Securing the Georgian Internet Infrastructure
The Russian brand Beeline recently announced its intentions to purchase a part of Caucasus Online, the leading internet provider in Georgia, potentially giving Beeline a controlling stake in critical Georgian telecommunications infrastructure. The question arises as to whether or not the Beeline acquisition of Caucasus Online is in the best interest of Georgia considering that vast import of the infrastructure to national security and the past cyber attacks Russia launched against Georgia in 2008.
Beeline, the Russian telecommunications brand by OJSC VimpelCom, a subsidiary of VimpelCom Ltd. of Amsterdam, is headquartered in Moscow and is Russia’s second largest telecommunications operator. VimpelCom merged with Kyivstar to form VimpelCom Ltd. in May of 2010, now the largest telecommunications operator group in the Commonwealth of Independent States. Alexander Izosimov, CEO of OJSC VimpelCom, was appointed president. VimpelCom, founded in 1992, has a license portfolio covering 97% of Russian territory, as well as 100% of the territory of Kazakhstan, Ukraine, Uzbekistan, Tajikistan, Georgia, and Armenia.
In light of the potential Beeline acquisition, how can Georgia ensure the integrity and security of the internet infrastructure while nurturing growth in the technology that plays such a vital role in Georgian society and national defense?
We can look at this from two points of view; regulatory and enforcement.
From a regulatory perspective, the government must continue to develop and nurture the existing public/private security framework that has created the standards followed by critical infrastructure owners and operators. These rules are what allow owners and operators to improve infrastructure while providing acceptable safeguards ensuring privacy, security, accessibility and compliance.
From an enforcement standpoint, it is imperative that Georgia has both the tools and the ability to guard against real and existential threats to critical internet infrastructure. Georgia must secure itself from future threats by ensuring its own ability to carry out the law while enforcing the law against those who fail to abide by it. What do these potential threats looks like?
- The ability to censor the flow of internet traffic or to simply ‘turn off’ the internet at will.
- Monitoring unencrypted data exchanges.
- Injecting data/malware into the data stream.
- For controlling operators and owners, especially in the case of majority control over infrastructure, to guard against collusion, unfair price controls, stagnation of technological advancement, or any other activities that stifle burgeoning Georgian commerce, communication and security.
- The ability to completely monopolize the market through unfair trade practices.
The second question arises, and in light of the 2008 Russian cyber attacks against Georgia, would a controlling stake in Georgian infrastructure by Beeline facilitate future transgressions?
As noted above, the internet can be shut off, which the Egyptian government did nationwide in 2011. Critical communications services can be censored or disabled, as seen in both Iran and China. Unencrypted data transfers can be monitored and malware injected into the data stream. With Beeline controlling a majority stake in Georgian internet infrastructure, does it become that much simpler to enact these threats?
Are strong regulation and enforcement, along with shared responsibility from both the public and private sectors, enough to ensure the security and the integrity of critical internet infrastructure? Are we risking the privacy, security and integrity of Georgian internet infrastructure through the sale of Caucasus Online to Beeline?