Roskomnadzor plans to develop its InformSystem on Cisco and VMware technologies in 2025

At the end of November, Roskomnadzor completed the selection of a supplier within the framework of the tender^[1]. to expand the functional characteristics of the Unified Information System of the Federal Service for Supervision of Communications, Information Technologies and Mass Media (EIS Roskomnadzor) in 2024-2025. Refinement should be carried out in two stages, the first of which should be completed by December 20, 2024, and the second - by March 15, 2025. The total cost of the work is 7.8 million rubles. One application of E. Soft LLC was submitted for the competition - a contract was signed with it.

𝓲

Roskomnadzor

The terms of reference for this tender indicate the existing characteristics of the EIS of Roskomnadzor - the equipment used software. In particular, this list includes Solaris OS (Oracle Sun) DBMS , Oracle Database Server 10g and, MySQL also owned by Oracle, ESXi tools virtualizations VMware Veritas and NetBackup Enterprise 6.5 backup software.

𝓲

Roskomnadzor

In addition, the following devices are indicated as the equipment on which the EIS of Roskomnadzor operates: Sun Enterprise M5000 and M8000 DBMS, Oracle SPARC T4-1 servers, T5-4, T8-2 and S7-2, HP Proliant DL380R07, Dell PowerEdge R810 and R620, EMS VNX5500 Hitachi and Scalar i500 storage systems, as well as network devices Cisco and Brocade. Manufacturers of all these products no longer work in Russia and cannot provide technical support for their products.

In fairness, it should be noted that the system indicates the presence of equipment from Russian manufacturers - five Graviton S2082 servers, the Aerodisk Vostok storage system and Qtech network equipment (QSW-4700 and QSW-6900 switches). There is also an open source solution stack: FreeBSD, Red Hat Enterprise and CentOS Linux operating systems, PostgreSQL databases, Apache Tomcat and ActiveMQ web application development system. At the same time, for some reason, Russian operating systems were not indicated in the EIS of Roskomnadzor, although recently they were introduced in the department^[2]

It should be noted that formally the requirements of Presidential Decree No. 166 "On Measures to Ensure Technological Independence and Safety of the Russian Federation CII" have not been violated. From September 1, state departments are prohibited from buying new foreign software and equipment, and its operation is not formally prohibited. However, the ILV in the tender indicated that developers are required to use the PL/SQL language in new developments, which is built-in specifically for the Oracle database - PostgreSQL uses its analogue PL/pgSQL. That is, the department still requires the main improvements to be carried out on technologies from unfriendly countries.

It should be noted that in June of this year a similar tender was already held^[3] with a very similar name and documentation, where improvements were required to be completed by the date of the 1st stage of the current tender - December 20. Then the winner was also the company E. Soft LLC, which signed a contract with Roskomnadzor in the amount of 21.6 million rubles.

No less indicative is the tender documentation^[4] in another competition that ended in early December, in which the department ordered a comprehensive examination of information systems, the development of organizational and administrative documentation for the creation of an information protection system by transferring non-exclusive rights to software. Its purpose is to obtain an independent and objective assessment of the state of protection of information processed in the EIS of Roskomnadzor, and to design an information protection system.

The result of this competition should be the development of tender documentation for the construction of comprehensive protection of the department's distributed network together with its regional branches. And this is the right way to build protection systems, along which other departments should go.

However, the description of the study object indicates the following characteristics: the GIS server segment includes a cluster of 28 physical servers located in the Moscow data center of Roskomnadzor, and the user segment is a set of AWS with Windows OS installed on them, information protection against unauthorized access and antivirus software.

At the same time, from previous tenders of the department, it can be determined that Secret Net Studio 8 is used as protection against NSD. ^[5], and as an antivirus - Kaspersky Lab products^[6]. In the latest tender, operating systems requirements range from Windows 7 Home to Windows 10 Enterprise - apparently Windows 11 is no longer used in the department. However, the list of Linux-based operating systems lists various options for domestic products: Alt Linux, Goslinux and even Lotus.

It should be noted that from the point of view of legislation, operating systems, databases and even virtualization systems can be regarded as security tools, since they have at least access control - they check the passwords of users who connect to them. At the same time, within the framework of Presidential Decree No. 250 "On Additional Measures to Ensure Information Security of the Russian Federation" from January 1, 2025, it is forbidden to use means of protection from unfriendly countries at KII facilities, which include state information systems. Thus, from the point of view of legal requirements, products such as Oracle DBMS, Solaris and Windows operating systems, Cisco routers and VMware virtualization tools will violate the requirements of decree No. 250.

The information system of Roskomnadzor uses only domestic means of protecting information, which is confirmed by the current certificate of compliance with the requirements of the order of the FSTEC of Russia dated 11.02 2013 No. 17, - explained for TAdviser in the press service of Roskomnadzor. - Foreign equipment used in the system for storing data and running applications has IPS functions, but the agency does not use them.

Notes