Russia’s Becoming More Digitally Isolated—and Dependent on China

The U.S. Commerce Department recently banned Russian cybersecurity firm Kaspersky from providing certain antivirus and cybersecurity products and services in the United States on national security grounds. American businesses have until September 29 to remove covered Kaspersky products from their systems and replace them.

But this is hardly the first blow for Russia’s global tech connectedness. Over the last several years, and especially since 2022, Russia has become more digitally isolated—and increasingly dependent on China—with significant ramifications for human rights in Russia, cybersecurity, and the international community. The United States and its partners should seize the policy opportunities created by Russia’s growing isolation and dependence on Chinese technology.

After the Soviet Union collapsed in 1991, there was something of a digital technology boom in Russia. Scientifically and technically talented individuals moved abroad to seek economic opportunities, started outsourcing programming for Fortune 1000 firms, and founded Russian companies such as Yandex (a search engine launched in 1997, one year ahead of Google). Some even turned to the fast-growing world of cybercrime. Into the early 2000s, Russia’s digital tech sphere was also fairly connected with other countries. Non-Russian technology from Intel, AMD, Samsung, Apple, Microsoft, and other companies was found all throughout Russia. Business and university partnerships were fairly common, too.

Moscow’s position on the internet began shifting in the late 2000s and early 2010s, catalyzed by a perception that Western technology was a means of foreign espionage, influence-projection, and revolution-stoking. The Kremlin’s “internet awakening,” as I call it, was driven by the role of Georgian bloggers in the 2008 Russo-Georgian War, the use of social media in the 2010-2013 Arab Spring, online-organized protests against Putin’s 2011 election rigging and 2012 return to the presidency, the 2013 Snowden leaks, and the 2014 social media-driven Euromaidan Revolution in Ukraine. Security hardliners in Russia who were already worried about the internet also gained more power in the government. Where the West saw the internet’s potential for democracy and openness, the Kremlin began to see a two-sided coin—a weapon to be exploited and a threat to regime security that demanded clampdowns, security, and autarky.

Vladimir Putin declared in December 2014 that “we must lessen our critical dependence on foreign technology,” and the state followed that declaration with a decade of policies to build up domestic tech alternatives. The results were mixed. Russia made progress in building a Microsoft Windows replacement and stood up a domestic software registry; while Rusnano, a state company for nanotech, and the Skolkovo Innovation Center, billed as “Russia’s Silicon Valley,” both collapsed over time due to combinations of mismanagement, underinvestment, lack of domestic capacity, and corruption.

But since Russia’s full-scale invasion of Ukraine in 2022, digital isolation has increasingly become a reality and even a desired goal for Moscow. Russia’s all-out war on Ukraine elevated “brain drain” to new heights; at least 100,000 IT workers left Russia by December 2022, and the Digital Ministry warned that conscripting tech workers into the military (who are now exempted) would seriously hurt the country. Countless businesses shuttered their operations in Russia in response to the invasion, curtailing access to products and services in cybersecurity, AI, and other areas. Western sanctions also hit Russia hard, particularly in hardware: Russia’s supply of tech equipment was already a “disaster,” and Russian security organizations have increasingly resorted to purchasing chips from third-party countries and stripping down refrigerators and other appliances for their chips.

While Russia’s digital isolation is a growing reality, it’s also become a cemented goal for the Kremlin. The Digital Ministry announced plans in 2022 to transform Russia’s domestic software registry into a “full-fledged marketplace.” Hospitals, nuclear plants, and everything in between are increasingly adopting Astra Linux, the country’s domestically-developed Windows operating system replacement. The state is creating centers to test the compatibility of Russian software with domestic hardware and operating systems. It also announced plans for a “Multiscanner” platform to replace the use of VirusTotal, a website for analyzing suspicious files and sites, due to Moscow’s fears that the U.S. government could access data uploaded to VirusTotal via its owner, Google.

Russia has made some progress in achieving tech independence, but it has also replicated some of its digital dependence in its relationship with China. The economic value, by one count, of China and Hong Kong’s exports of U.S. chips to Russia increased by a factor of 10 from 2021 to 2022 (from $51 million to just under $600 million); another estimate says China and Hong Kong comprised nearly 90 percent of global chip exports to Russia between March and December 2022. Again in 2023, China provided about 90 percent of Russia’s microelectronics. Chinese smartphone makers Xiamoi and Realme took over the top two spots in Russia’s market in 2023 (overtaking Samsung and Apple). Yet, some Chinese tech firms, like Huawei and DJI, have been hesitant to invest more in Russia given the threat of Western sanctions.

Russia’s move toward domestic production and Chinese suppliers shifts the human rights landscape in Russia at the same time as it creates cybersecurity risks for Russia and opportunities for the West. From a human rights standpoint, Western tech companies have certainly bowed to the Kremlin before—such as Apple removing twenty five virtual private networks (VPNs) from its Russian app store—but that pales in comparison to the level of censorship and surveillance on Russian and Chinese tech platforms. Russian platforms like VK give Russian security services the most direct access to Russians’ online activity, and it seems unlikely that many Chinese apps and services would be significantly different for the Kremlin. The U.S. State Department and others must account for these heightened restrictions on Russian citizens in their internet openness and anti-censorship efforts.

But these dependencies also create policy opportunities for the West. The Kremlin’s goal with “import substitution” and domestic innovation policies has long been to ensure Russia is not overly digitally dependent on any one foreign country—not to rip out Western tech and simply replace it with tech from China. Indeed, Russian security analysts and tech policymakers still quietly worry about that dependence and have even proposed policies to mitigate espionage risks from Beijing.

The United States and its partners should use open-source intelligence to identify Russian demands for specific Chinese tech products and services; this intelligence can draw from many sources, including Russian cyber conferences, and public contracts and partnerships in smartphones, mobile apps, and operating systems. These insights may reveal the use of Chinese technology in certain areas that create single points of failure. For example, Russian dependence on Chinese semiconductors is already high, and the Russian smartphone market is shifting more towards Chinese phones—and away from iPhones and Samsung phones. Some of these products and services may also have known cybersecurity vulnerabilities or poor coding practices (as routinely found with Huawei telecommunications equipment), creating additional risks for Russia.

Analysts in the United States and its partner nations should also use open-source intelligence to understand Russian deployment of technologies like the Astra Linux operating system. Astra Linux is widely used in Russian military and intelligence systems, possibly introducing vulnerabilities that can be exploited at scale. It is also a customized and (allegedly) hardened version of an open-source operating system. By shifting toward Chinese and domestic products, Russia is additionally losing access to cybersecurity talent in the United States, Western Europe, Japan, and elsewhere. It is possible that Astra Linux developers have fewer opportunities for a wider base of individuals to test and secure their code. Those could be areas for the United States and its allies to press the advantage in cyberspace.

For all the Kremlin may cheer its growing tech isolation and its construction of operating systems and software registries, its need for Chinese tech spells anything but tech independence.

Justin Sherman is the founder and CEO of Global Cyber Strategies and a nonresident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative.