Friend
Professional
- Messages
- 2,659
- Reaction score
- 864
- Points
- 113
The reliability of the Russian Astra Linux operating system may soon be tested by foreign intelligence agencies and the open source community. Experts of the US analytical center from the Council on Foreign Relations called for studying the security of the system. Astra Linux is the most widespread domestic OS with a market share of 76% in 2024.
Russian software interested Americans
Experts of the US analytical center from the Council on Foreign Relations (CFR) issued a call to check the reliability of the Russian operating system Astra Linux, developed by the Astra Group. Information about this is published in the article "Russia's Becoming More Digitally Isolated – and Dependent on China", posted on the CFR website.
CFR experts call for testing the reliability of Astra Linux by members of the global free software community. The Russian OS, as the name suggests, is based on the Linux kernel. CNews wrote that in early August 2024, it was updated to version 1.8 and switched to Linux kernels of the 6.x line.
CFR also believes that special services specialists should also test the security of Astra Linux. Habr was the first to draw attention to this.
Note that Astra Linux is the most well-known and most widely used Russian operating system. In 2021, Rusbitech-Astra (a direct OS developer, part of the Astra Group) took 69% of the OS developer market against 43% in 2020, overtaking competitors in terms of growth rates – Basalt SPO (Alt), Red Soft (Red OS), STC IT ROSA (ROSA). In 2024, the share of Astra Linux, according to Strategy Partners, increased to 76%.
What Americans know about Astra Linux
CFR is, in her own words, an independent organization. But it is important to take into account the fact that its leadership includes not only businessmen, but also people who may well have been connected with the military sphere. For example, CFR's board of directors includes former journalists and intelligence officers. The company also includes the former financial director of Alphabet holding, which includes Google, YouTube and a number of other companies.
"Analysts in the United States and partner countries should also use open-source intelligence to understand how Russia is implementing technologies such as the Astra Linux operating system. Astra Linux is widely used in Russian military and intelligence systems, which may create vulnerabilities that can be exploited on a large scale," the CFR article says.
The article also notes that Astra Linux is "a configurable and (presumably) secure version of the open source operating system."
"By switching to Chinese and domestic products, Russia is further losing access to cybersecurity talent in the United States, Western Europe, Japan, and other countries. It's possible that Astra Linux developers have fewer opportunities for a broader base of people to test and protect their code. These may be areas in which the United States and its allies can take advantage in cyberspace," the document says.
CFR also clearly doubts Russia's technological independence from foreign countries. While the Kremlin may welcome its growing technological isolation and the creation of operating system and software registries, its need for Chinese technology means anything but technological independence.
What the Astra Linux developers say
Representatives of the Astra Group assured CNews that the security of Astra Linux is a key priority. "The Astra Group has sufficient resources for testing code, promptly eliminating vulnerabilities, and pays great attention to such technologies as mandatory access control and integrity control, a closed software environment, and other security tools. We work closely with the Linux Kernel Security Center of the Institute of System Programming of the Russian Academy of Sciences. A year ago, we launched the Bug Bounty program, which allows us to identify and quickly eliminate weaknesses in our information security tools."
The company also noted that the focus on cybersecurity "Astra Group" will only increase. "In the current reality, when the number of cyber attacks on the Russian critical infrastructure has increased many times, we will continue to develop and strengthen our protection technologies, strengthen the internal infrastructure for secure development, as well as code verification and analysis tools," representatives of the Astra Group assured CNews, adding that against the background of the current international situation," measures have also been strengthened to detect malicious inclusions in the software, additional anti-virus monitoring is carried out using several specialized tools."
Domestic authorities are also tightening the requirements for domestic software developers in terms of its security. "Russian regulators, realizing the importance of information security and technological sovereignty, impose rather strict requirements for developers of information security tools. In particular, this applies to the processes of developing secure software and promptly eliminating vulnerabilities," the Astra Group told CNews.
Russian software interested Americans
Experts of the US analytical center from the Council on Foreign Relations (CFR) issued a call to check the reliability of the Russian operating system Astra Linux, developed by the Astra Group. Information about this is published in the article "Russia's Becoming More Digitally Isolated – and Dependent on China", posted on the CFR website.
CFR experts call for testing the reliability of Astra Linux by members of the global free software community. The Russian OS, as the name suggests, is based on the Linux kernel. CNews wrote that in early August 2024, it was updated to version 1.8 and switched to Linux kernels of the 6.x line.
CFR also believes that special services specialists should also test the security of Astra Linux. Habr was the first to draw attention to this.
Note that Astra Linux is the most well-known and most widely used Russian operating system. In 2021, Rusbitech-Astra (a direct OS developer, part of the Astra Group) took 69% of the OS developer market against 43% in 2020, overtaking competitors in terms of growth rates – Basalt SPO (Alt), Red Soft (Red OS), STC IT ROSA (ROSA). In 2024, the share of Astra Linux, according to Strategy Partners, increased to 76%.
What Americans know about Astra Linux
CFR is, in her own words, an independent organization. But it is important to take into account the fact that its leadership includes not only businessmen, but also people who may well have been connected with the military sphere. For example, CFR's board of directors includes former journalists and intelligence officers. The company also includes the former financial director of Alphabet holding, which includes Google, YouTube and a number of other companies.
"Analysts in the United States and partner countries should also use open-source intelligence to understand how Russia is implementing technologies such as the Astra Linux operating system. Astra Linux is widely used in Russian military and intelligence systems, which may create vulnerabilities that can be exploited on a large scale," the CFR article says.
The article also notes that Astra Linux is "a configurable and (presumably) secure version of the open source operating system."
"By switching to Chinese and domestic products, Russia is further losing access to cybersecurity talent in the United States, Western Europe, Japan, and other countries. It's possible that Astra Linux developers have fewer opportunities for a broader base of people to test and protect their code. These may be areas in which the United States and its allies can take advantage in cyberspace," the document says.
CFR also clearly doubts Russia's technological independence from foreign countries. While the Kremlin may welcome its growing technological isolation and the creation of operating system and software registries, its need for Chinese technology means anything but technological independence.
What the Astra Linux developers say
Representatives of the Astra Group assured CNews that the security of Astra Linux is a key priority. "The Astra Group has sufficient resources for testing code, promptly eliminating vulnerabilities, and pays great attention to such technologies as mandatory access control and integrity control, a closed software environment, and other security tools. We work closely with the Linux Kernel Security Center of the Institute of System Programming of the Russian Academy of Sciences. A year ago, we launched the Bug Bounty program, which allows us to identify and quickly eliminate weaknesses in our information security tools."
The company also noted that the focus on cybersecurity "Astra Group" will only increase. "In the current reality, when the number of cyber attacks on the Russian critical infrastructure has increased many times, we will continue to develop and strengthen our protection technologies, strengthen the internal infrastructure for secure development, as well as code verification and analysis tools," representatives of the Astra Group assured CNews, adding that against the background of the current international situation," measures have also been strengthened to detect malicious inclusions in the software, additional anti-virus monitoring is carried out using several specialized tools."
Domestic authorities are also tightening the requirements for domestic software developers in terms of its security. "Russian regulators, realizing the importance of information security and technological sovereignty, impose rather strict requirements for developers of information security tools. In particular, this applies to the processes of developing secure software and promptly eliminating vulnerabilities," the Astra Group told CNews.
