NCCCI National Computer Incident Coordination Centre

The National Coordination Center for Computer Incidents (NCCCA) provides coordination of the activities of the subjects of the critical information infrastructure (CII) of the Russian Federation on the detection, prevention and elimination of the consequences of computer attacks and response to computer incidents.

The main functions of NCCC include:

• Coordination and direct involvement in computer incident response activities;
• participation in the detection, prevention and elimination of the consequences of computer attacks;
• informing the subjects of the critical information infrastructure about the means and methods of conducting computer attacks and methods of their prevention and detection;
• collecting, storing and analyzing information on computer incidents and computer attacks, as well as analyzing the effectiveness of measures to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents.

History

2024

FSB: 70% of appeals to the National Coordination Center for Computer Incidents are related to the destruction of information by ransomware viruses

In 2024, about 70% of all appeals to the National Coordination Center for Computer Incidents (NCCCI) were related to the destruction of data, including ransomware viruses. This was announced on November 6, 2024 by a representative of the FSB. The trend towards attacks aimed at causing maximum damage continued for the second year in a row, which makes ransomware viruses one of the most serious threats to the Russian information infrastructure.

The state system for detecting, preventing and eliminating the consequences of computer attacks State system of detection, prevention and elimination of consequences of computer attacks requires the transfer of data from all subjects of the critical information infrastructure (CII) and personal data operators. The representative of the FSB expressed the opinion that it is necessary to expand the list of participants transmitting data to State system of detection, prevention and elimination of consequences of computer attacks, which should help strengthen national information security. The agency is working on a corresponding bill.

𝓲

Freepik

Deputy Director of the NKCKI at the FSB Pyotr Belov also said that since the beginning of 2024, centralized cyber operations have been underway against Russian structures, which has been going on for almost a year. According to him, cyber operations are aimed at critical information infrastructure facilities and not only, but various hacker groups with different levels of qualifications and different approaches take part in it. Belov stressed that attack methods include both "frontal" cyber attacks and the introduction and consolidation of infrastructure, which complicates the fight against cyber threats.

He added that the unification of the actions of hacker groups and the similarity of the methods used suggest that all attacks are coordinated from one center. This assumption is also confirmed by the fact that actions are methodically carried out to select targets, penetrate and disable objects. The systematic nature of the attacks creates serious challenges to the country's information security and requires comprehensive security measures.^[1]

How to improve the security of critical infrastructure enterprises in a short time

NCCC summed up the first results of monitoring the security of Russian KII organizations. Spoiler alert: Unsatisfactory... Read more here.

Launch of an ambulance center for companies affected by hackers

At the end of May 2024, it became known about the launch by the National Coordination Center for Computer Incidents (NCCCI) of a consulting center to counter cyber attacks. According to the representative of the center, Alexei Novikov, the new project will work closely with leading companies in the field of information security, providing free support to organizations affected by hacker attacks. According to Novikov, the center will provide operational assistance by analogy with emergency medical care. Experts will help localize the penetration of attackers, limit the spread of the attack and develop a plan for further recovery actions.

To obtain assistance from NCCC, companies need to provide security event logs and information about mail domains. All work of the center will be regulated by special rules that establish the procedure for data transfer, access to services for notification of incidents and vulnerabilities, as well as for assessing the security of corporate infrastructure.

𝓲

Unsplash

From September 1, 2022, all personal data operators in Russia are obliged to inform State system of detection, prevention and elimination of consequences of computer attacks - the State System for Detecting, Preventing and Eliminating the Consequences of Computer Attacks - about cyber incidents that have occurred. However, many companies are not ready to timely identify such threats, which prompted NCCCA to create a new assistance service.

According to experts interviewed by Vedomosti, some organizations fear the integration of the FSB structure into their infrastructure for privacy reasons and regulatory requirements, preferring to contact commercial cybersecurity providers.

The first company to join the NCCCI initiative was Positive Technologies. Within the framework of cooperation with the center, it will provide incident analysis services, including identifying ways for hackers to penetrate, preventing repeated attacks and expert recommendations for improving cybersecurity systems.

The decision to create a consulting center is caused by a lack of qualified specialists in digital forensics in Russian companies amid a rapid increase in the number of cyber attacks. According to statistics, in 2022 the number of incident investigations increased by 50% compared to 2021, and in 2023 - by 76% compared to 2022. The new NCCC center is designed to become a significant help for Russian business in confronting cyber threats, providing organizations with access to expert assistance and advanced resources for protecting information systems.^[2]

2022: FSB took up accreditation of cyber attack monitoring centers

On June 1, 2022, it became known about the FSB order, according to which the centers of the state system for detecting, preventing and eliminating the consequences of computer attacks (State system of detection, prevention and elimination of consequences of computer attacks) will have to be accredited at the National Coordination Center for Computer Incidents (NCCCA). Read more here.

2020

The center for monitoring and response of the "Security Code" received the right to perform the functions of the State system of detection, prevention and elimination of consequences of computer attacks center

On March 5, 2020, the Security Code company announced the launch of the Security Code Monitoring and Response Center, as well as the signing of a cooperation agreement with the National Coordination Center for Computer Incidents (NCCC), the purpose of which is to organize interaction in the field of detection, prevention and elimination of computer attacks within the State system of detection, prevention and elimination of consequences of computer attacks. Read more here.

Jet CSIRT received the right to act as an operator State system of detection, prevention and elimination of consequences of computer attacks

On February 25, 2020, Jet Infosystems announced the conclusion of an agreement on the interaction of the IBJet CSIRT Incident Monitoring and Response Center with the National Coordination Center for Computer Incidents (NCCC) to provide expert services for organizing interaction with State system of detection, prevention and elimination of consequences of computer attacks. Read more here.

2019

Angara Professional Assistance received the right to act as an operator State system of detection, prevention and elimination of consequences of computer attacks

Angara Professional Assistance on October 11, 2019 announced the signing of an agreement on interaction with the "National Coordination Center for Computer Incidents" (NCCCA) as part of the functions of the State system of detection, prevention and elimination of consequences of computer attacks operator for the subjects of the critical information infrastructure (CII) of the Russian Federation in accordance with Federal Law No. 187 of July 26, 2017 "On the Security of the Critical Information Infrastructure of the Russian Federation" and its by-laws in all branches of CII. Read more here.

Get the right to initiate site locks

On August 6, 2019, it became known that the National Coordination Center for Computer Incidents (NCCC) of the FSB was among the competent organizations of the Coordination Center for Domains.ru/.rf (CC RF). This will allow the FSB structure to block sites faster than the court and Roskomnadzor. Read more here.

Infosecurity acquired the right to execute functions of the State system of detection, prevention and elimination of consequences of computer attacks center for subjects CUES of the Russian Federation

The company "Infosecuriti" (part of the Civil Softline Code) on July 4, 2019 announced the signing of a cooperation agreement with the National Coordination Center for Computer Incidents (NCCCA), the purpose of which is to organize cooperation in the field of detection, prevention and liquidation computer attacks within the framework. State system of detection, prevention and elimination of consequences of computer attacks The agreement gives the Center for Monitoring and Incident Response " INFORMATION SECURITY Infosecuriti" (I)SOC the right to perform the functions of the GosSOPKA center for subjects. critical information infrastructure RUSSIAN FEDERATION More. here

2018: Establishment of a National Cyber Threat Centre

On September 10, 2018, it became known about the creation by the Federal Security Service (FSB) of a center to combat cyber threats. The new structure, called the National Coordination Center for Computer Incidents (NCCCI), will have broad powers. The order of the FSB on the creation of the center was published on the portal of disclosure of legal information.

The National Coordination Center for Computer Incidents (NCCCA) is an integral part of the forces designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents, the document says.

The task of the NCCCA will be to coordinate the subjects of the critical information infrastructure in such incidents. The structure will coordinate government agencies and companies with their own IT systems from power, transport, communications, financial markets, including banks, from industry, including defense.

FSB created a structure to combat cyber attacks

In its work, NCCCI will be able to attract specialized organizations and experts. The information protection and special communications center of the FSB will be responsible for the information, analytical, organizational and material support of the new structure.

Separately, it is noted that NCCCI may refuse to transfer information to the competent authorities of a foreign state or international organization, if this threatens the security of Russia.

The center will be headed by a director who will combine this position with the post of deputy head of the scientific and technical service - head of the Center for Information Protection and Special Communications of the FSB.

The center was created as part of the implementation of the law "On the Security of Critical Information Infrastructure," adopted in July 2017, which established criminal liability for cyber attacks on critical infrastructure.^[3]"

Notes