Main article: Digital economy of Russia
Cyber hygiene and literacy program for the general population on information security
Main article: Cyber Hygiene and Literacy Program for the General Population on Information Security
2024
A separate cybersecurity agency will appear in Russia
Russia is discussing the creation of a separate state structure that will deal with cybersecurity issues. This was reported on June 13, 2024 by RIA Novosti, citing a source familiar with the discussion of the initiative.
The idea of creating a new department is being actively worked out together with representatives of the cybersecurity industry. The head of Sberbank, German Gref, during an open dialogue in the Federation Council, stressed the need for a national strategy for cybersecurity and the creation of a separate federal body in this area. Gref noted that the protection of all elements of the cyber infrastructure is extremely important, since a weak link can make the entire system vulnerable.
According to Igor Lyapunov, General Director of Solar Group, cybersecurity experts have been discussing the need to create a separate government structure for several years. Currently, the information security industry is regulated by various structures such as FSTEC, FSB, Ministry of Digital Development and the Central Bank. However, the current organization leads to the fact that some issues remain out of the spotlight or cause a lack of sync between departments.
It is important that this structure becomes a single center of responsibility for regulation, counteraction and coordination in the field of cybersecurity, "he said. |
In addition, Lyapunov stressed that the creation of a separate department will not solve all problems. There is also a need to increase accountability for cybersecurity incidents and damage. Bills on working fines and increased liability are the right step in this direction. It is important to consolidate the responsibility of not only business, but also executive authorities that are the owners of state information systems.[1]
Ministry of Digital Development of the Russian Federation creates a single platform for responding to cyber attacks
On May 24, 2024, it became known that the Russian Ministry of Digital Development was working on the possibility of creating a unified platform for responding to cyber attacks. It is assumed that it will include the Antifrod, Antifishing systems and specialized banking services to counter fraudsters. Read more here.
2023
Over 25 billion rubles will be allocated for the development of state cybersecurity systems until 2030
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation is going to invest about 25.2 billion rubles in the development of cybersecurity until 2030. Such data are given in the materials of the national project "Data Economics." Read more here.
The government allocates 3.3 billion rubles for the creation of an industry information security center for the digital economy
On August 10, 2023, Prime Minister Mikhail Mishustin announced the allocation of more than 3.3 billion rubles by the government to create an information security center for the digital economy. According to the head of the Cabinet, these funds will be spent on the formation of infrastructure and laboratories, which are needed for research and design work in this area. Later, they will assist in the introduction of domestic technologies.
Under external pressure, it is especially important to stimulate the development of our own developments in various industries, including those that ensure the safety of information that is significant for citizens and business... We should have our own solutions that increase the security of digital systems, user data and citizens' accounts, - said Mikhail Mishustin at a government meeting on August 10, 2023. |
The industry information security center is created in the structure of the ANO "National Technological Center for Digital Cryptography." Funds for the creation of the center are allocated in the form of a subsidy from the reserve fund.
The creation of the "National Technological Center for Digital Cryptography" was provided for by the national program "Digital Economy." Initially, it was assumed that the center would begin work in 2024. And the deputy head of the Ministry of Digital Science, Alexander Shoitov, said that taking into account the geopolitical situation, it was decided to "accelerate" and create a center in 2023.
The deputy minister noted that the center will ensure private-state interaction and the development of cryptography technologies. According to Shoitov, many companies, including Security Code, InfoTeCS and CryptoPro, showed interest in participating in this structure. [2]
How Ministry of Digital Development plans to develop cybersecurity in Russia until 2035
On May 24, 2023, it became known that the Ministry of Digital Development and participants in the Russian IT market are working on a number of complex measures aimed at improving the cybersecurity situation. According to the authors of the project, this is especially true in the current geopolitical situation.
According to Forbes, the proposals are contained in the preliminary version of the "Strategy for the Development of the Communications Industry in the Russian Federation for 2024-2035," which is being developed on behalf of Russian President Vladimir Putin. The document, in particular, speaks of the need to deploy a national system to counter DDoS attacks. It is assumed that the platform will be based on technical means of countering threats (TSPU), that is, equipment that, among other things, allows restricting access to information prohibited in Russia. Such funds are installed on the networks of all telecom operators in the Russian Federation.
The authors of the strategy also propose to create a computer incident monitoring and response center (TelcoCERT). It is said about the need to introduce an early warning system for threats and protection against illegal actions using information technologies. At the same time, it is proposed to connect information protection tools and points of cross-border crossing and traffic exchange to the State system of detection, prevention and elimination of consequences of computer attacks platform (a state system for detecting, preventing and eliminating the consequences of computer attacks to protect critical information infrastructure).
Other measures include: preventing "scanning of Russian information systems from abroad"; the use of equipment on communication networks in Russia with mandatory certification of the FSTEC and the FSB; implementation of the Antifrod system to exclude number substitution in Russian telephone networks; Using the routing validation mechanism development of an information system that checks the country identity (geo-IP location) of networks and telecom operators both in Russia and abroad.[3]
2021
35 billion rubles the state will spend on cybersecurity until 2024
On December 29, 2021, it became known that the costs of implementing the federal project "Information Security" of the national program "Digital Economy" will amount to 35 billion rubles until 2024. The first version of this project was approved in 2018, since then the amount of funds allocated for the development of this area has increased by 7 billion rubles. The Ministry of Digital Development appointed curator of the fedproject.
At the same time, the updated edition of Information Security decided to abandon the continuation of financial support for domestic software developers. Further work on a number of previously planned events, including two projects related to the transport industry, was excluded from the document.
The largest project in terms of costs was the creation of the National Technological Center for the Implementation of Modern Cryptography Methods. 11.5 billion rubles will be allocated for it from the federal budget, the project will be supervised by the FSB.[4]
Ministry of Digital Development will check the safety of its GIS for almost 150 million rubles
Ministry of Digital Development is ready to pay 149,681,625,9 rubles for an independent security check of state information systems (GIS), including mobile applications. Information about this appeared at the end of October on the public procurement portal. The winner of the tender will be determined in early December 2021. The GIS check should be completed on March 30, 2022. More
New curator of the federal project "Information Security" - Alexander Shoitov
On April 12, 2021, Russian Prime Minister Mikhail Mishustin signed a decree appointing Alexander Shoitov to the post of Deputy Minister of Digital Development, Communications and Mass Media of the Russian Federation. Among other things, he will oversee the federal project "Information Security" of the national program "Digital Economy of the Russian Federation." Read more here.
Cancellation of subsidies to support the export of Russian information security solutions
In early February 2021, it became known about the decision of the Ministry of Digital Development of the Russian Federation to abolish subsidies to support the export of Russian information security solutions. The agency published the corresponding draft government decree on the federal portal of draft regulatory legal acts.
Earlier it was proposed to allocate subsidies for the promotion of domestic solutions in the field of information security abroad, as well as support for Russian ICT manufacturers who patent their products and services abroad. Such support was provided within the framework of the federal project "Information Security."
The corresponding result of the federal project "Information Security" was excluded. The funds provided for these purposes in 2020 were sequestered in full and are not provided for in the federal budget for 2021 and for the planning period of 2022 and 2023. In connection with the sequestration of funds and the impossibility of providing subsidies for these purposes, it is proposed to invalidate the decree of the Government of the Russian Federation of December 14, 2019 No. 1672, - said in an explanatory note in the draft government decree prepared by the Ministry of Digital Development. |
Spending plans within the framework of the federal project "Information Security" have been repeatedly revised downward. Initially, it was about costs of 28 billion rubles for 2018-2021. In 2020, the total amount of expenses until 2024 was reduced to 20 billion rubles, and for the period until 2021 inclusive, the amount of financing was reduced to 17.2 billion rubles.
The costs under the article "Support of export-oriented software developers" for 2020 were measured at 500 million rubles.[5]
2020
Ministry of Labor: Russia lacks 18.5 thousand. IB-specialists
By the end of 2020, Russia lacks about 18,500 information security specialists, which is 5% less than in 2019, when the shortage of such personnel was measured by 19,500 people. This was reported by the Ministry of Labor and Social Protection of Russia following a study that affected more than 15 thousand companies throughout the Russian Federation. Read more here.
The main proposals of the business community are included in the Fedproekt "Information Security"
On October 29, 2020, a meeting of the Information Security working group was held in the Digital Environment Online space of the Digital Economy organization. The meeting was attended by representatives of the Ministry of Digital Development of Russia, Roskomnadzor, Rossvyaz, as well as the business community, the Digital Economy ANO reported on October 30, 2020.
The competence center and members of the Information Security working group generally approved the draft passport of the Information Security federal project.
The total number of results of the federal project passport increased from 23 to 34, including results aimed at creating a technological center for studying the security of operating systems created on the basis of the Linux kernel, developing a domestic resource with vulnerabilities in the level of automated technological control systems and the industrial Internet, creating a cyber polygon to work out how to repel attacks in conditions close to real.
In the interests of the business community, the passport includes activities on practical-oriented information security training based on the experience of leading companies in the digital economy.
In addition, within the framework of the federal project, the FSB of Russia is implementing a number of measures, one of them, the most resource-intensive, is aimed at converting Russian cryptography. In this case, we are talking about reorienting cryptographic practices previously implemented in a closed format to the civilian sphere, with the participation of business and the expert community.
"The draft passport of the federal project" Information Security "considered at the meeting of the working group was prepared by the Ministry of Digital Science of Russia. It is important that the key proposals of the business community regarding improving the literacy of the population in the field of cybersecurity, developing personnel potential and the security of state information systems were included in the new edition of the federal project, "commented Nikolai Zubarev, director of the Information Security area of the Digital Economy organization. |
2017: Approved action plan for "Information Security" of the program "Digital Economy of the Russian Federation"
On December 18, 2017, the Government Commission on the Use of Information Technologies to Improve the Quality of Life and Business Conditions approved an action plan for the Information Security direction of the Digital Economy of the Russian Federation program for 2018-2024.
According to the Prime Minister, the Russia Dmitry Medvedev plan contains measures that allow to prevent cybercrime at the modern technological level.
Moreover, we are talking not only about security in the information space, but also about legal protection in the digital economy. One of the tasks of this section is to increase the literacy of ordinary users so that they feel comfortable in the digital environment, use Internet services, are not lost in the variety of public services, are not afraid of modern technologies in this area, but, on the other hand, have the necessary knowledge in order to make competent decisions. Because ultimately this is always the decision of one person who interacts with the digital environment, and he must have versatile ideas about what to do, - said the prime minister. |
Financing
The plan provides for funding from the federal budget in the amount of 22,333 million rubles and extrabudgetary funding - 11,710 million rubles.
2020: Spending on the federal project "Information Security" increased 8 times
As it became known in early October 2020, the costs of the implementation of the federal project "Information Security" in 2022-2023. will be eight times more than expected - 8 against 1 billion rubles for each year.
As Izvestia writes with reference to the new version of the project passport, Information Security has the most significant budget increase compared to other federal projects of the Digital Economy.
Almost half of the budget can be taken over by the creation and operation of a national technological center for the implementation of methods of modern cryptography. In 2022 and 2023, 4 billion and 4.2 billion rubles will be spent on these purposes, respectively. In total, the center will need 11.5 billion rubles of state financing. The authorities are also going to send budget funds to analyze the security of state information systems.
According to experts interviewed by the publication, the most costly part is the technical implementation of the federal project. It includes projects to filter Internet traffic, counter computer attacks and create cyber polygons. The project, at least in explicit form, did not include measures aimed at preventing leaks and protecting personal data of citizens, experts say. In the current version of the federal project, the state has focused on protecting society and itself from external and global risks, they say.
Sergei Soshnikov, Softline Business Development Director for the Digital Economy National Project, believes that it would be logical to direct part of the funds to system security, primarily when the state and citizens interact on digital platforms. He connects this with the fact that the sites of state institutions and the portal of public services, as well as the resources of financial organizations, are an attractive target for hackers.[6]
Information Security Projects
2020: Development of a state platform for monitoring phishing sites and data breaches
At the end of September 2020, it became known about the creation of Russia state platforms for monitoring personal data leaks. It is planned to spend 1.4 billion on the implementation of the project. rubles More. here
2019: MPSC on cybersecurity to appear in Russia
At the end of October 2019, it became known about the appearance in Russia in the future of multifunctional educational and scientific centers on information security issues.
According to RIA Novosti, citing the press service of the Russian Security Council apparatus, the interdepartmental Security Council Commission on Information Security at its meeting "recommended that the Russian Ministry of Education and Science, together with interested federal executive bodies, ensure the implementation of a set of measures to create such centers in federal districts of the country."
In addition, the meeting participants identified organizational and technical measures that need to be taken by the Ministry of Telecom and Mass Communications to switch to the use of Russian cryptography "while ensuring electronic interaction between state authorities, organizations and citizens," the Russian Security Council said.
The news agency notes that protection against cyber threats is one of the key components of the country's national security. Cyber attacks on IT infrastructure are considered one of the forms of interference of outside forces in the affairs of sovereign states.
According to the Russian National Coordination Center for Computer Incidents, more than 4.3 billion digital impacts on Russia's critical information infrastructure were committed in 2018. Most often, banks and authorities in Russia face attacks. At the same time, the special services note an increase in the number of attempts at hacker attacks on the information infrastructure of critical facilities in Russia, including in the energy sector and in transport.
In October 2019, Russian Prime Minister Dmitry Medvedev said that Russia is working on the development of a national system in the field of cybersecurity, but total security in the digital world can lead to loss of privacy.[7]
Standardization
2020: Rostelecom-Solar will take part in the development of national standards (GOST) on cybersecurity of the digital economy
On June 16, 2020, the company "," Rostelecom-Solar the national provider service and technology company, cyber security announced its membership in three standardization committees under. As Rosstandart part of this work, the company's experts will participate in the discussion of standardization issues in the areas of cyber-physical systems (TK194), (cryptography TK26) and (information protection TK362). More. here
Significant control results for the first planned year
According to the plan, in 2018, an analysis of the risks and threats to the safe functioning of the unified telecommunication network of the Russian Federation should be carried out. An analysis of elements of the existing infrastructure of the Russian Internet segment in the country, including the existing Internet traffic routing scheme, should also be carried out.
The needs for the use Russia of Russian-made computer, server and telecommunication equipment should be determined, an analysis of the capabilities of domestic manufacturers of equipment and electronic components should be carried out, the necessary resources should be determined. In addition, the adoption of regulatory legal acts defining the description of typical procurement objects is expected. software In addition, the requirements for the stability and safety of software of bodies state power and organizations of various organizational and legal forms should be legally adopted.
In 2018, the competence center for inter-machine interaction will be determined, including cyber-physical systems and the "Internet of Things," its subordination, powers, functions will be determined.
In the same period, it is planned to develop an architecture and a prototype of a specialized resource intended for the interaction of citizens with authorized bodies in terms of the operational transmission of data on signs of illegal actions in the field of information technologies (computer fraud, imposed services of telecom operators, phishing schemes) in order to counter computer crime.
Also in 2018, measures are planned to improve standards for secure application development, including for government information systems.
Expected results for the year end of the implementation period of the action plan
As a result of the implementation of the plan, the target information security values on communication networks and in the Russian segment of the Internet should be achieved. A system of incentives should be created for the purchase and use of Russian-made computer, server and telecommunications equipment. Mechanisms have been created to stimulate the use of domestic software by all participants in information interaction.
In addition, national standards for cyberphysical systems, including the Internet of Things, should be adopted. Control of processing and access to personal data, large user data, including in social networks and other means of social communication, is ensured. National and regional computer incident response centers have been established.
It is also expected that following the implementation of the program, a system of measures will be developed to support Russian manufacturers of ICT products and services that patent products abroad.
Targets and indicators
The approved plan contains a list of targets and indicators. For example, the share of domestic network traffic of the Russian segment of the Internet, routed through foreign servers, should decrease to 10% by 2024. From 50% in 2018 to 10% in 2024, the value share of foreign software purchased by the public sector and companies with state participation should fall .
From 10% in 2018 to 90% in 2024, the share of subjects of information interaction (state authorities and local governments, companies with state participation) using security standards in cyberphysical systems and in terms of the Internet of Things should increase.
The share of citizens who have increased literacy in the field of information security, media consumption and the use of Internet services by 2024 should be 50%.
The average downtime of government information systems as a result of computer attacks should be reduced from 65 hours in 2018 to 1 hours a 2024.