Russian Government Imposes Whitelist‑Only Internet Access in Moscow, Disrupting Mobile Connectivity
What Happened – Moscow’s telecom operators have begun enforcing a “whitelist” system that permits only government‑approved websites and services when mobile internet is restricted. The rollout follows intermittent outages that started on 6 March and coincides with similar warnings in St. Petersburg.
Why It Matters for TPRM –
- Vendors that rely on unrestricted internet (e.g., SaaS, cloud, logistics platforms) may lose connectivity to customers and partners in the region.
- The DPI‑based filtering can impede data‑exfiltration monitoring and incident‑response tooling for third‑party services operating in Russia.
- Compliance programs must account for state‑mandated traffic controls that could affect contractual service‑level obligations.
Who Is Affected – Telecommunications providers, cloud‑hosting firms, SaaS applications, e‑commerce and ride‑hailing platforms operating in or serving Moscow and St. Petersburg.
Recommended Actions –
- Review contracts with Russian‑based service providers for clauses on forced traffic filtering or service interruption.
- Validate that critical data flows can be rerouted through alternative regions or backup connectivity.
- Update business‑continuity plans to include scenarios where only a limited set of URLs remains reachable.
Technical Notes – The whitelist relies on deep‑packet inspection (DPI) at the ISP level, blocking all traffic except pre‑approved Russian platforms (social media, marketplaces, taxi/delivery apps, telecom services, government sites). Inclusion criteria require domestic routing, local hosting, and non‑obfuscation of IP addresses. No CVE or malware is involved; the impact is policy‑driven service disruption. Source: The Record