Roskomnadzor Compiles Whitelist of 75,000 IP Addresses Using Foreign Encryption Protocols

According to Kommersant, the Center for Monitoring and Management of Public Communication Networks (CMM PCN), a division of Roskomnadzor, has created a “whitelist” that now includes 75,000 IP addresses. This is six times more than in 2023, when the list contained only 12,000 entries.

The publication notes that companies are increasingly submitting information about the use of foreign encryption protocols in their corporate networks to Roskomnadzor’s whitelist. Business representatives hope that being included in this list will legitimize the operation of their IT systems. However, experts point out that switching to “Russian alternatives” is not always possible.

Roskomnadzor is asking owners of private foreign virtual networks (VPNs) to provide information about IP addresses, protocols, and their purposes for inclusion in the whitelist if it is technically impossible to stop using them.

Background and Recent Recommendations

Last week, Roskomnadzor published a notice on its website recommending that Russian VPN owners stop using foreign encryption protocols for data transmission.

“We recommend refraining from using foreign encryption protocols for data transmission, including those used by applications that provide access to prohibited information,” Roskomnadzor representatives stated. “If it is technically necessary, please submit applications for review with justification and a list of IP addresses that require exceptions to CMM PCN by email: [email protected]. The provided data will be added to the exception lists.”

At the time, experts emphasized that it was premature to talk about forced blocking due to the use of foreign encryption protocols. They considered the request for data more of a monitoring measure aimed at determining the number of users of foreign protocols. However, they noted that this approach fits into the general trend of developing blocking systems by Roskomnadzor.

Technical Upgrades and Risks

Yaroslav Seliverstov, head of AI research at “University 2035,” said that the modernization of technical means to counter threats, with a budget of 60 billion rubles under the federal “Cybersecurity Infrastructure” project, is aimed at analyzing traffic by protocol signatures, including VPNs. This, he claims, “will increase the effectiveness of restricting access to VPN circumvention tools up to 96%.” However, Seliverstov also points out the risk of false positives affecting legitimate business processes and increasing bureaucratic burdens on companies.

Russian Encryption Solutions and Their Limitations

The Federal Service for Technical and Export Control and the Federal Security Service of Russia have previously approved several technological solutions that use Russian encryption algorithms. These are being developed with several Russian cybersecurity companies, including Solar Group, Security Code, and InfoTeKS. For example, “GOST VPN” is already used in the “Kontinent” and ViPNet crypto gateways.

Mikhail Sergeev, lead engineer at CorpSoft24, told the publication that these solutions are competitive in areas where compliance with national standards is required, such as the public sector and critical infrastructure. However, their use is currently limited in industries dependent on global standards, such as international trade and IT development, due to incompatibility with Western systems.

At the same time, Kommersant’s sources noted that for most internal processes, Russian companies use VPNs with foreign protocols because they are easier to use and widely available.

Business Concerns and Future Outlook

“If Roskomnadzor blocks all communications not using GOST standards, Russian businesses will submit their addresses to the regulator to avoid losing the ability to communicate with remote employees, offices, and other companies,” said Alexey Lukatsky, an internet security consultant at Positive Technologies.

Nikita Tsaplin, CEO of hosting provider RUVDS, added that, in his opinion, access to VPNs may become “permit-based” by Roskomnadzor in the future.