Russia has long leveraged cyber as an offensive weapon. Its security agencies, military, and private cyber companies threaten to hack into critical infrastructure around the globe.
In response, the US slapped sanctions in April 2021 against “technology companies that support Russian Intelligence Services to carry out malicious cyber activities against the United States.” This was almost a year before the invasion of Ukraine.
Today, it is clear that these sanctions are ineffective. Russian cyber companies are flourishing. They benefit from the departure of Western companies from the Russian market, sucking up domestic contracts and hiring top-flight laid-off engineers. Russia’s spring offensive in Ukraine could include stepped-up cyberattacks.
A good example of a thriving Russian cybersecurity company is Positive Technologies. Launched in 2002, Positive Technologies grew into a global leader in testing for network vulnerabilities, publishing well-regarded research. The company organized hacker competitions such as the Positive Hack Days, used by the FSB and military intelligence to recruit promising talent.
The US included Positive Technologies in its 2021 sanctions, determining that it “provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts large-scale conventions that are used as recruiting events for (Russian Intelligence Services) FSB and GRU.“
Positive Technologies pressed ahead anyhow with plans for an initial public offering. In December 2021, the company went public on the Moscow Stock Exchange.
The US kept increasing the heat. In November 2021, it added Positive Technologies to its Entity List, tightening restrictions on trading with the company. US authorities accused it of “acting contrary to the foreign policy and national security interests of the United States,” specifically by trafficking in “cyber exploits used to gain access to information systems, and threatening the privacy and security of individuals and organizations worldwide.”
When Russia invaded Ukraine, many in the West believed that Russian tanks would be accompanied by a devastating cyberattack on Ukraine’s civilian and military infrastructure. Although the massive Russian cyber offensive failed to materialize, policymakers forced Western cyber firms to shut down in Russia.
Positive Technologies emerged reinvigorated.
The company’s 2022 sales reached: 13.8 billion rubles ($184 million) in sales, against 7.1 billion rubles ($94 million) in 2021. Its shares rose 3.75%. Positive’s capitalization now exceeds 110 billion rubles ($1.3 billion), putting it in the top three most valuable IT companies on the Moscow Exchange.
These strong financial results reflect how the company benefited from the void left by Western companies leaving Russia. During the second half of 2022, the company raised its prices by up to 30%. Positive Technologies’ Chief Financial Officer Alla Makarova said that the company considered the exodus of foreign competitors as “a positive factor, something “we will still monetize during not only 2022: the main effect, probably, will have both in 2023 and 2024.” The company also attracted top brains, hiring several high-flying Russian engineers employed at Cisco System’s Moscow office.
Its political influence rose, too. Since 2013, the company’s senior managers have attended Infoforum Conferences — a major Russian cyber conference, supported by the FSB, the Security Council, and the Army’s General Staff. Although China’s telecom vendor Huawei long sponsored the conference, it withdrew this year, and Positive Technologies filled the void. The company’s top brass spoke six times, including on the main panel, sitting side by side with Alexander Shoitov, deputy digital development minister, Sergei Boiko, a head of the information security department on the Security Council, and Andrei Krutskikh, Vladimir Putin’s special representative for international negotiations on Internet regulation.
Positive Technologies’ success story is far from unique. The overall Russian cybersecurity industry grew by 10-20% in 2022.
This growth presents a significant challenge: unlike cars and tank manufacturers, Russian cyber software engineers are first-class. The country is famed for the quality of its hackers, after all. With the Russian cyber industry banned from foreign markets, it is now dependent on Kremlin backing, making it more dangerous than ever.
Russia, meanwhile, continues to put significant energy into online propaganda efforts to weaken European and American support for continuing military aid.
Is there a way to keep Russian techies from contributing to the Russian war effort?
According to our sources, more and more Russian IT specialists who fled mobilization are returning to Russia after months of languishing in self-imposed exile. Putin’s government is promising to shield them from mobilization and the battlefield.
The Kremlin clearly has a strategy on how to deal with Russian IT specialists, but does the West?
Andrei Soldatov and Irina Borogan, both non-resident senior fellows at CEPA, are Russian investigative journalists, co-founders and editors of Agentura.ru, which monitors Russian secret service activities. Both have covered Russian security services and terrorism for more than two decades.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
