation: “The internet is being segmented,” Zakharova told the moderator, and “this is not being done by individual states that want to maintain their political, economic, or financial agenda, but we see it on the part of those who created the internet space as a commons.” Ignoring the Russian government’s numerous steps to control the internet at home and undermine the open internet globally, Zakharova stated that “it is the countries and the corporations that regionally were talking about the need for a global approach who are pursuing that policy of exclusion.”
Other discussions at the conference, as I describe in the post for the Brookings Institution, highlighted a range of reactions in Russia’s cybersecurity sector to Western sanctions, tech isolation, and Putin’s domestic technology push.
In a panel on technological independence through “import substitution,” featuring representatives from Russian technology firms, the participants discussed how tech isolation and the resulting need for domestic technology is “an irreversible process.” These conversations are by no means new in Russia, but the repeated coverage of technological isolationism and import substitution issues underscores a ratcheting-up of this rhetoric in Russia’s cybersecurity community. One participant noted that “suddenly, you see companies that were developing some huge products for one, two customers, but now, they are going national, they are going big-time, and it’s one of the, probably, benefits of the current situation.”
The CEO of a Russian cybersecurity and information technology company had more praise for the current situation:
“It’s irreversible, and it’s ambitious. Because we all now enter a new field of opportunities. There is demand from the market, there is regulation, there is support from the state, there is cyber war—I want to say, thank god there is cyber war, but, well, there is cyber war. Everything we are doing now is not going to be tested on a virtual mockup at The Standoff; it’s going to be tested in real-life settings. And if we can demonstrate the infosec maturity of Russian solutions, then it’s a big opportunity.”
Another individual, possibly attempting to express some hesitance about domestic tech efforts and Russia’s growing technological isolation, spoke about the challenges with marketing Russian cybersecurity products going forward.
“You are confident in yourself so much,” he told listeners, “but they may not believe you. So how can you prove it? You can open this code—make it open-source. And this is the only way, the only path, to go to wider geographies in order to make your products popular.”
Read the rest of my post for the Brookings Institution for some additional insights.
Other Key Takeaways
While some participants were optimistic about Russia’s push to develop domestic software products and services, as alternatives to Western ones, they expressed hesitation about Russia’s ability to develop domestic alternatives in hardware.
Although many Western companies have exited the Russian market, some Russian cybersecurity firms plan full well on continuing to compete with Western counterparts around the world.
It’s easy for Western observers to dismiss Russian cyber firms trying to globally compete, given the geopolitical ramifications of the Putin regime’s illegal war on Ukraine. But there are still many countries in which Russian cyber firms have a decent chance at competing with Western companies to offer a range of technology products and services, especially where government organizations and companies in those countries want to diversify their digital risk.
The politically charged and increasingly repressive environment in Russia creates great uncertainty and difficulty for those that remain in the country. If this continues to contribute to the “brain drain” of technology talent, including cybersecurity talent, from Russia, the Russian government may be forced to take new steps to develop or acquire technology.
Subscribe for more public insights, and reach out on Global Cyber Strategies’ website for a range of custom-tailored research and advisory services.
—
© 2023 Global Cyber Strategies LLC.