Priorities of state customers in the field of information security

2019: Cybersecurity priorities of state customers: observance of requirements of the legislation and requirement of complete solutions

The projects connected with observance of requirements of the legislation are for representatives of public sector in traditional demand. The become effective Federal law "About Security of Critical Information Infrastructure of the Russian Federation" (187-FZ) is more than serious incentive for development of the industry of cybersecurity in a public sector.

According to Alexander Bondarenko, the CEO of R-Vision, to creation of the centers of rapid response to incidents the greatest attention is now paid to questions of observance of safety requirements of objects of KII, interaction with State system of detection, prevention and elimination of consequences of computer attacks.

As Oleg Shaburov, the Head of Department of information security of Softline company notes, in 2018 the number of projects on protection against the directed attacks and also to monitoring of security and identification of incidents of cybersecurity twice grew.

We expect that in 2019 this trend will only amplify, - he says.

State customers become operators of the state information systems (SIS), and here it is impossible to do without information security.

Requirements for protection and necessary means are defined in the Order of FSTEC of Russia of February 11, 2013 No. 17 and in the Order of the Government of the Russian Federation of 7/6/2015 No. 676 "About requirements to an order of creation, development, commissioning and decommissioning of the state information systems and further storage of information which is contained in their databases" taking into account last modifications, - Vladimir Balanin, the Head of Department of information security of I-Teco Group explains.

Dmitry Livshits, the CEO Digital Design, adds that for government institutions, in addition to the order of FSTEC No. 17, there is a law on a state secret which regulates their activity. And the main task of these organizations, according to him, is observance of requirements regarding ensuring protection.

Classical trend is import substitution policy. And, according to Andrey Yankin, the director of Information Security Center of Jet Infosystems company, there is a speech not only about substitution "western" on "Russian" here, but also and on "Israeli", and now and "east".

A number of experts notice need of state customers for receiving complex IT solution with already solved tasks of information security.

We as developer company of the protected software and hardware faced this need of the state customers closely, - Elena Golovanova, the advisor to director general of MVP "Svemel" notes.

Profile associations solve a problem of integration of solutions of different producers into a uniform stack for the offer to the customer of already ready-made solution. Work on improvement of the register of domestic software regarding the offer of information to the customer about compatibility of the software products entered in this register is conducted. But, the greatest interest present solutions of developer companies, representing a complete product line, both program, and equipment rooms with the built-in information security tools.

Besides that all products are unambiguously integrated, also technical support and upgrade is performed by one company that enhances reliability and efficiency of proposed solutions, - Elena Golovanova says.

2017

Compliance to requirements of the legislation

The main priority of state customers is a compliance to requirements of the legislation. New perspective technologies can consider them only after a successful completion of a certification process according to security requirements, Alexey Zaletsky, the head of department of information security notices Amtel-Service.

Alexander Bondarenko, the CEO of R-Vision, notes that the number of requirements which should observe state structures lately seriously increased. In addition to widely known law on personal data and the relevant bylaws, requirements for protection of the state systems, critical infrastructure, detection of the computer attacks and the notification of regulators on incidents appeared.

All this occurs against the background of gain of the phenomenon of a haktivizm and activity of the hacker groupings sponsored by intelligence agencies of the foreign states, - he says.

Dmitry Gorelov, the commercial director of Aktiv company, tells that state customers have accurate requirements in terms of cybersecurity, there are inspection bodies which control observance of requirements of FSB, FSTEC of Russia. Therefore state agencies of federal scale, municipal bodies, the companies owing to the regulatory base initially to cybersecurity treat with state participation seriously. Competent specialists know and apply means of cybersecurity without fail, he says.

In "STCs Volcano pay attention to bill No. 52657-7 'About introduction of amendments to Article 16 of the Federal law "About Information, Information Technologies and on Data Protection" which expands the concept "state information system".

Practically this shift of accent from information system protection to protection of information resources. It is caused by the fact that the considerable information volumes containing data on citizens, data in economic, social, political, law-enforcement and other areas, which are subject to protection are processed not only state agencies. Practice of information processing which owners are state agencies, in commercial centers of data processing or the organizations subordinated to state agencies which information systems do not belong to state to information systems is widely adopted. With adoption of this bill uniform requirements for data protection as which owners state bodies act are established irrespective of in what organizations it is processed, - Sergey Zhukovsky, the head of department of work with key customers of STC Volcano tells.

Personal data protection

Practically each organization, from kindergarten and school to the state department, in a varying degree processes personal data. In "the STC Volcano call the law "About Personal Data" the most mass law as it infringes on the interests of all.

Here everything is bound: today you act as the subject, and tomorrow, you are already an operator. Today you on the party of those who want to save on personal data protection and you already take care tomorrow of that your personal data protected very carefully. Need of security of personal data presently – objective reality. Information on the person was always of great value, but now it turned into the most expensive goods. Information in hands of the swindler turns into crime instrument, in hands of the dismissed employee – into means of revenge. For this reason personal data need the most serious protection. For citizens, physical and property security, and for operators — ensuring proper functioning of the organization depends on degree of security of personal data. Personal data protection is an obligation of the organization, but not the right. The law contains the peremptory, obligatory rule, - Sergey Zhukovsky, the head of department of work with key customers of STC Volcano notes.

SOC / State system of detection, prevention and elimination of consequences of computer attacks

Some priorities of state customers, oddly enough, match needs of the Enterprise-sector. It is about the Security Operations Center direction.

As Sergey Terekhov notes, the director of competence center of information security of Technoserv company, the only difference is that the subject of SOC goes under a bed of GOSSOPKI with the domestic or certified solutions and still has a strong bias towards fulfillment of requirements of regulators.

Just now implementation of these requirements allows to provide the serious level of protection against the external attacks, - he says.

In "the STC Volcano add that according to 187 Federal Laws, objects, recognized KII, should interact constantly with the state system of counteraction to the computer attacks directed to information resources of Russia (State system of detection, prevention and elimination of consequences of computer attacks) therefore the state customers are interested and will be obliged to create own SOC and SIEM for the specified interaction.

It will cause the need for consulting services during the building of processes, installation and implementation of means of protecting and the analysis, training of employees, - Sergey Zhukovsky says.

Interest in real ensuring data protection

A number of experts fixes growth of interest of the state customers in real ensuring data protection. According to Yakov Grodzensky, the head of information security of System Software company, it belongs, for example, to network security, DLP solutions and the analysis of security. Besides, it must be kept in mind that a number of state institutions was mentioned in sanctions of the USA and Western Europe and with respect thereto replacement of a number of the delivered solutions of the western vendors by analogs is planned.

Ilya Timofeev, the head in the Center of industrial security of Informzashita Group, considers the state customers pay attention to data protection for a number of obvious reasons. One of them – growth of industrial production in a MIC and other system and significant branches of the economy.

Modern production, and especially hi-tech, is directly connected with IT. The smooth, reliable and protected operation of the systems of design of new products, production management, including the PCS, product lifecycle, an after-sale service and other information systems provides to large industrial enterprises stable production, safe interaction with profile and adjacent departments, and in general helps to solve strategic problems of the state. It is not less important to protect information connected with such production from leak and a compromise, - Ilya Timofeev says.

Among the most important priorities of the state customers, according to him, it should be noted protection of communication channels, the analysis of vulnerabilities of the existing systems and infrastructure, development was died also by the choice of the certified information security tools and providing Information Security, creation of the information security facility for the systems of preparation and production management, selection of technology segments from the general data network, creation of the systems of protection of the PCS, training of employees.

Cybersecurity preparation within the presidential elections and the FIFA World Cup

Due to the presidential elections which are coming in the Russian Federation, the FIFA World Cup and other significant social and political events traditional is a need for cryptographic protection of communication channels and the confidential information transferred on them. Such priority is noticed, in particular, in "by STC Volcano.

Nikolay Domukhovsky, the director of the department of system integration of UTsSB, also connects cybersecurity priorities of a public sector with elections and the FIFA World Cup.

Noticeable priority is holding the FIFA World Cup in the 2018th year – preparatory activities mention, including, the IT field and cybersecurity. Also there will be a number of the tasks (including in the field of cybersecurity) connected with elections of the President of the Russian Federation, - he says.

For the rest, according to him, problems which face state customers not the first year will still be solved: automation of the public and municipal services, development of the automated interdepartmental interaction, development of security systems at the municipal and regional level (systems like "safe city", end-to-end systems of the emergency notification of the population, system 112 and so forth).

See Also