- Статьи
- Society
- "The information space has become a new environment of confrontation between countries"
"The information space has become a new environment of confrontation between countries"
In 2025, Roskomnadzor repelled more than 5,000 DDoS attacks on the resources of Russian organizations, prevented about 158 million calls from fake numbers, which are often used by criminals. In a short period of time, the agency has created a number of federal-level systems that help Russian organizations counter information threats and protect people from cybercriminals. Izvestia had a conversation with Oleg Terlyakov, Deputy head of Roskomnadzor, about strengthening digital sovereignty and developing domestic technologies.
"The first swallow was the law on the sovereign Internet"
— After 2022, Russia is facing new aggressive challenges in the information sphere. The tasks of ensuring digital sovereignty have become particularly relevant. What does this concept include and what is the role of Roskomnadzor in ensuring the country's digital sovereignty?
— I would not say that the challenges in the information sphere were new to us. The risks of massive DDoS attacks on Russian systems and networks, the introduction of new encryption protocols to circumvent the blocking of illegal content, the use of anonymity in communication networks for criminal purposes, dependence on foreign software and hardware platforms, and many other problems were predicted back in 2014.
At that time, not everyone in the industry understood the importance of solving these problems. Largely due to the instructions of the President of the Russian Federation, it was possible to move the work on improving legislation in this area from a dead end and take the necessary organizational and technical measures in a timely manner.
The first milestone was the so-called law on the sovereign Internet, adopted in 2019, which laid the foundations for the independent construction and secure functioning of the Russian segment of the Internet. In accordance with this law, in 2020, Roskomnadzor created the Center for Monitoring and Management of Communication Networks (CMU SSOP) and began creating special systems for the secure operation of the Internet (ASBI, RANR, NSDI, IS CMU, etc.).
The law provided for an important mechanism for conducting annual exercises on communication networks, which initiated systematic work to identify new risks and threats to the Russian information infrastructure. And following the results of the 2020-2024 exercises, Roskomnadzor created new technical tools to protect Russian systems and networks and ensure the safety of citizens (KSIM, Antifraud, NSPA, GeoIP, and Security Scanner). To a large extent, these measures have warned Russia's readiness for the growing threats in the information sphere and have identified new tasks for Roskomnadzor to ensure the integrity, stability and security of the functioning of communication networks and the Internet.
— Pressure on Russia is coming in various ways, including through threats to disconnect our country from the Global Internet. Is Russia ready for such a development?
— To answer the question, it is necessary to clarify the meaning that we mean when we talk about disconnecting Russia from the Global Network, and what negative consequences this may entail for our country. There is no special button in the world that can be pressed and completely disconnect the national segment of the Internet from other segments. However, there are a number of critical elements that affect the availability of national resources and the connectivity of networks.
First of all, it is a global system of domain name root servers, which is managed under the jurisdiction of the United States. Without going into deep technical details, I would like to note that the distortion of information in the root servers, blocking access to them from the Russian segment of the network can lead to a violation of the availability of resources of the national zone (.RU, .RF, .SU and other Russian top-level domains), as well as access to foreign resources from Russia.
To prevent this from happening, the National Domain Name System (NSDI) was created in 2020, which constantly checks information about top-level domains and provides reliable information to telecom operators and other interested participants in network interaction. Currently, 99% of telecom operators and 92% of owners of autonomous systems use NSDI. This year, the number of daily requests to NSDI has exceeded 40 billion.
Another important source of information necessary for the stable operation of the Internet is data from international network address registries (for example, RIPE NCC), access to which may also be restricted for our telecom operators and owners of autonomous systems. In order to maintain stable traffic routing in the Russian segment of the Internet, the Register of Address-Numbered Resources (RANR) was also created in 2020, which contains information about Russian network addresses, autonomous systems and their connections. All Russian owners of autonomous systems are connected to the RANR.
It is important to understand that these tools are primarily aimed at maintaining the availability of domestic Internet resources and systems in Russia. When Russian resources or services use foreign infrastructure for their work (including the infrastructure of foreign hosting providers and content delivery networks), the government cannot guarantee their availability if the West decides to block access to foreign autonomous systems from Russia. In addition, foreign network infrastructure is constantly being used to attack Russian communications networks and systems and may also be blocked from our side for protection purposes.
Roskomnadzor regularly reminds Russian website and system owners about information security risks and restrictions on access to their resources when using foreign infrastructure.
"NSPA protects entire network segments from DDoS attacks"
— After the start of the SVR, the number of DDoS attacks on the resources of Russian organizations began to grow rapidly. The purpose of the attacks is to create chaos, disrupt systems, and cause economic and reputational damage. How is the line of defense being built here?
— The number, duration and power of DDoS attacks on the Russian information infrastructure are growing year by year. According to our estimates, their number has doubled over the past year. The infrastructures of large holdings, hosting providers, and networks of telecom operators are being attacked.
Back in 2023, as part of exercises on communication networks, we tested the possibilities of filtering malicious DDoS traffic from abroad at cross-border communication hubs. And already in 2024, we put into operation the National System for Countering DDoS Attacks (NSPA).
NSPA is a unique system of protection against DDoS attacks nationwide, which protects not only individual resources, but also entire segments of communication networks from DDoS attacks. The NSPA has proven itself well in organizing important public events, such as the election of the President of the Russian Federation, a single voting day, and the holding of international sports games and forums.
During its operation, the system helped repel more than 15,000 DDoS attacks, of which more than 5,000 from January to June 2025. To date, over 8,000 resources from more than a thousand organizations have been connected to the system, including large government and private structures, telecommunications companies, banks, and owners of critical information infrastructure.
All users of the system, whose number continues to grow, and the professional community highly appreciate the work of the NSPA. Representatives of the IT industry express great interest in the development of this tool. Together with the National Computer Incident Coordination Center, we are working on the possibility of organizing an operational exchange of information on the infrastructure used to carry out DDoS attacks on the basis of the NSPA. This will allow our business to proactively receive information about their sources.
At the same time as the NSPA, we launched the GeoIP service to provide reliable information about the geographical affiliation of network addresses. The fact is that even before their foreign network address geolocation services distorted information about our network resources, which led to false blocking and unavailability of Russian resources. Now our network and system owners have received an independent and up-to-date source of IP address geolocation data to use when configuring DDoS protection systems.
— In addition to DDoS attacks, there are many incidents of compromising the data of various companies and their customers. How is the line of defense built in this direction?
— There are many foreign information security vulnerability detection services on the Internet that scan connections, determine the ports used, software, its versions and settings. The analysis of this information makes it possible to identify vulnerabilities in information systems and resources.
Foreign services legally provide their services to ensure information security, including to Russian organizations. However, the information received by the service can be used not for protection, but for organizing an attack on a separate system or on systems in a complex. In a short time, you can scan the entire Russian segment of the Network and get information about the state of information security of systems and services nationwide. To counter this threat, in 2023-2024, Roskomnadzor began to solve two tasks: limiting the ability of foreign services to scan our information security "landscape" and creating a trusted source of vulnerability information, the Security Scanner information system.
The system, in fact, performs the same functions as foreign services, including providing a report describing the identified vulnerabilities for Russian organizations and recommendations for their elimination, and monitoring their implementation by service owners. In the period from 2024 to 2025, the results of the scan revealed more than 22 thousand vulnerabilities in the Russian infrastructure. Of these, 21.5 thousand vulnerabilities have been eliminated.
The number of types of vulnerabilities is constantly growing. To effectively identify them, search algorithms are constantly being refined. An important task of the system is the timely provision of information about vulnerabilities to the authorities authorized in the field of information security: the FSB of Russia and the FSTEC of Russia. The development and regulation of the system is a common interdepartmental task.
"The information space has become a new environment of confrontation"
— One of the weapons in the hands of criminals is destructive information that affects the minds of our citizens, especially young people, changes the way people think, and calls into question traditional Russian values. How does Roskomnadzor defend itself in the information war?
— Indeed, the information space has become a new environment of confrontation between countries. The Internet has become a global technical tool for public communication and information impact.
The palette of aggressive actions is very diverse. The enemy uses various Internet platforms to sow ethnic and interfaith discord, molest minors, distribute drugs and weapons, cheat, incite violence and suicide, intimidate and recruit, distort historical truth, and much more. Information "sabotage" and large—scale operations are both temporary and long-term in nature, but the main goal is the same - to destabilize and disintegrate Russian society, to undermine its healthy development.
Since 2019, we have been developing an Automated Security System for the Russian Segment of the Internet (ASBI) to effectively repel information attacks and protect our information space on the Internet. The system operates on more than 1,400 communication nodes, and 100% of Russian Internet traffic passes through it. ASBI management capabilities allow you to flexibly and quickly set up policies to restrict access to illegal information throughout the country and in individual regions.
Currently, the system restricts the operation of more than 1 million information resources banned in the Russian Federation. ASBI works in conjunction with systems for monitoring and detecting illegal information. ASBI restricts access to an average of 5.5 thousand new network addresses and domains per day. The system also contributes to the fight against fraud. In 2025, access to more than 75,000 phishing resources used by criminals in fraudulent schemes was promptly restricted.
In the information space, as well as on the battlefield, the enemy is constantly trying to break through defenses. Information is already appearing in open sources about the coordination at the White House level of the activities of companies such as Amazon, Google, Microsoft, and CloudFlare to develop anti-blocking tools and support VPN projects. VPN services installed by users are actively being used to collect personal data.
Another serious challenge is the growing number of ways and means of circumventing locks. New encryption protocols are being introduced, methods of disguising malicious traffic as legitimate, and the capacities of foreign information infrastructure are being widely used for the constant migration of illegal resources and VPN services. At the same time, our companies are completing the development of VPN services that are safe for citizens and businesses.
— Scammers are active not only on the Internet, but also in telephone networks. They force people to provide them with personal information using methods of psychological influence. Is there a way to stop the criminals?
— One of the main sources of threats in telephone networks is anonymity, which allows attackers to commit crimes with impunity. The problem was largely related to the lack of legal requirements regarding the identification of subscribers to mobile telephone networks and technical tools for monitoring their compliance to verify the accuracy of subscriber information.
The main reasons that allowed attackers to receive anonymous communication services were the abuse of operators and their dealers when selling SIM cards, the lack of tools to verify the authenticity of documents of foreign persons, the possibility of purchasing an unlimited number of SIM cards per individual, and the uncontrolled transfer of SIM cards to third parties.
Another source of anonymity was the technical ability of telecom operators to substitute phone numbers when making calls, which was also used by criminals. Starting in 2022, the legislative and executive authorities are working together to tighten the rules governing the verification of subscriber information and to strengthen liability measures for violations of the requirements for the sale of SIM cards.
The first "building blocks" for ensuring security in telephone networks were the system for monitoring the status of identification modules (KSIM) and the Antifraud system created by Roskomnadzor in 2023 as part of the implementation of Federal Law No. 319-FZ.
The commissioning of the KSIM system made it possible to ensure the relevance of subscriber databases of mobile telecom operators in a short time. The system provides continuous reconciliation of subscriber data from all mobile operators with data from the systems of the Ministry of Internal Affairs of Russia, the Federal Tax Service and the ESIA. During the operation of the system, 480 million numbers were checked, of which 16.5 million were blocked.
The results of the system's operation in 2023-2024 made it possible to identify new vulnerabilities in subscriber identification, based on the analysis of which amendments were made to legislation (No. 303-FZ). In accordance with the changes, in 2025, KSIM implemented mechanisms for monitoring the implementation of new requirements for the procedure for concluding subscription agreements with foreigners and the number of SIM cards issued to one subscriber.
The Antifraud system has eliminated the possibility of fraudsters using number substitution in Russian telephone networks: all active telephone operators, and there are more than 1,100 of them, exchange information about calls in real time and block unconfirmed ones. On average, the system processes more than 440 million calls per day, of which about 1.2 million are number-swapping calls.
It is becoming increasingly difficult for criminals to anonymously use Russian phone numbers to commit crimes. They are forced to look for alternative channels of communication with potential victims where identification and verification of calls are not yet provided (messengers, virtual PBX). Therefore, work on the development of legislation and technical anti-fraud tools has not stopped.
"We see strengthening the role of the state as one of our priorities"
— What other systems has Roskomnadzor created to strengthen digital sovereignty?
— At the end of 2019, only telecom operators providing communication services and electronic devices were systematically recorded at the state level. At the same time, the Government did not have information about how the public communications network was organized, what its topology and infrastructure were, the state of operation, and interaction with foreign networks.
To ensure the digital sovereignty of the country, first of all, it was necessary to define the boundaries of our network infrastructure. The process began in 2020 with the creation of the CMU SSOP information systems. In addition to collecting information, it was necessary to form a professional team, organize round-the-clock duty and interaction with the on-duty services of telecom operators, and much more.
A lot of work has been done by the Roskomnadzor team and the Main Radio Frequency Center: control of Russian Internet traffic routes, monitoring of incidents and accidents on communication networks, registers of traffic exchange points, cross-border communication hubs, and hosting providers have been created.
It is important to understand that all the mentioned systems are interconnected and ensure the operation of each other. For example, the CMU SSOP system ensures the planning, development and functioning of ASBI, providing information about operators and their communication nodes for the installation of technical means to counter threats. ASBI, in turn, provides information about routes and monitors incidents on communication networks. And so is every system, be it RANR, NSDI, NSPA or another. Therefore, their development should take place in a comprehensive and simultaneous manner.
— What are Roskomnadzor's priorities in strengthening digital sovereignty today?
— We see the strengthening of the role of the state in planning the development of communication networks as one of the priorities for strengthening sovereignty. And this task should cover not only the regulation of the use of the radio frequency spectrum, but also the construction of fixed communication networks, ensuring their stability and technological independence.
The development of communication networks should not only be carried out in the commercial interests of operators, but also take into account the needs of the economy, the population, as well as issues of ensuring the safety and quality of communication services. Forecasting and strategic planning require appropriate technical tools, methods, and algorithms for processing network infrastructure data.
Now, together with the Ministry of Finance of Russia, we are resuming work on the project "General scheme of development of communication networks". Let me remind you that in Soviet times, the construction of communication networks was carried out in accordance with the general scheme of development of communication networks. The document, approved at the state level, included issues of both geographical development of networks, investments and technologies, as well as redundancy and security requirements for communication facilities. At the same time, issues related to the development of energy grids, transport infrastructure and the possibilities of related industries were interconnected.
At the same time, the issues of ensuring the survivability of communication networks are acute in conditions of the possibility of hitting communication lines and structures with military means. In order to identify and eliminate the weaknesses of building communication networks and ensuring their redundancy, it is necessary to carry out an inventory of the so-called primary communication networks (physical lines and communication facilities).
Another component of the development of communication networks is the quality of communication services. The need to establish uniform standards for the quality of communication services, create and implement tools for monitoring them, and consolidate the authority to verify them is long overdue.
The systems created in Roskomnadzor laid the foundations for regular and systematic work to protect the infrastructure and ensure the information security of Russian users of communication services. It is important not to stop and continue the development of existing technical tools and created systems for the safe functioning of the Internet.
Переведено сервисом «Яндекс Переводчик»
