Information security of the digital economy of Russia

Main article: Digital economy of Russia

Cyber ​ ​ hygiene and literacy program for the general population on information security

Main article: Cyber ​ ​ Hygiene and Literacy Program for the General Population on Information Security

2025

A second wave of experiments to verify the security of government IT systems is being prepared

On the portal for discussing legislative acts in mid-February, a draft^[1] was published] Decree of the Government^[2] Russian Federation "On conducting an experiment to increase the level of protection of state information systems (GosIS) of federal executive bodies (FOIV) and subordinate institutions." Its public discussion will last until February 25.

The document defines the rules for extending the experiment to increase the protection of GosIS, which has already been carried out from 2022 to 2024 as part of the implementation of the Decree of the Government of the Russian Federation of May 13, 2022 No. 860. The explanatory note to the current draft resolution says the following:

Ministry of Digital Development Russia, with the participation of the FSB of Russia and the FSTEC of Russia in 2022-2024, ensured the implementation of work to increase the level of protection of 100 GosIS 22 federal executive bodies (Ministry of Digital Development Ministry of Industry and Trade Ministry for the Development of the Russian Far East MINISTRY OF EMERGENCY SITUATIONS Ministry of Education Ministry of Transport Ministry of Economic Development National Guard of the Russian Federation Rostekhnadzor Rosleskhoz Rosmorrechflot,,,,,,,,,,,,,,,,,,,,,,,,,,) and Roszheldor Rosnedra 2 Rosselkhoznadzor Rosstandart Rosimushchestvo Roshydromet Rosmolodezh Rosrezerv FSSP FSIN FMBA subordinate institutions of federal executive bodies (Federal Institute of Digital Transformation in Education and Federal State Budgetary Institution SIC of the Ministry of Transport of Russia). The adoption of the draft resolution will allow to continue the positive practice of ensuring proactive information protection, increasing the level of protection of GosIS to reduce the risks of data compromise, management, financial and reputational risks

The current draft resolution involves an independent assessment of the security of at least 43 key significant state resources: public federal services and GosIS, containing significant amounts of personal data. However, in order to participate in the experiment, the FOIV itself must submit an application. The list of GosIS, which will be checked at the same time, must be approved by the presidium of the government commission on digital development.

The extension of the experiment until 2027 is due to the need to deeply protect GosIS and eliminate the identified vulnerabilities, - Roman Karpov, director of strategy and technology development at Axiom JDK, explained the situation for TAdviser. - Over the past period, it was possible to audit 100 GosIS in 22 FFIV, identify risks and form a list of measures to eliminate them

The provision on the experiment, which is contained in the current draft resolution of the Government of the Russian Federation, defines the following goals of the work:

• Obtaining an independent assessment of the current level of protection of GosIS;
• Collection of information (inventory) on information protection systems (IPS) placed in GosIS, identification of IPS and software deficiencies used in GosIS, as well as assessment of their use by the violator;
• Checking the practical possibility of the violator using the identified vulnerabilities of IPS and software used in GosIS;
• Obtaining an assessment of the possibility of unacceptable events for GosIS processes;
• Identification of existing vulnerabilities in infrastructure, architectural and organizational solutions of GosIS, which can be exploited by external and internal violators to carry out unauthorized actions aimed at violating the confidentiality, integrity and availability of information processed in GosIS;
• Development of a list of measures aimed at neutralizing vulnerabilities identified in GosIS as part of the experiment;
• Carrying out measures to eliminate vulnerabilities identified in GosIS.

It should be noted that almost all of these goals were established in the previous provision on the experiment, which was approved by Decree No. 860. From the previous decree, only one point with the letter "g" was removed - "an assessment of the level of security of GosIS and their components in the framework of the creation (development) of a single digital platform of the Russian Federation" GosTech. " And this despite the fact that it is the GosTech platform that should become the basis for a large number of GosIS.

The most effective method for assessing the security of GosIS is a combined approach, including automated testing, manual code audit, vulnerability analysis and attack emulation (Red Teaming), - said Roman Karpov. - This complex method allows not only to identify weaknesses, but also to test real attack scenarios. It is important to take into account that many government systems are built on Java, and the key factor in their security is the choice of a certified platform with regular updates. In addition, Zero Trust Security and inter-service interaction monitoring allow you to identify threats not only in the code, but also at the infrastructure level. This approach minimizes the risks of exploiting vulnerabilities, especially in open source systems, which are often unsupported.

At the same time, as part of the previous experiment, the most noticeable were checks for the security of GosIS within the framework of vulnerability buying programs - BugBounty.

In recent years, BugBounty programs have been especially actively used, which is certainly a positive trend, "said Alexander Metalnikov, an expert in the field of safety at Infosecurity industrial enterprises, for TAdviser readers. - However, the quality of their implementation remains the key point. If, for example, the reward for the vulnerability found is only 5 thousand rubles, and after it it is concluded that the lack of vulnerability reports indicates a high level of protection, this is rather self-deception. A similar problem occurs in penetration tests (pentests), when the testing area is deliberately limited, which is why neither the pentester itself nor the customer get a real idea of ​ ​ the level of security. Thus, the effectiveness of the assessment depends not only on the choice of method, but also on how deeply and seriously the threat analysis is carried out.

Although the decision on the participation of a particular information system in the experiment should be made by its owner, an important indicator of the quality of the experiment is the list of participating GosIS. So Nikita Nagovitsyn, head of the system architecture department of Informzaschita, believes that the following classes of GosIS should be tested as part of the experiment:

• Federal GosIS ensuring the performance of key government functions;
• GosIS, ensuring functioning; CUES states
• GosIS that have access to the Internet for an unlimited number of persons.

At the same time, some experts believe that the key are information systems that process large amounts of personal data.

First of all, attention should be directed to information systems containing large amounts of personal data or critical information, "Alexander Metalnikov told TAdviser. - These include the Unified Biometric System (EBS), automated information systems of multifunctional centers (AIS MPSC), the Unified State Health Information System (Uniform State Health Information System) and regional medical information systems, as well as Rosreestr information systems. This list can be continued, as the digitalization process affects more and more areas, which leads to the emergence of new vulnerable points that require special attention

He notes that the adoption of this draft resolution will affect not only those information systems that will be adopted in the experiment, but will generally strengthen attention to issues of assessing real security. This can lead not only to the growth of the market for services, cyber security but also to an increase in demand for specialists with relevant competencies. We can also expect that increased interest in this area will contribute to the development of educational programs and advanced training of specialists, which in the long term will have a positive effect on the level of protection of information systems in the country as a whole.

Polygon for trusted AI, strengthening the protection of state IT. Alexander Shoitov - on the main directions of information security in "Data Economics"

In early February, Deputy Minister of Digital Development, Communications and Mass Media of the Russian Federation Alexander Shoitov announced plans for measures to ensure information security, which are provided for in the National Data Economy program. They are connected both with digital platforms, which the Ministry of Ministry of Digital Development relies on, and with the development of trusted artificial intelligence, in which the procedure for depersonalizing large databases of personal data should be implemented. The program also provides for measures to protect critical information infrastructure (CII) for enterprises and prevent fraud for citizens.

Alexander Shoitov said that the project "National Data Economy and Digital Transformation of the State" has already been formed, the implementation of which began this year. The document defines the digital transformation of state control, which was launched within the framework of the Digital Economy project, will continue in the new program. In particular, the program will continue to provide broadband Internet access and promising communication technologies.

𝓲

Фото: TAdviser

One of the priority areas of the "National Data Economy" is also the creation of digital platforms that, if used correctly, can not only increase the economic efficiency of the state apparatus, but also ensure information security.

The Ministry of Digital Development has previously conducted a pilot to assess the security of state information systems within the framework of the Digital Economy, it was recognized as successful. However, its results note that additional measures are required to control the elimination of discovered vulnerabilities. The department expects to organize such an event already within the framework of the "National Data Economy."

Another area of ​ ​ ensuring the security of digital state platforms is the Multiskaner project, which was implemented with the involvement of three Russian cybersecurity companies. He analyzes the sent files in the sandbox with three static and dynamic analyzers and gives a verdict on the presence of malicious codes in the sent data. It is supposed to be used to increase the security of state digital platforms when they interact with the outside world.

Also, according to Alexander Shoitov, an important area of ​ ​ digitalization of the state is the use of big data technologies in the interaction of platforms, business, the state and developers of artificial intelligence. An important task for ensuring the security of this information is the procedure for depersonalizing them, which should preserve the value of the data and the possibility of its further use for training AI models.

In 2024, amendments were made to Federal Law No. 152-FZ "On Personal Data," which provides for the collection of impersonal data in the state information system of the Ministry of Digital Development. To ensure the safety of this process, good depersonalization methods are needed, which would not allow recovering data about a particular person, but would preserve a high-quality data structure so that the model trained on them produces adequate results. A prototype of such an depersonalization system has already been developed at the National Technological Center for Digital Cryptography (NTC Central Committee), and its implementation is planned in the near future. Similar data depersonalization protocols can be implemented for generative artificial intelligence models.

The program assumes the development of trusted artificial intelligence, which, despite depersonalization, will produce adequate results. In the "National Data Economy," a large-scale introduction of artificial intelligence is planned for 2030, but only trusted AI is allowed to be used in socially significant and critical information systems for the state. That is, by the specified time, trusted AI models must be developed and tested. The process of its development will be supervised by the Consortium for Security Research of Artificial Intelligence Technologies, which includes developers of protective equipment, creators of AI models and banks. A draft of AI security requirements has already been developed, and work is underway on draft regulatory documents.

The creation of trusted AI is planned to be carried out in two directions: the creation of trusted pipelines for the development of ML models and other artificial intelligence technologies, as well as the development of a testing polygon for models created with their help. When creating them, it is necessary to abandon open and foreign models of AI, software and datasets. All developed AI models will first need to be checked at the landfill in order to identify in advance the problems that may arise during their industrial use.

In addition, within the framework of the National Data Economy, it is planned to provide protection against quantum threats, for which there are already basic models of counteraction: symmetric and quantum cryptography. But the program should also develop post-quantum encryption algorithms that are resistant to attacks using quantum methods. In the United States, there are already such standards, but in Russia you need to develop your own.

The program also includes ensuring the safety of CII. The introduction of secure development of software, constructive security in the electronic component base and a single cryptographic signature ecosystem for the needs of a critical information infrastructure is being prepared here.

Alexander Shoitov also called the system of protection of citizens from cyber fraud an important element of information security for the state.

This is one of the elements of the information impact on our information infrastructure and on our society as a whole, - explained Alexander Shoitov. - This activity is precisely coordinated and organized not by individual hackers, but, among other things, by unfriendly states and their special services. Therefore, the counteraction to this threat must be unified and integrated. A comprehensive bill to counter fraud has now been prepared. For national development purposes (Decree No. 309 of 07.05.2024) one of the tasks, there was a requirement to create a platform to counter cyber fraud. Such an event is planned in the "National Data Economy." It involves the interaction of law enforcement agencies, the Central Bank, telecom operators and the banking community.

As part of this activity, it is planned to create a digital platform, a control center for it and a mobile application for citizens, which is designed to inform citizens in general about fraud methods and attempts at fraud personally against them. Also, an alarm button will be integrated into the application under development. The plans indicate that in 2025 a pilot project of a similar system will be launched, in 2026 - the adoption of appropriate legislative regulation and the introduction of the system into commercial operation. In the same platform, over time, methods will be introduced to combat promising types of fraud, including the use of deep fake.

The budget of the Russian Federation laid 12.2 billion rubles for cybersecurity infrastructure

In 2025, the costs of implementing the federal project "Infrastructure" cyber security are determined in the amount of 12.21 billion. rubles This is stated in the law of November 30, 2024 "On the federal budget for 2025 and for the planning period 2026 and 2027."

The named program is included in the national project "Data Economics and Digital Transformation of the State." Fedproekt is aimed, among other things, at developing online data exchange platforms to combat fraudsters and DDoS attacks. In addition, it is planned to develop the industry center of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation (OC State system of detection, prevention and elimination of consequences of computer attacks).

𝓲

Фото: Freepik

For 2026, funding was provided for the federal project "Cybersecurity Infrastructure" at the level of 12.99 billion rubles. In 2027, 12.93 billion rubles will be allocated. Total expenses in the period 2025-2027. will amount to approximately 38.14 billion rubles. The Fedproekt provides for:

• Conducting an independent analysis of the security of state information systems - searching for perimeter vulnerabilities, conducting penetration testing;
• Creating and ensuring the development of a platform for countering fraudulent actions committed using information and telecommunication technologies;
• Implementation of measures to counter personal data leaks by identifying phishing sites for their subsequent blocking;
• Formation of a unified environment for secure development of domestic software;
• Creation of infrastructure to monitor the security and counteract identified threats of information resources available via the Internet and belonging to the federal executive bodies, the highest executive bodies of state power of the constituent entities of the Russian Federation, state-owned companies, system-forming organizations of the Russian economy, etc.^[3]

2024

A separate cybersecurity department will appear in Russia

Russia is discussing the creation of a separate state structure that will deal with cybersecurity issues. This was reported on June 13, 2024 by RIA Novosti, citing a source familiar with the discussion of the initiative.

The idea of ​ ​ creating a new department is being actively worked out together with representatives of the cybersecurity industry. The head of Sberbank, German Gref, during an open dialogue in the Federation Council, stressed the need for a national strategy for cybersecurity and the creation of a separate federal body in this area. Gref noted that the protection of all elements of the cyber infrastructure is extremely important, since a weak link can make the entire system vulnerable.

𝓲

Фото: Unsplash

According to Igor Lyapunov, General Director of Solar Group, cybersecurity experts have been discussing the need to create a separate government structure for several years. Currently, the information security industry is regulated by various structures such as FSTEC, FSB, Ministry of Digital Development and the Central Bank. However, the current organization leads to the fact that some issues remain out of the spotlight or cause a lack of sync between departments.

It is important that this structure becomes a single center of responsibility for regulation, counteraction and coordination in the field of cybersecurity, "he said.

In addition, Lyapunov stressed that the creation of a separate department will not solve all problems. There is also a need to increase accountability for cybersecurity incidents and damage. Bills on working fines and increased liability are the right step in this direction. It is important to consolidate the responsibility of not only business, but also executive authorities that are the owners of state information systems.^[4]

Ministry of Digital Development of the Russian Federation creates a single platform for responding to cyber attacks

On May 24, 2024, it became known that the Russian Ministry of Digital Development was working on the possibility of creating a unified platform for responding to cyber attacks. It is assumed that it will include the Antifrod, Antifishing systems and specialized banking services to counter fraudsters. Read more here.

2023

Over 25 billion rubles will be allocated for the development of state cybersecurity systems until 2030

The Ministry of Digital Development, Communications and Mass Media of the Russian Federation is going to invest about 25.2 billion rubles in the development of cybersecurity until 2030. Such data are given in the materials of the national project "Data Economics." Read more here.

The government allocates 3.3 billion rubles for the creation of an industry information security center for the digital economy

On August 10, 2023, Prime Minister Mikhail Mishustin announced the allocation of more than 3.3 billion rubles by the government to create an information security center for the digital economy. According to the head of the Cabinet, these funds will be spent on the formation of infrastructure and laboratories, which are needed for research and design work in this area. Later, they will assist in the introduction of domestic technologies.

Under external pressure, it is especially important to stimulate the development of our own developments in various industries, including those that ensure the safety of information that is significant for citizens and business... We should have our own solutions that increase the security of digital systems, user data and citizens' accounts, - said Mikhail Mishustin at a government meeting on August 10, 2023.

House of the Government of the Russian Federation

The industry information security center is created in the structure of the ANO "National Technological Center for Digital Cryptography." Funds for the creation of the center are allocated in the form of a subsidy from the reserve fund.

The creation of the "National Technological Center for Digital Cryptography" was provided for by the national program "Digital Economy." Initially, it was assumed that the center would begin work in 2024. And the deputy head of the Ministry of Digital Science, Alexander Shoitov, said that taking into account the geopolitical situation, it was decided to "accelerate" and create a center in 2023.

The deputy minister noted that the center will ensure private-state interaction and the development of cryptography technologies. According to Shoitov, many companies, including Security Code, InfoTeCS and CryptoPro, showed interest in participating in this structure. ^[5]

How Ministry of Digital Development plans to develop cybersecurity in Russia until 2035

On May 24, 2023, it became known that the Ministry of Digital Development and participants in the Russian IT market are working on a number of complex measures aimed at improving the cybersecurity situation. According to the authors of the project, this is especially true in the current geopolitical situation.

According to Forbes, the proposals are contained in the preliminary version of the "Strategy for the Development of the Communications Industry in the Russian Federation for 2024-2035," which is being developed on behalf of Russian President Vladimir Putin. The document, in particular, speaks of the need to deploy a national system to counter DDoS attacks. It is assumed that the platform will be based on technical means of countering threats (TSPU), that is, equipment that, among other things, allows restricting access to information prohibited in Russia. Such funds are installed on the networks of all telecom operators in the Russian Federation.

The Ministry of Digital Development and participants in the Russian IT market are working on a number of complex measures in the field of cybersecurity

The authors of the strategy also propose to create a computer incident monitoring and response center (TelcoCERT). It is said about the need to introduce an early warning system for threats and protection against illegal actions using information technologies. At the same time, it is proposed to connect information protection tools and points of cross-border crossing and traffic exchange to the State system of detection, prevention and elimination of consequences of computer attacks platform (a state system for detecting, preventing and eliminating the consequences of computer attacks to protect critical information infrastructure).

Other measures include: preventing "scanning of Russian information systems from abroad"; the use of equipment on communication networks in Russia with mandatory certification of the FSTEC and the FSB; implementation of the Antifrod system to exclude number substitution in Russian telephone networks; Using the routing validation mechanism development of an information system that checks the country identity (geo-IP location) of networks and telecom operators both in Russia and abroad.^[6]

2021

35 billion rubles the state will spend on cybersecurity until 2024

On December 29, 2021, it became known that the costs of implementing the federal project "Information Security" of the national program "Digital Economy" will amount to 35 billion rubles until 2024. The first version of this project was approved in 2018, since then the amount of funds allocated for the development of this area has increased by 7 billion rubles. The Ministry of Digital Development appointed curator of the fedproject.

At the same time, the updated edition of Information Security decided to abandon the continuation of financial support for domestic software developers. Further work on a number of previously planned events, including two projects related to the transport industry, was excluded from the document.

The largest project in terms of costs was the creation of the National Technological Center for the Implementation of Modern Cryptography Methods. 11.5 billion rubles will be allocated for it from the federal budget, the project will be supervised by the FSB.^[7]

Ministry of Digital Development will check the safety of its GIS for almost 150 million rubles

Ministry of Digital Development is ready to pay 149,681,625,9 rubles for an independent security check of state information systems (GIS), including mobile applications. Information about this appeared at the end of October on the public procurement portal. The winner of the tender will be determined in early December 2021. The GIS check should be completed on March 30, 2022. More

New curator of the federal project "Information Security" - Alexander Shoitov

On April 12, 2021, Russian Prime Minister Mikhail Mishustin signed a decree appointing Alexander Shoitov to the post of Deputy Minister of Digital Development, Communications and Mass Media of the Russian Federation. Among other things, he will oversee the federal project "Information Security" of the national program "Digital Economy of the Russian Federation." Read more here.

Cancellation of subsidies to support the export of Russian information security solutions

In early February 2021, it became known about the decision of the Ministry of Digital Development of the Russian Federation to abolish subsidies to support the export of Russian information security solutions. The agency published the corresponding draft government decree on the federal portal of draft regulatory legal acts.

Earlier it was proposed to allocate subsidies for the promotion of domestic solutions in the field of information security abroad, as well as support for Russian ICT manufacturers who patent their products and services abroad. Such support was provided within the framework of the federal project "Information Security."

The Ministry of Digital Development cancels subsidies to support the export of Russian information security solutions

The corresponding result of the federal project "Information Security" was excluded. The funds provided for these purposes in 2020 were sequestered in full and are not provided for in the federal budget for 2021 and for the planning period of 2022 and 2023. In connection with the sequestration of funds and the impossibility of providing subsidies for these purposes, it is proposed to invalidate the decree of the Government of the Russian Federation of December 14, 2019 No. 1672, - said in an explanatory note in the draft government decree prepared by the Ministry of Digital Development.

Spending plans within the framework of the federal project "Information Security" have been repeatedly revised downward. Initially, it was about costs of 28 billion rubles for 2018-2021. In 2020, the total amount of expenses until 2024 was reduced to 20 billion rubles, and for the period until 2021 inclusive, the amount of financing was reduced to 17.2 billion rubles.

The costs under the article "Support of export-oriented software developers" for 2020 were measured at 500 million rubles.^[8]

2020

Ministry of Labor: Russia lacks 18.5 thousand. IB-specialists

By the end of 2020, Russia lacks about 18,500 information security specialists, which is 5% less than in 2019, when the shortage of such personnel was measured by 19,500 people. This was reported by the Ministry of Labor and Social Protection of Russia following a study that affected more than 15 thousand companies throughout the Russian Federation. Read more here.

The main proposals of the business community are included in the Fedproekt "Information Security"

On October 29, 2020, a meeting of the Information Security working group was held in the Digital Environment Online space of the Digital Economy organization. The meeting was attended by representatives of the Ministry of Digital Development of Russia, Roskomnadzor, Rossvyaz, as well as the business community, the Digital Economy ANO reported on October 30, 2020.

The competence center and members of the Information Security working group generally approved the draft passport of the Information Security federal project.

The total number of results of the federal project passport increased from 23 to 34, including results aimed at creating a technological center for studying the security of operating systems created on the basis of the Linux kernel, developing a domestic resource with vulnerabilities in the level of automated technological control systems and the industrial Internet, creating a cyber polygon to work out how to repel attacks in conditions close to real.

In the interests of the business community, the passport includes activities on practical-oriented information security training based on the experience of leading companies in the digital economy.

In addition, within the framework of the federal project, the FSB of Russia is implementing a number of measures, one of them, the most resource-intensive, is aimed at converting Russian cryptography. In this case, we are talking about reorienting cryptographic practices previously implemented in a closed format to the civilian sphere, with the participation of business and the expert community.

"The draft passport of the federal project" Information Security "considered at the meeting of the working group was prepared by the Ministry of Digital Science of Russia. It is important that the key proposals of the business community regarding improving the literacy of the population in the field of cybersecurity, developing personnel potential and the security of state information systems were included in the new edition of the federal project, "commented Nikolai Zubarev, director of the Information Security area of ​ ​ the Digital Economy organization.

2017: Approved action plan for "Information Security" of the program "Digital Economy of the Russian Federation"

On December 18, 2017, the Government Commission on the Use of Information Technologies to Improve the Quality of Life and Business Conditions approved an action plan for the Information Security direction of the Digital Economy of the Russian Federation program for 2018-2024.

According to the Prime Minister, the Russia Dmitry Medvedev plan contains measures that allow to prevent cybercrime at the modern technological level.

Moreover, we are talking not only about security in the information space, but also about legal protection in the digital economy. One of the tasks of this section is to increase the literacy of ordinary users so that they feel comfortable in the digital environment, use Internet services, are not lost in the variety of public services, are not afraid of modern technologies in this area, but, on the other hand, have the necessary knowledge in order to make competent decisions. Because ultimately this is always the decision of one person who interacts with the digital environment, and he must have versatile ideas about what to do, - said the prime minister.

Financing

The plan provides for funding from the federal budget in the amount of 22,333 million rubles and extrabudgetary funding - 11,710 million rubles.

2020: Spending on the federal project "Information Security" increased 8 times

As it became known in early October 2020, the costs of the implementation of the federal project "Information Security" in 2022-2023. will be eight times more than expected - 8 against 1 billion rubles for each year.

As Izvestia writes with reference to the new version of the project passport, Information Security has the most significant budget increase compared to other federal projects of the Digital Economy.

Expenses for the federal project "Information Security" increased 8 times

Almost half of the budget can be taken over by the creation and operation of a national technological center for the implementation of methods of modern cryptography. In 2022 and 2023, 4 billion and 4.2 billion rubles will be spent on these purposes, respectively. In total, the center will need 11.5 billion rubles of state financing. The authorities are also going to send budget funds to analyze the security of state information systems.

According to experts interviewed by the publication, the most costly part is the technical implementation of the federal project. It includes projects to filter Internet traffic, counter computer attacks and create cyber polygons. The project, at least in explicit form, did not include measures aimed at preventing leaks and protecting personal data of citizens, experts say. In the current version of the federal project, the state has focused on protecting society and itself from external and global risks, they say.

Sergei Soshnikov, Softline Business Development Director for the Digital Economy National Project, believes that it would be logical to direct part of the funds to system security, primarily when the state and citizens interact on digital platforms. He connects this with the fact that the sites of state institutions and the portal of public services, as well as the resources of financial organizations, are an attractive target for hackers.^[9]

Information Security Projects

2020: Development of a state platform for monitoring phishing sites and data breaches

At the end of September 2020, it became known about the creation of Russia state platforms for monitoring personal data leaks. It is planned to spend 1.4 billion on the implementation of the project. rubles More. here

2019: MPSC on cybersecurity to appear in Russia

At the end of October 2019, it became known about the appearance in Russia in the future of multifunctional educational and scientific centers on information security issues.

According to RIA Novosti, citing the press service of the Russian Security Council apparatus, the interdepartmental Security Council Commission on Information Security at its meeting "recommended that the Russian Ministry of Education and Science, together with interested federal executive bodies, ensure the implementation of a set of measures to create such centers in federal districts of the country."

It became known about the appearance in Russia in the future of multifunctional educational and scientific centers on information security

In addition, the meeting participants identified organizational and technical measures that need to be taken by the Ministry of Telecom and Mass Communications to switch to the use of Russian cryptography "while ensuring electronic interaction between state authorities, organizations and citizens," the Russian Security Council said.

The news agency notes that protection against cyber threats is one of the key components of the country's national security. Cyber ​ ​ attacks on IT infrastructure are considered one of the forms of interference of outside forces in the affairs of sovereign states.

According to the Russian National Coordination Center for Computer Incidents, more than 4.3 billion digital impacts on Russia's critical information infrastructure were committed in 2018. Most often, banks and authorities in Russia face attacks. At the same time, the special services note an increase in the number of attempts at hacker attacks on the information infrastructure of critical facilities in Russia, including in the energy sector and in transport.

In October 2019, Russian Prime Minister Dmitry Medvedev said that Russia is working on the development of a national system in the field of cybersecurity, but total security in the digital world can lead to loss of privacy.^[10]

Standardization

2020: Rostelecom-Solar will take part in the development of national standards (GOST) on cybersecurity of the digital economy

On June 16, 2020, the company "," Rostelecom-Solar the national provider service and technology company, cyber security announced its membership in three standardization committees under. As Rosstandart part of this work, the company's experts will participate in the discussion of standardization issues in the areas of cyber-physical systems (TK194), (cryptography TK26) and (information protection TK362). More. here

Significant control results for the first planned year

According to the plan, in 2018, an analysis of the risks and threats to the safe functioning of the unified telecommunication network of the Russian Federation should be carried out. An analysis of elements of the existing infrastructure of the Russian Internet segment in the country, including the existing Internet traffic routing scheme, should also be carried out.

The needs for the use Russia of Russian-made computer, server and telecommunication equipment should be determined, an analysis of the capabilities of domestic manufacturers of equipment and electronic components should be carried out, the necessary resources should be determined. In addition, the adoption of regulatory legal acts defining the description of typical procurement objects is expected. software In addition, the requirements for the stability and safety of software of bodies state power and organizations of various organizational and legal forms should be legally adopted.

In 2018, the competence center for inter-machine interaction will be determined, including cyber-physical systems and the "Internet of Things," its subordination, powers, functions will be determined.

In the same period, it is planned to develop an architecture and a prototype of a specialized resource intended for the interaction of citizens with authorized bodies in terms of the operational transmission of data on signs of illegal actions in the field of information technologies (computer fraud, imposed services of telecom operators, phishing schemes) in order to counter computer crime.

Also in 2018, measures are planned to improve standards for secure application development, including for government information systems.

Expected results for the year end of the implementation period of the action plan

As a result of the implementation of the plan, the target information security values ​ ​ on communication networks and in the Russian segment of the Internet should be achieved. A system of incentives should be created for the purchase and use of Russian-made computer, server and telecommunications equipment. Mechanisms have been created to stimulate the use of domestic software by all participants in information interaction.

In addition, national standards for cyberphysical systems, including the Internet of Things, should be adopted. Control of processing and access to personal data, large user data, including in social networks and other means of social communication, is ensured. National and regional computer incident response centers have been established.

It is also expected that following the implementation of the program, a system of measures will be developed to support Russian manufacturers of ICT products and services that patent products abroad.

Targets and indicators

The approved plan contains a list of targets and indicators. For example, the share of domestic network traffic of the Russian segment of the Internet, routed through foreign servers, should decrease to 10% by 2024. From 50% in 2018 to 10% in 2024, the value share of foreign software purchased by the public sector and companies with state participation should fall .

From 10% in 2018 to 90% in 2024, the share of subjects of information interaction (state authorities and local governments, companies with state participation) using security standards in cyberphysical systems and in terms of the Internet of Things should increase.

The share of citizens who have increased literacy in the field of information security, media consumption and the use of Internet services by 2024 should be 50%.

The average downtime of government information systems as a result of computer attacks should be reduced from 65 hours in 2018 to 1 hours a 2024.

Notes