RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2021/02/16 11:21:54

Remote work in state bodies and TARM official

The article is devoted to regulatory issues and practical aspects of the remote work of civil servants.

Content

2021

Official at the remote: The Ministry of Digital Affairs and the FSTEC are preparing a number of solutions for working in the new reality

Due to the pandemic, remote work now looks like a real working option, which can be resorted to under various circumstances, including in the public sector "(photo - 1.bp.blogspot.com)"

Unexpected udalenka

When the Moscow Regional Duma adopted a law in the fall of 2019 allowing local civil servants to be transferred to remote work, it looked like an experiment with the distant prospect of replication throughout the country. Until now, the remote woman looked like the destiny of mainly developers and freelancers. But the coronavirus infection that reached Russia made remote work an unexpected reality for many officials across the country in March 2020.

The government instructed the federal executive authorities to transfer the maximum number of employees to remote work in connection with the infection from March 27. Initiatives were also taken at the regional level.

The Ministry of Digital Affairs says that they do not have data on how many civil servants then went to the remote site at the peak. But the exodus of officials from offices in some federal departments has taken on an impressive scope. So, for example, in April , the Ministry of Energy reported on the transfer home of 70% of its employees.

They were not ready, there was not enough money

Looking back, we can say that the public sector then was not in a high degree of readiness for the transition to a remote location. Konstantin Gurzov, Director of the Informatization Projects Department of the Ministry of Digital Affairs of Russia, speaking at the security forum in February 2021, noted that then everything happened quite sharply, the government instructed the ministry to promptly provide the federal authorities with the conditions for remote work.

A little later, in April and May 2020, the Ministry of Digital Affairs conducted a survey of 64 FOIV, which revealed digital inequality in departments and the presence of problems with basic services. He showed, for example, that 28% of civil servants do not have corporate mail and use popular postal services, both Russian and foreign. And 83% of FOIV use Microsoft services to organize mail. 59% of FOIV do not use integrations with communication systems, 19% do not have complementary basic services (meeting organization, working time calendars, etc.).

In addition, the departments have very different budgets for digitalization, and not everyone had the opportunity to immediately provide a significant number of their employees with safe remote jobs, said Konstantin Gurzov.

Especially many questions arose about information security at the remote site. Despite the fact that everyone is dealing with security issues when the question arose of switching to a remote mode of operation, it turned out that many are not very ready for this, said FSTEKVItalian Deputy Director Lyutikov at the same conference in February 2021. He explained that, speaking of readiness, he focuses primarily on the public sector and critical information infrastructure (CII ).

If in the current paradigm, according to the regulatory framework, organizations strive to ensure control of the perimeter of the infrastructure, then when workers switch to remote mode, the perimeter begins to erode. The best option would be for the organization to give the employee a remote workplace with pre-installed software, all settings, locks, etc. Along this path, FSTEC went when it issued the first recommendations related to remote access, Lyutikov noted. But here the implementation rested on the money.

File:Aquote1.png
Then it turned out that there were no funds. This is a huge cost. It's good if someone has, but in most cases they were not, "stated the deputy director of FSTEC.
File:Aquote2.png

Vitaly Lyutikov appreciated the transition of officials to remote work in terms of information security issues "(photo - Maxim Blinov/RIA Novosti)"

In these conditions, he added, it was necessary to assess the threats and make some other decisions. The first threat is obviously related to the user's workplace. If a user for remote access to resources, for example, the document flow of a government agency or state-owned company uses not a certified automated workplace, but his own computer, then such a workplace is obviously not trusted.

Vitaly Lyutikov explained that the device in this case does not obey the security policies established in the state agency, it is not clear what software is installed on it, what vulnerabilities there are, etc. Under such conditions, the number of workplace threats is beginning to increase.

File:Aquote1.png
By the way, I will note about 2020: did someone make changes to the current threat models? Such precedents certainly did not pass through us. This is to the issue of readiness. No one rushed to make changes to the current models. All government agencies and state-owned companies, for example, switched to remote operation, and making changes to existing models... I don't notice something like that, "said the deputy director of FSTEC. - Maybe, of course, they somehow passed outside our field. Well, at least that's right, then. But this is unlikely.
File:Aquote2.png

In addition to the endpoint itself, security issues arise both in the router to which it is connected and in the network. The representative of FSTEC believes that the security issues of the remote workplace will be relevant for a long time.

Always Ready - Typical Employee Workstation

And indeed, despite the fact that as of February 2021, many officials and employees of companies who had gone remote at the height of the epidemic in Russia have already returned to their offices, remote work now looks like a real working option, which can be resorted to under various circumstances, including in the public sector. The issue of readiness remains valid.

Against this background, remote work in Russia was finally legalized: from January 1, 2021, a federal law signed by President Vladimir Putin came into force on remote work, clarifying many "gray" areas that remained in this area.

If we return to the security of remote work, then the Ministry of Digital Affairs, even before the pandemic, was working on a project to create a standard automated workplace (TARM) of a civil servant under the Digital Economy program. During the pandemic period, this project received additional incentives for accelerated development.

TARM is positioned as a platform that provides a wide range of online services for remote operation using any type of device, including home PCs.

Slide from the presentation of Konstantin Gurzov

In accordance with the instructions of the government in the spring of 2020, the Ministry of Digital Affairs primarily provided the two most popular services to federal-level departments at that time: video conferencing based on the TrueConf and instant messaging solution based on the MyTeam solution. They were deployed on separate servers in the Voskhod Central Research Center, Konstantin Gurzov said in a conversation with TAdviser.

At that time, quickly "comb" the entire federal public sector to provide them with these services and provide technical support was a difficult task, he noted.

File:Aquote1.png
We plan to develop this direction. Now a concept is being prepared that implies the creation of a comprehensive TARM platform solution, which users will be able to access through VPN and choose the services they need. They will include services for project management, socialization, the ability to manage calendars and meetings, etc. This is a portal that in the tile interface would allow them to be selected, "explained TAdviser Director of the Informatization Projects Department of the Ministry of Digital Arts.
File:Aquote2.png

The Ministry of Digital Affairs expects to write a concept before the summer of 2021 and in the fall begin to provide TARM as a platform solution, starting with federal government agencies. In the future, the connection of state bodies at the regional level is also considered.

Slide from the presentation of Konstantin Gurzov

It is planned to deploy the TARM server part on the basis of the state unified cloud platform ("Gosoblako"). Konstantin Gurzov explained in a conversation with TAdviser that the already existing video conferencing and instant messaging services will soon be moved to the infrastructure of Gosoblak and provided from there.

File:Aquote1.png
We want to provide TARM services to functional customers for free. But there are many nuances involved in calculating everything correctly. Given that we are the main manager of the corresponding budget and we will need to provide funding for the cloud, this is a rather difficult story in terms of money. On the one hand, if you look simplified, it seems that all this is cheap, but when it fouls with many services, a rather significant amount is obtained, and billions of rubles are obtained in the calculation of the existing number of officials, "explained Konstantin Gurzov to TAdviser.
File:Aquote2.png

Flash Drive Security

In addition to providing online services for remote work, the tasks of TARM also include ensuring the security of information on the terminal device at a level that would allow you to remotely work with state information systems, personal data information systems and critical information infrastructure facilities .

At a security conference in February, Gurzov also said that it was decided to go another way - using a hardware solution that would allow civil servants to safely connect from their personal computer to TARM platform services, as well as to the internal corporate network through remote connection to the desktop of a service computer (Remote Desktop) or through a virtual desktop (VDI). The idea "came in." On behalf of the government of the Ministry of Digital Affairs, together with the FSTEC and the FSB, they organized a working group with representatives of developers of secure devices, secure operating systems, and information protection tools.

The group members agreed that the protection of the civil servant's remote workplace should be implemented on the basis of Live USB technology - a boot flash drive combined with a cryptographic token with built-in protected memory, certified protected OS, additional security tools, as well as a set of application software sufficient for full remote user work.

Such a solution, downloading a computer from an external USB drive, completely isolates the user from the operating system and software of his own computer, unverified sites on the Internet, any third-party content that he can download, explained Konstantin Gurzov.

The representative of the Ministry of Digital Affairs also told TAdviser that as of February 2021, the requirements for devices for ensuring safe remote operation have already been developed and agreed with the FSTEC and the FSB, but have not yet been officially adopted. Nevertheless, their presence already makes it possible to conduct pilot projects. The FSTEC of Russia, as a regulator, is preparing to approve these requirements by order with registration with the Ministry of Justice. After that, the requirements will come into force. At the same time, the requirements themselves will remain with the heading "CPD," since they are highly specialized in nature.

As Konstantin Gurzov noted in a conversation with TAdviser, when developing requirements for a solution based on Live USB in the Ministry of Digital Arts, he focused primarily on civil servants, but it can also be used to work with corporate resources in the private sector.

Slide from the presentation of Konstantin Gurzov

When organizing remote work, government agencies should be guided by the requirements for protection measures approved by the FSTEC as part of order N17. But here, as mentioned earlier, the question of price arises. In order to meet these requirements without using TARM, you need to buy a laptop for each remotely working employee, equip with superimposed security tools, deliver specialized software, Konstantin Gurzov explained, adding that using a Live USB-based solution will meet the requirements of the regulator with much lower costs.

Sergey Gruzdev, General Director of Aladdin R.D., who participated in a working group with regulators to develop requirements for a hardware solution for the safe remote work of employees when using personal computer equipment and is already offering a certified product on the market based on Live USB technology, meeting these requirements, estimated how much the organization of the workplace can cost in accordance with the requirements under the order of the FSTEC of Russia N17.

File:Aquote1.png
A normal laptop costs about 75 thousand rubles, maybe under 100 thousand. The means of protection that must be installed in accordance with the requirements of the FSTEC of Russia are about 30%, or even up to 50% of the cost of a laptop. This is a huge additional cost, especially if the organization is very large. With Live USB technology, you can set up a remote workplace at a much lower cost. Actually, initially the idea of ​ ​ developing requirements for such a decision was born out of economic considerations: to enable state structures that are required to fulfill information protection requirements to organize a remote workplace with less costs, "explained Sergey Gruzdev.
File:Aquote2.png

According to the general director of Aladdin R.D., a number of large state-owned companies and departments have already shown interest in the decision, a number of pilot projects have been launched in organizations, but it is premature to talk about details and results.

Slide from the presentation of Sergey Gruzdev

Speaking about the potential scale of sales of a Live USB solution in the public sector, Konstantin Gurzov in a conversation with TAdviser noted that without the "security forces" in total there are about 1.3 million civil servants. At the same time, not everyone needs the ability to work remotely. If you take very generically, then according to the minimum estimate, a solution based on Live USB will need to provide about 200-300 thousand civil servants. Also, this decision may be in demand both in law enforcement agencies and in state corporations, Konstantin Gurzov believes.

A PC that's everywhere with you

But that's not all. It is possible that in the future, officials will have another option for organizing remote workplaces, allowing them to meet established security requirements. A TAdviser source close to the working group that developed the requirements for a Live USB solution says that the Ministry of Digital Affairs is also discussing the possibility of using mini-computers in the public sector - wearable devices that contain a crypto token.

A secure mini-computer could be taken with you both to work and home, says TAdviser interlocutor. Such computers based on the new Harvard architecture are developed, in particular, by OKB CAD.

How promising such a way of organizing a safe workplace for remote removal is will largely be determined by the price. In addition, there is a question of convenience: if you use the same mini-computer both at home and at work, how convenient it will be each time to reconnect it to various devices.

Ministry of Natural Resources will return employees of the central apparatus from remote work

The Ministry of Natural Resources and Ecology will return all employees of the central office to full-time work from the environment. This was reported to RBC by the press secretary of the ministry Marina Evseeva.

File:Aquote1.png
Since February 17, all employees of the central apparatus of the Ministry of Natural Resources are taken from remote work to full-time work, "she stressed[1].
File:Aquote2.png

2020

Ministry of Energy is ready to return employees to remote work because of COVID-19

The ministry is power engineering specialists Russia ready to again transfer its employees to remote operation amid the complication of the situation with coronavirus. This was announced on September 24, 2020 by State Secretary - Deputy Minister of Energy Anastasia Bondarenko.

File:Aquote1.png
Yes, we plan. Now all 100% work in the office, monitor the situation, and are ready to start the remote operation mode again, "she said[2].
File:Aquote2.png

On behalf of Deputy Prime Minister Chernyshenko, recommendations were created for officials on the transition to the "remote"

At the end of April 2020, the Russian Academy of National Economy and Public Administration under the President of the Russian Federation (RANEPA) sent recommendations to Prime Minister Dmitry Chernyshenko and Minister of Digital Development, Communications and Mass Communications Maksut Shadaev on organizing the work of civil servants of federal executive bodies in remote access mode. Recommendations in PDF format can be downloaded here, a web version is also available.

The transfer of civil servants to remote work is carried out in order to counter the spread of a new coronavirus infection. He developed recommendations from the Center for the Training of Digital Transformation Leaders of the Higher School of Public Administration on behalf of Chernyshenko.

The order of Dmitry Chernyshenko, according to which recommendations were developed, dates back to March 26 "(photo - og.ru)"

The compilers of the document indicate that the recommendations and practices were collected from two interested parties: from the functional managers of FOIVs who have already received and summarized the experience of the transition, and from the leaders of project teams, product development teams, for whom the mode of operation of the virtual geographically distributed team has been familiar for many years.

The authors note that the transition to remote operation mode is implemented as a combination of technological and organizational measures. A survey was conducted among twenty civil servants at the level of heads and deputy heads of the FOIV on the practice of organizing the transition and managing in remote work conditions, which revealed the main organizational measures for the transition and typical factors of difficulty in moving to remote work (see figures below).

The figure shows the numbers how many respondents chose a particular answer
The figure shows the figures for which percentage of respondents the difficulties are relevant

Managers focus mainly on the technological and administrative side of the transition to a remote work format, while much less attention is paid to training employees and the necessary soft skills to help adapt to changed circumstances and the specific skills necessary to work with unfamiliar tools. At the same time, almost 90% of respondents consider normal work after the transition of some employees to a remote format to be effective.

The recommendations are intended for the level of individual specialists, both teams, and the entire organization. At the employee level, the document considers such challenges as the need for self-organization, household discomfort, the creation of comfortable conditions, the preservation of psychological stability, the fear of being unclaimed. In addition to the recommendations made by the employee himself, the document also contains tips for their managers on how to help employees cope with new challenges.

At the team level, recommendations cover such problems as mastering technology, moving to teamwork, revising roles, transforming team culture. Team leaders are offered possible medium-term plans to overcome these challenges.

At the organization level, challenges such as changing work models, creating new values, and simultaneously transforming many processes are considered. The recommendations and the medium-term plan version are also discussed here.

Remote IT Tools Used in Remote Transition

As a practical example, the document describes in detail the experience of switching to remote work of the Accounts Chamber in fact in its entirety. On its basis, the main components of the basic readiness for transformation were identified:

  • technical readiness;
  • development of a new format of interaction with clients;
  • readiness of the organization's infrastructure;
  • establishment of a transition management headquarters;
  • risk awareness.

File:Aquote1.png
No matter how you prepare, no matter how everyone envisages, calculate, check, increase the channel 10 times, increase the power of servers, know that there will be infrastructure failures, something will get out. You just have to be ready for this. It makes sense to warn everyone: something that worked before that for 10 years may break the day after tomorrow - this is one of the recommendations from representatives of the Accounts Chamber in the document.
File:Aquote2.png

The authors of the recommendations state that the forced transition to remote work turned out to be a catalyst for many positive changes: decision-making has accelerated, a number of processes have been simplified, digital services necessary "here and now" in the pandemic have become available to citizens.

The use of product and project management tools will allow you to adjust priorities, maintain a high rate of transformation even at the end of the crisis, without losing the stability of everyday work and the sustainability of the changes being introduced, the drafters note. It details the steps that need to be taken to transform at the product, project and change levels, including approaches to decision-making in a rapidly changing environment.

Considerable attention is paid to working in changing conditions. The block of recommendations compiled by representatives of the Accounts Chamber provides a set of techniques, step-by-step instructions, how to organize the work of employees and teams separated in space and contacting only on the Internet, how to manage the meeting, monitor the execution of tasks, direct, motivate, support.

File:Aquote1.png
In the situation with the transition to remote work, success mainly depends on the manager. Unfortunately, some believe that this situation should simply be tolerated, albeit through some complaints from the management, problems in the work of the unit. "We will tolerate and again in the old fashioned way we will go to the office." If this awareness does not increase, then the performance of employees will fall, this will negatively affect the entire organization, "said Alexei Sukhanov, director of the human capital development department of the Accounts Chamber, in the document.
File:Aquote2.png

The massive and rapid transition to self-isolation has forced organizations to quickly provide employees with remote access to information systems and interact with them in web conferencing mode much more often than before. It turned out that organizational and technical measures of information security are lagging behind in time, the compilers of the recommendations note. The document contains a separate section, where a generalized analysis of emerging threats is collected, recommendations on how to neutralize them.

The government instructed the authorities to transfer the maximum number of employees to remote work

The maximum possible number of employees of federal executive bodies should be transferred to remote work due to the coronavirus epidemic. This is stated in the government order Russia published on March 26, 2020 on the government website.

Heads of federal executive bodies should transfer employees to remote work from March 27. In addition, departments should provide the Government with information on the number of employees of the central office and territorial bodies transferred to remote work, as well as on the number of pregnant women, women with children under 14 years of age and workers over 60 years of age.

Three ministries transfer staff to remote work in connection with coronavirus

On March 17, 2020, RBC announced that the Ministry of Economic Development, the Ministry of Industry and Trade and the Ministry of Communications, who moved to the government complex in Moscow City, intend to transfer their employees to remote work. More details here.

2019: Moscow region officials can work remotely

The Moscow Regional Duma at the 96th meeting adopted amendments to the regional law on the state civil service, the legislature said on its website. The Moscow Regional Duma notes that the Moscow Region is still the first region of the country to introduce the practice of remote work for civil servants.

Innovations provide an opportunity for civil servants to conclude a contract for the remote performance of duties. This right can be exercised by employees who replace leading, senior and junior positions.

File:Aquote1.png
This step is dictated by the growing level of informatization of society, "explained Igor Bryntsalov, chairman of the Moscow Regional Duma. - After all, today in many commercial companies the presence of a number of specialists in the office becomes optional - it would be logical to extend this practice to state institutions.
File:Aquote2.png

More details here.

See also

Overview TAdviser Remote work: organizational and technical solutions:

Notes