2.3.1. Structural changes
The early 2000s saw a massive and rapid expansion of the FSB, including into the cyber arena.
On March 11, 2003, President Putin split the FAPSI between the FSB, the SVR, and the Federal Protective Service (FSO), in charge of providing protection for him and other high-level officials.
Government communications and polling of public opinion were considered such a sensitive domain they were given to the FSO to supervise — and within that agency, the Service of Special Communication and Information (Sluzhba Specialnoy Svazyi I Informatsii; SSSI). The 3rd Directorate was moved to the FSB and became the 16th Center of the FSB (the Center of Electronic Intelligence in Communications). The regional ELINT units of the FAPSI were reorganized into the FSB Information Reception Centers.
In 2004, the FSB underwent administrative reform just like the rest of the federal agencies. Departments were renamed as services, and the UKIB was turned into the Information Security Center (TsIB or Centr Informatsionnoy Bezopasnosti) or the 18th Center of the FSB. The new center remained within the Service of Counterintelligence.
The FSB was divided into two large parts. The operations departments carried out counterintelligence, intelligence, counterterrorism, and other activities, whereas the support side of the organization included such activities as creating and providing special technical equipment and meeting other material needs. The TsIB was situated in the operations department, which was the most proactive. It was involved not only in the technical protection of computer networks but also in active operational surveillance, clandestine activity, and intelligence collection on the Internet. Inside the TsIB, the Operative Directorate was created to conduct operations.
The SVR founded a scientific production center, Delta, to conduct research and development (R&D) on cyber issues. Delta was subordinate to the Directorate of Informatization of the SVR.
2.3.2. Cyber policymaking
Sherstyuk continued to define cyber policy while at the Security Council, the central body at the Presidential Administration responsible for managing the formulation and execution of security-related policies, though his position changed. In 2004, he was demoted to the position of assistant to the head of the Security Council. He was forced to rely on the FSB’s support since the most important departments of his former agency had been incorporated into the FSB. He also ensured the continued existence of the Institute for Information Security Issues at Moscow State University.
At the Foreign Ministry, Sherstyuk’s team was supported by Andrei Krutskikh, an arms control talks veteran who shared Sherstyuk’s approach to cyber issues detailed in the “Doctrine of the Information Security of the Russian Federation.”
The General Staff was sidelined by the FSB, which, for the most part of the 2000s, successfully rebuffed all attempts by the military to expand into the area of cyber.
2.3.4. Modus operandi under development
The 2000s were the period when the first cyberattacks took place beyond Russia’s borders, including an attack on Estonia in 2007. Proxy groups affiliated with the Presidential Administration took responsibility for these attacks. APT29 or Cozy Bear — a Russian hacker group believed by Western cyber experts to be affiliated with either the FSB or SVR — was operational since at least 2008, according to Western experts.
2.3.5. Recruitment and training
The former FAPSI directorates, now within the FSB, continued recruiting from MEPhI, MFTI, and the Physics and Math Department at Moscow State University.
In training, the IKSI, previously within the FAPSI, was placed under the control of the FSB and became part of the FSB Academy.
The national program of training of civilian rank and file was significantly expanded: 73 Russian universities and high schools came to teach information security, united in the UMO IB. The chief institution supervising the association was the IKSI, which defined the UMO IB’s requirements and guidelines. Of the 73 universities and high schools, only five institutions were military; the rest were higher polytechnic schools and state universities across the country.
Training in cyber followed the Soviet model of prioritizing loyalty and technical prowess over ethical considerations, resulting in an effective and devoted cyber workforce. After being recruited, students rarely, if ever, questioned why they were tasked with attacking Western or domestic targets, including Russian journalists and opposition politicians. Once again, the Soviet legacy is to blame. The Soviet Union had the biggest engineering community in the world because of its huge military-industrial complex — a collection of industries and research facilities which worked exclusively for the Soviet army and the KGB. To serve it, Josef Stalin founded dozens of technical schools all over the country. For many decades, Soviet engineers were schooled intensively in technical subjects but rarely had exposure to the humanities. The scope of their education was exceedingly narrow. Unlike medical doctors who were trained in ethics, engineers were not. They were taught to be technical servants of the state. They were also taught secrecy since most of them were meant to work for the military-industrial complex of the KGB. As a result, generations of engineers were trained and worked their entire lives with little understanding of politics or trust of politicians and were suspicious of public activity as a whole. That system was never reformed after the collapse of the Soviet Union. After Putin became president, the Soviet approach to technical education based on secrecy and patriotism was only reaffirmed.
In addition, Russia’s security services adopted a new tactic: approaching Russian criminal hackers and recruiting them. The FSB found itself in a good spot because the TsIB was tasked to prosecute criminal hackers. Thus, they were able to give the hackers a choice: either join the FSB or go to prison. Of course, some accepted and even joined the TsIB. The 2008 Russia-Georgia war only helped to solidify this new approach, but there are reports that some Russian hackers had been recruited even before the war.
In 2009, the Education Ministry introduced a new educational standard that institutionalized “information security” as an area of study in Russian universities — cyber became a national priority in Russia’s higher education.