FSTEC allocated 1.6 billion rubles for the secure development of Russian OS and various software

2024

Allocation of 1.6 billion rubles for the secure development of Russian OS and various software

In August 2024, the Federal Service for Technical and Export Control (FSTEC) will receive ₽1,6 billion from the federal budget for the implementation of five projects in the field of information security. These funds are aimed at developing a unified environment for the secure development of domestic software, creating an infrastructure for researching the security of Russian operating systems and testing software updates by foreign developers.

According to reports, one of CNews the main areas of financing will be the development of a unified environment for secure software development. By the end of 2024, ₽423 million were allocated for this project. The project will be engaged in, V.P. Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS) which won the corresponding competition. The first stage includes the analysis of the classes of applied and system domestic, ON used in state information systems and at facilities. critical information infrastructure Russia Next, a methodology and a set of tools will be developed to ensure secure software development, as well as the procedure for their distribution to development organizations.

𝓲

Freepik

Another important project included in the federal project "Information Infrastructure" is the creation of infrastructure for a systematic security study of critical components of Russian operating systems. For its implementation, ₽309 million are provided. Here, the winner of the competition was the ISP RAS. Within the framework of the project, it is planned to develop methodologies for architectural analysis and fuzzing testing, as well as organize a full-system dynamic analysis of critical components that affect the safety of domestic software.

The third project is aimed at developing an infrastructure for testing software security updates by foreign developers. This project received funding in the amount of ₽79 million. The State Research Institute of Technical Information Protection (GNIITZI) at FSTEC will be responsible for its implementation. The main task will be to develop a methodology for assessing the criticality of vulnerabilities in software and organize the process of testing updates for undeclared capabilities in them.^[1]

2022

On February 16, 2022, the Federal Service for Technical and Export Control (FSTEC) of Russia announced a tender for "creating a unified environment for the development of safe domestic software." The initial (maximum) contract price is 510 million rubles.

As Kommersant writes with reference to the technical documentation for this project, within the framework of it it is planned to create a set of software solutions in which Russian software developers will be able to write solutions that are initially trusted from the point of view of information security for subjects of critical information infrastructure (CII).

FSTEC creates a system for secure development of software for 0.5 billion rubles

A trusted environment is necessary so that Russian companies, when creating software, cannot accidentally or intentionally leave vulnerabilities and backdoors in it. The platform is designed primarily for the development of products for the defense departments, the financial sector, the energy industry and other structures where the maximum level of security is required.

The Ministry of Digital Development explained to the publication that by February 2022, individual companies that use them for their needs have trusted software development environments. The creation of a unified environment will allow it to be used by a wide range of interested developers, the ministry added.

According to the source of the newspaper in the software market, a unified environment for the development of secure software is necessary so that FSTEC can actually control the process of its creation in real time. Subsequently, Russian companies may be obliged to develop software for KII subjects exclusively in this system in order to reduce information security risks, he said.

Applications for an open competition are accepted until March 4, 2022, the results will be summed up on March 11. The system should be launched by December 2024. Financing of this project is carried out at the expense of FSTEC funds allocated from the federal budget and pledged by the passport of the federal project "Information Security."^[2]

Notes