The Internet of Things to be introduced in Russia
Following the introduction of mandatory identification of messenger users, the authorities thought about monitoring the so-called “The Internet of Things.” Hackers use such devices to organize attacks on banks.
By September 2019, a legislative basis for “identification of users' Internet of Things” is to be introduced in Russia. This is reported in the project for Digital Economics plan of activities on Information Security for 2018-2020 (the program itself extends to 2024). Three members of the working group have confirmed the relevance of this version of the plan to RBC. However, the document will be further refined; one of the members specifies that its final version should be approved by the government commission before the end of the year.
The Internet of Things or IoT is a concept, which is built on the principle of connecting surrounding objects – such as personal car, refrigerator, toothbrush, light bulb, etc. — to the Internet and their interaction with each other and the outside world with little or no human involvement. Cisco estimates that the number of connected devices exceeded the world population in 2008-2009. By 2020, according to the forecast of the American edition of Business Insider, the number of such devices will reach 34 billion, 24 billion of which accounts for devices related to the Internet of things.
As a member of the working group explained, it is not a question of identifying users who have IoT devices, but of assigning unique identifiers to devices themselves. “This is necessary for the network stability. A great deal of various IoT devices operating under different standards and protocols are being released today. With the growth of this market, more and more conflicts and failures can occur in the network when they are connected. For this reason, the state wants to reserve the right to regulate this market by issuing identifiers for IoT devices,” said the interlocutor. Who will issue the IDs, whether this process will be paid and other details have not been determined yet, he specified.
According to the plan of activities, the Ministry of Communications will be responsible for preparing a regulatory act introducing identification for IoT devices. The representative of the ministry has not answered the questions.
“IoT devices connected to the Internet should be subject to regulation, which will prevent them from being used in DDoS attacks organization (distributed denial of service, its purpose is to cause an overload on the victim's server or site with the help of a large number of incoming requests — RBC editor’s note),” IoT Association Head Andrey Kolesnikov believes. Whereas previously such requests had been sent from computers, today, IoT devices connected to the network, such as routers, refrigerators, and light bulbs are used more often.
In November 2016, the Central Bank of Russia officially recognized that the DDoS attack on several large Russian banks, including Sberbank, Otkrytie Bank, and Alfa Bank, had been committed by hackers using devices related to the Internet of things. According to preliminary estimates by iKS-Consulting, there will be 13 million sensors and IoT devices connected to the Internet via a SIM card in 2017 in Russia; by 2018, their number could grow to 15.2 million.
A co-owner of the IT-holding Ambite Anatoly Smorgonsky believes that “the identification of any device performing the communication function” is necessary for the stability of the network and the device itself. “The range of IoT devices and the scope of their application is increasing very rapidly. There is nothing surprising in the need to apply uniform identification rules. It’s a step in the right direction. However, it is very important that such rules and controls do not interfere with the very fact of IoT distribution,” Smorgonsky said.
Everyone will be identified
According to the plan of activities, in addition to Internet of things identification, by September 2019, the requirement “on the identification of users of communication and other information interaction services” should be added to the legislation. Previously, the authorities had approved the requirement of mandatory identification of messenger users. Starting on January 1, 2018, owners of such services will enter into contracts with mobile operators and require users to provide mobile phone numbers to further identify them through the operator’s database.
At a meeting held on October 26, the Security Council of Russia instructed the Ministry of Communications and the Federal Security Service to extend the requirements for mandatory identification of users to online games and social networks. The officials fear that terrorists may use such services for communication.
According to Margarita Vennberg, Ivan Rubin borrowed 40 thousand euros from businessman Vladimir Tyurenkov about a year ago. When Rubin delayed payments, Tyurenkov raised interest, and the amount of the debt increased to 70 thousand euros.