CII PAC: features of use

The most important regulatory act regulating the use of PACS at facilities is CUES the decree of the President of the Russian Federation "On measures to ensure technological independence and safety" No. critical information infrastructure of the Russian Federation 166 of March 30, 2022. It says that from March 31, 2022 customers (with the exception of organizations with municipal participation), which carry out purchases in accordance with No. 223-FZ, cannot carry out purchases of a foreign one, ON including as part of software and hardware systems for use on significant objects of critical information infrastructure belonging to them. Russia Even more important is another requirement of the decree - from January 1, 2025, to public authorities customers are prohibited from using foreign software on their significant critical information infrastructure facilities.

The real way to ensure a high level of system reliability is to use proven unified components, he emphasizes.

Moreover, for PAC intended for the information security sector, a separate procedure for registration in the software register is provided - it is enough for a company to have a license for their production and a certificate from FSTEC or the FSB, says Oleg Kravchuk, deputy director of Security Code for strategic development. In this case, the PAC principle also gives customers new advantages in the formation of a fully certified environment for the operation of the security system. In the case of an integrated solution, even if the IT tools that make up the complete solution have the necessary security certificates, there are difficulties so that the certified version of the IPS can work with the certified OS and DBMS.

Presence in the register will give manufacturers preferences and tax breaks. But it will not become the basis for the withdrawal from the restrictions of Government Decree No. 166. Here we will already talk about inclusion in the register of the Ministry of Industry and Trade, and in order to determine the "power of attorney" of PAC, additional checks will be required. At the same time, the score of the REA is already applied to the hardware component.

But to be included in the register of such PAC, you will have to go through the approval of the expert commission, especially if the imported analogues are similar in functionality to Russian solutions, - comments Viktor Urusov.

Which PAC is better: domestic or trusted?

If it is included in the register of Russian radioelectronic equipment, it is domestic. If there is an FSTEC or FSB certificate for it, then it is trusted.

Among the most significant criteria are the creation of PACS by domestic developers, the use of Russian products, support by service centers operating in Russia. And trusted PACS are considered complexes that, in accordance with the requirements of the Ministry of Digital Development, consist of domestic electronic products and software that meet the security requirements of the FSTEC and the FSB.

According to the expert, the situation in our market is developing in such a way that the share of "just PACS" (in general, they also have the right to life) will constantly decline: "Without compliance with the principles of" fatherland "and" power of attorney, "such products are unlikely to be in demand."

Renat Yusupov, Senior Vice President of Kraftway confirms: {{quote 'The Ministry of Industry and Trade and FSTEC strive to work in concert in order to achieve one common goal - to ensure information security and technological independence of our electronic products. So far, departments are largely moving in parallel courses, but the trend is clearly noticeable - to solve both of these problems within the framework of the equipment that is supplied to our government agencies. For example, today, at the level of complex equipment, one cannot do without information security. And then this trend will spread to other systems. }}

At this stage in the creation of the PACS registry, the task is to unite hardware manufacturers and software developers and information protection tools.

However, as Vasily Shubin from GETMOBIT notes, the hardware component of the PAC will not necessarily be Russian in the foreseeable future.

PAC hardware base: problems and possible solutions

Indeed, the country does not yet have a full-fledged sovereign production of an electronic component base (ECB), on which manufacturers of domestic information security solutions can rely. I must say that Russian microelectronics design centers and production companies are constantly increasing their activity.

In the current realities, the demand for development and production in Russia is growing. Using the example of our company, we can track this process by current projects: over the past two years, we have opened two new areas of development that have already reached prototypes of products: industrial automation controllers and artificial intelligence computers. The growth of the company's size is also indicative: we almost doubled in terms of people and even opened a division in St. Petersburg. Gradually, the Russian ECB appears, which we use, although it is too early to talk about global growth, based on the very long development and production period in the field of microelectronics. But we can confidently name such partners as NIIMA PROGRESS, whose navigation modules we actively use, - notes the founder of ATB Electronics Roman Dementiev.

In the market as a whole, our volumes reach about 19%, but we are sure that the figure of 20% will step over, "he said at the Microelectronics-2022 forum last fall.

For example, in Moscow, according to Vladimir Efimov, Deputy Mayor of Moscow for Economic Policy and Property and Land Relations, Moscow enterprises increased the supply of electronic components and printed circuit boards by 22.8% compared to 2021.

Source: online conference "Hardware for Russian information security" resource Anti-Malware, December 2022

However, despite the enthusiasm of the industry, the restructuring of processes and the processing of products for new production takes time. At the same time, Russian companies and partners from friendly countries are experiencing increasing sanctions pressure. And all this is happening on a very unfavorable global background.

Karina Abagyan, Director of Strategic Development of JSC Micron"," predicts that the global shortage of iron due to the destruction of the existing structure of supply chains of the electronic component base (ECB) will last at least until 2025 and it is worth planning to gain some stability in this part for 2026.

This means that the deadline of January 1, 2025 can already be considered "burning," industry experts say, given the duration of the production cycle of the new Russian "iron": in fact, companies have less than two years to bring or produce samples of components for new import-substituting products, test, and then organize production and delivery to customers of a large batch. Plus certification of the finished product, which also takes time.

These circumstances determine the active development of methods of protection against risks associated with foreign hardware. Among them - the creation of domestic equipment that provides the possibility of trusted loading of the operating system (only the software that is considered trusted is loaded into the memory of the device). Then it turns out that protection technologies are integrated into domestic equipment, starting from the lowest level of microprocessors.

The use of open source helps to accelerate the development and entry of popular PACS to the level of commercially available solutions. In this regard, Viktor Urusov considers the creation of a national open source software repository a landmark event.

The RISC-V Alliance, an open community of software and hardware developers controlled by community members, is actively working in Russia in order to further develop the RISC-V processor architecture in Russia. Among the tasks set by the members of this alliance are, in particular, ensuring the information security of products developed using this technology and creating (or adapting) industry standards based on RISC-V as one of the key technological standards of Russia.

We do not believe that the use of open approaches and standards in IT will significantly increase the number of PACS created by various manufacturers. But the complexes developed in accordance with them will be more in demand, - notes Denis Bozhenko and recalls that Delta Computers became the first company in Russia to promote the concept of open standards and approaches developed within the framework of the Open Compute Project consortium.

OCP focuses on open standards and hardware architecture to build energy-efficient and cost-effective data centers.

Karina Abagyan is sure that an interesting time is coming for non-standard engineering solutions, including those based on alternative processor architectures. This allows, among other things, to get rid of the burden of vulnerabilities inherent in the x86 architecture. In addition, she points to the possibility of bypassing the problem of the absence of Russian microelectronic factories with the most advanced technological standards through the use of so-called chiplets.

For Russia, this is very important, because it is absolutely unrealistic to build a factory now according to the latest design standards, since no one will sell us either photolithographs or other equipment, "says Karina Abagyan. - And 65-45 nm technologies are quite suitable for a chiplet. This level allows you to achieve the same degree of integration, only not in monolithic silicon, but in "cubes" of chiplets and at the same time increase the serial value of products.

This means that even if an attacker manages to change the control signal generated by the process system, this will not affect the processing system - it is completely independent.

The picture for the market will become much clearer after the standard for PACS is adopted. This work has been going on since December 2022 within the framework of the technical committee for standardization No. 167 "PAC for critical information infrastructure and software for them." Organizational functions are assigned to NPO Critical Information Systems JSC.

As part of the activities of the new technical committee, work is planned in close cooperation with existing technical committees for standardization, including those such as TK 022 "Information Technologies," TK 480 "Svyaz" and TK 159 "Software and Hardware of Distributed Register and Blockchain Technologies," aimed at the effective use of standardization tools in the development of the domestic software and hardware complex and protection against cyber threats, - says the head of Rosstandart Anton Shalaev.

The technical committee included more than 20 participants, including the Federal State Budgetary Institution "VNII Radioelectronics,", MIREA, NRNU "MEPHI" the Federal State Budgetary Institution "46 Central Research Institute," Ministry of Defense of Russia companies ",," Aquarius KraftwayKaspersky Lab"," "and InfoTeCS others.

Next Overview Material > >
> Browse Home > > >

Other Review Materials

• PAC as a separate segment of the Russian IT market. Why is he needed?
• The specifics of PAC as a type of IT products
• Approved PAC classifier
• The Russian market PAC: what are offered by domestic developers
• Features of adaptation and development of PACS at Russian enterprises