The Russian government seeks to create its own system of root name servers, which is supposed to include the BRICS and possible the Shanghai Cooperation Organisation (SCO) countries. This will ultimately be an ‘alternative Internet’, which will have its own cybersecurity concerns.
The Russian authorities, heavily influenced by the ideas of ‘cyber-sovereignty’, promoted by the “Chinese computer scientist Fang Binxing (aka “Father of China’s Great Firewall), decided in November 2017 to create an ‘alternative Internet’. This was an answer to the concerns that the US control over the Internet can adversely impact on the international relationships. In other words, there is a fear the US can cut some ‘unfriendly’ country’s access to the web if relations were to deteriorate.
Hence, the Russian Security Council ordered its telecoms ministry to look at a “system of backup DNS root name servers, independent of the control of the Internet Corporation for Assigned Names and Numbers (ICANN), Internet Assigned Numbers Authority (IANA) and VeriSign, and capable of servicing the requests of users from the listed countries in the case of faults or targeted intervention”.
The ‘backup’ servers would be placed in BRICS countries but can be possibly used by other countries such as those belonging to the Shanghai Cooperation Organisation (SCO) that include Kazakhstan, Kyrgyzstan, Tajikistan, Pakistan and Uzbekistan. There is also some observers and dialogue partners countries that can become users of this ‘alternative Internet’: Afghanistan, Belarus, Iran, Mongolia, Armenia, Azerbaijan, Cambodia, Nepal, Sri Lanka and Turkey. The BRICS and SOC countries, which count for more than 50% of the world population, are increasingly concerned about the capabilities of western countries to carry out offensive operations in information space, and their willingness to use them.
Not surprisingly ‘Western’ countries, suggest that it would be neither possible nor plausible to shut off any country from the internet. For example, the Chief Technology Officer of the ICANN believes that “there’s no off-switch”. He believes that the US government could theoretically force ICANN – a US-based organisation – to, for example, take the .ru domain from the root server but it would have a limited effect.
Reading reports from both the BRICS and ‘West’ on this ‘Internet divide’, it does not seem likely that the sides will agree – meaning that the ‘alternative Intent’ will go on. If so, what would the cybersecurity implication be for South Africa if we are to join this alternative network?
BRICS cybersecurity issues and cooperation
The BRICS countries are both users and developers of ICT products and services, particularly China which satisfies the needs of about 30% of the world market. Russia is, on the other hand, the world leader in first class and affordable telecommunication services. India is a large software exporter. Brazil is the major data hub in Latin America, while South Africa is an African leader in telecommunications.
A general BRICS cooperation is already into its second decade, and cybersecurity cooperation will help these and other developing countries to improve global internet governance. In that regard, as we already have analysed and reported, the BRICS countries have set a concrete strategic foundation for cooperation in confronting common cybersecurity issues.
In these countries the Internet connectivity is high but, generally, the cybersecurity level of awareness is rather low – causing considerable damage. For example, a recent report by McAfee stressed that the greatest number of cyber crime victims reside in the BRICS countries: Russia (85%), China (77%) and South Africa (73%). As the world goes digital, the human attack surface is to reach 6 billion people by 2022- almost a half of these people will live in the BRICS countries.
The Global Terrorism Index 2017 points out that technology is offering terrorist groups greater strategic and operational freedom and new types of ‘leaderless attacks’, which will only grow in scope in the future. The same report warned that the BRICS countries are rather high on the Index’s list: India was ranked as 8th, China 31st, Russia 33rd, South Africa 47th and Brazil 87th out of 130 countries. That was a red light prompting a number of the BRICS summits, conferences and working groups to call for a comprehensive approach for countering misuse of the Internet. A very recent BRICS Network University conference, held in Stellenbosch (South Africa) from 5 to 7 July and attended by this author, has strongly confirmed a need for cybersecurity cooperation.
This cooperation is evidently advancing despite some difficulties caused by diverse cybersecurity agendas and the associated challenges. The BRICS countries reached agreement in 2010 to request an international mechanism to combat cyber crime. In 2013, it was specified that the BRICS states will jointly protect the cyberspace from becoming a platform for terrorists to recruit members and disseminate radical ideologies. It was also agreed to advance international cooperation through multilateral organisations such as the UN. In 2014, the BRICS foreign ministers agreed to address infringement of privacy in respect of national and international laws.
In 2016, BRICS representatives for security issues agreed to increase the sharing of information and best practice in order to enhance mutual cooperation. The danger of cyber threats, such as cyber terrorism, cyber-crimes, money laundering, human trafficking and transnational organised crimes, was also accentuated at the very recent 8th BRICS National Security Advisers meeting held in Durban on 30 June 2018.
BRICS cybersecurity and South African implications
A possible introduction of ‘alternative Internet’ can bring benefits but also can make things even worse as cyber criminals, terrorists and the state-sponsored cyber adversaries from ‘other Internet cohort’ can purposely target whole BRICS block for wishing to retaliate to some of its member countries.
In general, BRICS countries will face domestic and international pressures regarding the introduction of ‘alternative Internet’. As happened before, the West – largely embodied by the US – will certainly use international financial mechanisms as an instrument of pressure. It is not insignificant that, in recent years, this kind of pressure caused the capital outflows of at least USD 3,5 trillion.
This might likely be coupled by instigating social unrest, demanding regime change – as happened elsewhere in the Arab world. Furthermore, the US Council for Foreign Relations has openly announced that for years the US has been wooing India and Brazil to promote its preferred cybersecurity norms.
So, what should South Africa do to protect its cyberspace? Regardless of joining the ‘alternative Internet’ or not, South Africa will be pushed to join forces with other BRICS countries and strengthen cooperation with all relevant parties – instead of totally accepting the cybersecurity initiatives from the US and the West.
Furthermore, South Africa must look after itself by strengthening its own capacity to defensively and offensively protect its cyberspace. This, firstly, requires producing a sufficient number of the cybersecurity expertise through the education systems and the industry. It is foreseen that cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3, 5 million by 2021. Cooperating with other BRICS cybersecurity highly potent countries can tremendously benefit South Africa in bridging this skills shortage and securing its cyber space.