Georgia’s Cyber Security Challenge

In the contemporary world, our personal life has become increasingly dependent on the technologies that humanity has developed. Over decades, the internet has granted us inexhaustible sources of beneficial information together with limitless entertainment. Yet the virtual realm has also been known for the exposure of our personal data to the domestic or foreign intelligence services. While the recent attempt of President Margvelashvili to limit unwarranted domestic cyber surveillance has failed, it is also important to review Georgia’s capabilities of defending its citizenry from foreign cyber espionage.

Cyberwarfare is a type of an asymmetric warfare that has developed concurrently with the advancement of the internet, possessing two types of threat: espionage and sabotage, both of which can be used regardless of whether the country is engaged in actual conflict or not. Undoubtedly, it is the government’s responsibility to mitigate these threats to protect the state apparatus as well as the population, however the endeavour requires costly modernization of cyber-defence capabilities.

In the case of Georgia, the need for modifications in the cyber-defence mechanisms were vividly demonstrated during the 2008 Russian-Georgian conflict. 2008 is an important milestone as it presents the first historical case when a coordinated cyber-attack was synchronized with major combat actions, providing Russia an advantage on four fronts: ground, air, naval, and cyber. 54 websites in Georgia related to communications, finance, and the government were attacked by rogue elements within Russia, demonstrating Georgia’s defencelessness and eventually lowering public morale during the crisis. Although the cyber-attacks seemingly supported Russian aggression, the Kremlin has not acknowledged or claimed responsibility for the attacks.

In the aftermath of the conflict, the Georgian government vowed to improve the cyber-defence capabilities of the country and introduced a relatively modernized Cyber Security Bureau. Nonetheless, this article intends to emphasize the overlooked weaknesses of the Georgian cyberspace. Inspired by Edward Snowden’s revelations, the investigation aims to expose plausible contemporary cyber-espionage conducted by the Russian secret services against Georgia, using fibre-optic cables.

Suggested by Snowden’s revelations, the secret services, such as Britain’s Government Communications Headquarters (GCHQ) and the American National Security Agency (NSA), have successfully used connected fibre-optic cables which carry internet traffic as well as phone calls, to collect and store a vast amount of private data, including emails and Facebook messages, of foreign citizens. With Georgia, the fibre-optic cable providing internet for the Georgian people comes directly from Novorossiysk, Russia. In fact, the cable system connecting Novorossiysk and Poti was established in 1999 by Russia’s Rostelecom and Georgia’s FOPTNET. Thereupon, Georgia voluntarily enabled Russia to manipulate Georgian internet traffic at will, and to create a cyber-blockade during the 2008 conflict.

Today, Georgian cyberspace is as vulnerable as ever. The internet traffic provided by Rostelecom, does not guarantee the much needed security of Georgian virtual data. On the contrary, the scandal involving Rostelecom’s cooperation with the Russian Federal Security Service (FSB) during the Sochi Olympics, suggests needed rethink of Georgia’s partnership with this ambiguous company. Moreover, Russia’s secret system for electronic surveillance, SORM (Система Оперативно-Розыскных Мероприятий), together with the surveillance law passed in 1995, allows the FSB to access the data of any Russia-based network company, including Rostelecom. One would suggest that, in order to secure the privacy of its citizens, the Georgian government should seek to disconnect from the Novorossiysk cables and connect to relatively safer fibre-optics provided by Turkey. Nevertheless, with the rise of Erdogan’s authoritative power, this option remains questionable.

One of the possible solutions to Georgia’s contemporary cyber dilemma is to rely solely on the Caucasus Cable System – a Georgian-owned submarine communications cable linking Poti to Balchik, Bulgaria. The 1182-kilometre cable provides cyber independence from Russia and Turkey, and enables Georgia to provide a safer internet pathway for Ukraine as the cable system can also be reached from ports like Odessa. Apart from Ukraine, the Caucasus Cable System opens up opportunities for Armenia and Azerbaijan to avoid Russia’s cyber espionage by partnering with Georgian network providers. While there have been attempts to purchase the cables by Russian companies such as VimpelCom, the system remains under the ownership of a Georgian major internet service provider. In sum, Georgia, due to its strategic location, has the potential to offer safe internet passage for itself as well as its neighbors, while posing a considerable challenge to the regional powers such as Russia and Turkey. This potential should be highly prioritized, as the virtual realm is becoming increasingly significant on a day-to-day basis in Georgia.

Zurab Khutsianidze

18 May 2017 18:30