cropped-icon-Logo-320.png
AhmadFaizun.com

Independent Internet for Indonesia

Information Security expert that recognized as global contributor on  encryption and development of new security testing tools and protection system.

back to overview

By Ahmad Faizun 03.20

Attack on ICBC US branch led to financial aid from its holding amounting to 9 billion USD for settling its trade business and fixing information security system. This kind of attack is not possible to happen to Indonesian Bank (like BSI ransomware case in early 2023), government, business, and other strategic sector.

Reputable and well-funded organization will spend millions to billion usd to protect themselves from security attacks and incidents, such as JP Morgan, US, spend 600 million USD to protect their information system.

How about Government and national protection from foreign attack, can we protect ourselves like China, who has China Internet Great Firewall and censorship system or Russian Internet (“Rusnet”), who protect them from foreign attack and strong censorship system?

In this discussion paper we would learn from those to well-developed countries, China and Russia, who has independent and close-loop internet infrastructure, that protect their network and citizen from perpetrator from dangerous internet work. This infrastructure is very useful in case of actual war happening. Strong internet protection could save many business and individual in Indonesia from any attack, especially personal data attack and business data transactions. We would be very suffered from such attack and may jeopardize business continuity, if we have one.

The Russian Independent Internet Lesson

The Russian Internet, also known as the Runet, is the portion of the Internet that is used in Russia. It is one of the largest and most active national Internets in the world, with over 120 million users. The Runet is characterized by a number of unique features, including its own set of popular websites and search engines, as well as a high level of government censorship.

History of the Russian Internet

The Russian Internet was first established in the early 1990s, following the collapse of the Soviet Union. It quickly grew in popularity, and by the late 1990s, it was one of the most popular sources of information and entertainment for Russians.

Unique Features of the Russian Internet:

The Runet is characterized by a number of unique features, including:

  • Popular websites: The Runet has its own set of popular websites, including Yandex (the Russian equivalent of Google), VKontakte (the Russian equivalent of Facebook), and Odnoklassniki (another popular Russian social networking site).
  • Search engines: The Runet also has its own set of popular search engines, including Yandex and Rambler.
  • Censorship: The Russian government has a long history of censoring the Internet. In recent years,the government has cracked down on dissent and criticism of the government, and it has blocked access to a number of websites, including those of opposition groups and independent media outlets.
  • Mail.ru: A major Russian email provider and web portal
  • RuTube: The largest video-sharing platform in Russia

Impact of the Russian Internet on Russian Society

The Russian Internet has had a profound impact on Russian society. It has provided Russians with a new source of information and entertainment, and it has helped to connect them with people from all over the world. The Internet has also played a role in promoting democracy and freedom of expression in Russia.

Future of the Russian Internet

The future of the Russian Internet is uncertain. The Russian government is likely to continue to censor the Internet, and it is possible that the government will take further steps to isolate the Runet from the rest of the world. However, the Russian Internet is likely to remain a popular and important source of information and entertainment for Russians.

Technical Infrastructure

The Runet is connected to the global Internet through a network of backbone providers and peering agreements. These connections allow Russian Internet users to access websites and services hosted worldwide. Major Russian Internet service providers (ISPs) include Rostelecom, MegaFon, and MTS, which provide connectivity to millions of households and businesses.

Content Regulation and Censorship

The Russian government actively regulates and censors online content. The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) is responsible for enforcing these regulations, which include:

  • Blocking access to websites deemed illegal or harmful, such as those promoting extremism, violence, or child pornography
  • Requiring internet service providers to store user data and make it accessible to law enforcement agencies
  • Implementing deep packet inspection (DPI) to monitor and filter internet traffic
  • Mandating the removal of "disinformation" and "fake news"

Challenges and Future Outlook

The Runet faces challenges in terms of digital divide, with rural areas lacking adequate access to high-speed internet. Additionally, the increasing government control over the internet poses concerns for freedom of expression and innovation. Despite these challenges, the Runet is expected to continue growing and evolving, playing a significant role in Russian society and economy.

The development of the Russian Internet, also known as the Runet, has been a gradual process that began in the early 1990s following the collapse of the Soviet Union.

Early Stages (1990-1995)

  • Internet creation, commercialization of ISP, public ISP, first website (sovam.com launch), Russian search engine (rambler), Russian web browser (Aport).

Growth and Expansion (1995-2000)

  • The number of Internet users in Russia reached 100,000, Yandex, popular search engine founded, Russian social networking site, Odnoklassniki, VKontakte, the largest social networking site in Russia, was created. The number of Internet users in Russia reached 1 million in 2000.

Maturity and Regulation (2000s-Present)

  • 2004: The number of Internet users in Russia reached 10 million (2004), 50 million (2010), The Russian government began to increase its control over the Internet, blocking access to various websites and implementing stricter censorship measures (2014), The number of Internet users in Russia reached 100 million (2019), The Runet is a mature and widely used Internet with a unique set of characteristics, including its own popular websites, search engines, and social media platforms. However, it also faces challenges such as government censorship and digital divide (2023).

In summary, the development of the Runet has been a long and ongoing process, marked by both rapid growth and increasing government control. The future of the Runet is uncertain, but it is likely to continue to play a significant role in Russian society and economy.

It is difficult to estimate the exact cost of developing and running the Runet, as this information is not publicly available. However, some experts estimate that the total cost could be in the billions of dollars. This cost would include the development and maintenance of infrastructure, as well as the cost of content creation and censorship.

The development of the Runet's infrastructure would be a major expense. This would include the cost of building and operating data centers, as well as the cost of laying down fiber optic cables and other communication networks. The cost of developing and maintaining software and hardware for the Runet would also be significant.

The cost of content creation and censorship would also be a major factor. The Runet has a large number of websites and other online content, and this content must be created and maintained. Additionally, the Russian government censors a significant amount of content on the Runet, and this censorship costs money to implement and enforce.

The cost of developing and running the Runet is likely to be borne by a combination of sources, including the Russian government, private businesses, and individual users. The Russian government is likely to provide a significant amount of funding for the Runet, as it views the Internet as a key tool for economic development and social control. Private businesses will also play a role in funding the Runet, as they rely on the Internet for commerce and communication. Individual users will also contribute to the cost of the Runet, through their subscription fees to ISPs and their purchases of online content.

Both the Runet and the Chinese internet are heavily regulated by their respective governments. However, there are some key differences between the two.

Censorship: The Chinese government censors a wide range of online content, including political dissent, pornography, and Falun Gong. The Russian government also censors some online content, but its censorship is not as extensive as China's.

Access to foreign websites: The Chinese government blocks access to many foreign websites, including Google, Facebook, and YouTube. The Russian government does not block access to as many foreign websites, but it has blocked access to some opposition websites.

Social media: The most popular social media platforms in China are WeChat and Weibo. The most popular social media platforms in Russia are VKontakte and Odnoklassniki.

Online commerce: The most popular online shopping platforms in China are Alibaba and JD.com. The most popular online shopping platforms in Russia are Yandex.Market and Ozon.ru.

Overall, the Chinese internet is more tightly controlled by the government than the Runet. However, both the Runet and the Chinese internet are important sources of information and communication for their respective populations.

Here is a table summarizing the key differences between the Runet and the Chinese internet:

Feature

Runet

Chinese internet

Censorship

Moderate

Extensive

Access to foreign websites

Some restrictions

Many restrictions

Social media

VKontakte, Odnoklassniki

WeChat, Weibo

Online commerce

Yandex.Market, Ozon.ru

Alibaba, JD.com

 

 

The Runet architecture is a hybrid architecture that combines elements of both centralized and decentralized architectures.

Centralized elements

  • State control: The Russian government plays a significant role in the governance of the Runet. It licenses and regulates all internet service providers (ISPs) in the country. It also blocks access to websites that it deems to be illegal or harmful.
  • Major websites: A few major websites, such as Yandex and VKontakte, dominate the Runet. These websites are owned and operated by private companies, but they are subject to government censorship.
  • Technical infrastructure: The technical infrastructure of the Runet is largely owned and operated by private companies. However, the Russian government has the ability to monitor and control this infrastructure.

 

Decentralized elements

  • Small websites and blogs: There are a large number of small websites and blogs on the Runet.These websites are owned and operated by individuals and small businesses.
  • Peer-to-peer networks: Peer-to-peer networks are popular on the Runet. These networks allow users to share files and communicate with each other without the need for a central server.
  • Social media: Social media is another popular decentralized element of the Runet. There are a number of popular social media platforms on the Runet, including VKontakte and Odnoklassniki.

The hybrid architecture of the Runet gives it a number of advantages. It allows for a diversity of content and services, while still giving the government the ability to control the internet. This is a delicate balance that the Russian government has been trying to strike for many years.

For Indonesia to build similar architecture with Runet architecture, it should covers critical elements such:

  • The backbone: The backbone is the core of the Runet, and it consists of high-speed data connections that link major cities and regions.
  • ISPs: ISPs are the companies that provide internet access to individual users and businesses. They connect to the backbone at various points and then distribute internet traffic to their customers.
  • Content providers: Content providers are the companies that host websites and other online content. They connect to the backbone or to ISPs to make their content available to users.
  • Users: Users are the individuals and businesses that use the internet. They connect to the internet through ISPs and then access content from a variety of sources.

In these element, Indonesian government shall take most controls on strategic elements, such as:

  • Government controls: The Indonesian government shall place a number of controls in place to regulate the Indonesian Internet. These controls could be represented in the diagram as filters or firewalls.
  • Censorship: The Indonesian government also censors a certain amount of content on the Indonesian internet trafic. This censorship could be represented in the diagram as blocks or redirects.
  • Security: The Indonesian Internet is a target for hackers and cybercriminals. 

Indonesian Independent Internet architecture would be a complex to draw and implement. However, it would be a valuable to start now, later we sorry later, because we has the lousiest national internet protection infrastructure in the world.

China Independent Internet Lesson

In terms of China Independent Internet and Internet Protection, China has two main projects. First is the Golden Shield project, which protect its internet infrastructure from foreign access. Second is the Golden Great Firewall, which censor the entire internet usage in and out traffic and limit the unapproved traffic from their citizen.

 

 

Simplification China Independent Internet Architecture

 

The Golden Shield Project

The Golden Shield Project contains an integrated, multi-layered system, involving technical, administrative, public security, national security, publicity and many other departments. This project was planning to finish within five years, separated into two phases.

Phase I

The first phase of the project focused on the construction of the first-level, second-level, and the third-level information communication network, application database, shared platform, etc. The period was three years starting in 2003 when Public Security department of China has recorded 96% of the population information of mainland China into the database. (The information of 1.25 billion out of 1.3 billion people has recorded in the information database of the Public Security department of China.

This phase I cost 6.4 billion yuan (943 million usd) and run by 30.000 police officers to maintain the system. There was a multi-level system to track netizens violating the provisions. Netizens who want to use the internet in a cybercafé are required to show their Resident Identity Cards. If some violating event happened, the owner of the cybercafé can send the personal information to the police through the internet. It is called a public security automation system, but it is actually an integrated, multi-layered, internet blocking and monitoring system, involving the technical, administrative, public security, national security, publicity, etc. The features are known as: readable, listenable, and thinkable.

Phase II

The phase II project started in 2006. The main task was to enhance the terminal construction, and the public security business application system, trying to informatize of the public security work. The period was two years. 

Based on the phase I project, phase II project expanded the information application types of public security business, and informationized further public security information. The key points of this project included application system construction, system integration, the expansion of information centre, and information construction in central and western provinces. The system of was planning to strengthen the integration, to share and analysis of information. It would greatly enhance the information for the public security work support. 

Censored content

Mainland Chinese Internet censorship programs have censored Web sites, all social media, and internet publication to ensure all the contents are not violating government policies.

Simplified China Broadband Internet Architecture

 

Countless effort try to avoid this censorship gate, but government keep improving. Since at least 2015, the Russian Roskomnadzor agency collaborates with Chinese Great Firewall security officials in implementing its data retention and filtering infrastructure. 

Especially since 2022 Russian invasion of Ukraine, in order to combat disinformation and enforce the war censorship law, Russia authorities was making internet surveillance system akin to Chinese Great Firewall. 

Differences from the Great Firewall

The Golden Shield Project is distinct from the Great Firewall (GFW), which has a different mission. The differences are listed below:

Politically,

1.     The GFW is a tool for the propaganda system, whereas the Golden Shield Project is a tool for the public security system.

2.     The original requirements of the GFW are from the 610 office, whereas the original requirements of the Golden Shield Project are from the public security department.

3.     The GFW is a national gateway for filtering foreign websites, whereas the Golden Shield Project is for monitoring the domestic internet.

Technically,

1.     The GFW is attached to the three national internet exchange centres, and then spread to some of the ISPs to implement the blocking effect, whereas the Golden Shield Project stations in the most exchange centres and data centres.

2.     The GFW is very powerful in scientific research, including many information security scientists, such as people from Harbin Institute of Technology, Chinese Academy of Sciences, and Beijing University of Posts and Telecommunications, whereas the Golden Shield Project is less powerful in scientific research.

3.     The GFW is built by Fang Binxing, whereas the Golden Shield Project is built by Shen Changxiang

 

The Runet and China GFW is not totally independent. The Russian and China government has a significant amount of control over the their internet system internally. For example, it licenses and regulates all ISPs in the country and blocks access to websites that it deems to be illegal or harmful.

Both Government, The Russian and China control over their internet is based on a number of factors, including:

  • The government's view of the internet as a tool for social control.
  • The government's concern about the spread of Western values and ideas.
  • The government's desire to protect its economy from cyberattacks.

The government's control over the internet has been criticized by some as being a violation of freedom of speech. However, both government argues that its control is necessary to protect national security and to promote social stability.

Although no country has a completely independent internet protocol but to have independent internet protocol would save many business and Indonesian entities from global attack and cultural infiltration that is not following the national culture and belief system.

 

How to build a secure independent protocols? 

We can start to design and implement independent internet protocol that apply for Indonesian business and government official only to protect the confidentiality, integrity, and availability of data that is transmitted over the internet. We can start from scratch or we modify and enhance the available secure independent protocols such as TLS, IPsec, SSH, PGP, TOR.

Secure independent protocols are essential for protecting the confidentiality, integrity, and availability of data that is transmitted over the internet. They are used by a wide range of organizations, including businesses, governments, and individuals. By using secure independent protocols, internet users in Indonesia can help to protect their privacy and security online.

We need to start somewhere, soon, before we are too open wide and easily targeted by global attackers, either private hackers or foreign government agencies.

With current biometric technology that used widely in Indonesia, we can start to enable independent internet in the financial industry, by adopting the Zero Trust framework in the online transaction. Using our KTP el that connected to the Dukcapil or other entities, we can verify and always verifying who does what in the internet and limit the activities based on their need to know and to do over the internet.

Financial industry could afford this technology, so called the eKYC, combined with secure independent internet technology that developed by Indonesian for Indonesian, will increase the trust of online banking transactions in the same time protecting the most lucrative industry to be attacked by the ransomware practitioner, the national Bank. Moving forward, military and government agencies should have a billion USD protection, to protect themselves from foreign attacks and their citizen. From our point of view, protecting the gate to Indonesian government will be cheaper rather than protecting millions of Indonesian internet asset that has direct vulnerable access to the global internet. Further, our telco industry has a budget to provide Indonesian internet access throughout the country, why not make it secure and independent from the first place?

Reference:

https://journals.sagepub.com/doi/10.1177/20594364231202203

https://digital.report/russia-state-of-affairs-report/

https://www.cia.gov/library/publications/the-world-factbook/geos/rs.html

https://en.wikipedia.org/wiki/Golden_Shield_Project

https://en.wikipedia.org/wiki/Golden_projects

https://en.wikipedia.org/wiki/Internet_censorship_in_China

https://en.wikipedia.org/wiki/Internet_in_China

https://en.wikipedia.org/wiki/Golden_Shield_Project

https://en.wikipedia.org/wiki/File:Topology_of_the_Chinese_firewall.svg

https://edition.cnn.com/2023/11/10/investing/icbc-ransomware-attack-hnk-intl/index.html

https://edition.cnn.com/2023/11/10/tech/ransomware-attack-industrial-and-commercial-bank-of-china-financial-sector/index.html

https://www.reuters.com/technology/cybersecurity/icbc-ransomware-attack-triggers-global-regulator-trader-scrutiny-2023-11-10/

Scroll to Top