The National Coordination Center for Cyber Incidents (NKTsKI) under the auspices of the FSB is developing a draft law that will become the fundamental document defining the operating procedure of the State System for detection, prevention and elimination of consequences of cyber attacks (GosSOPKA). The document will define all participants in the system, their tasks, rights, duties and responsibilities, and will also regulate the connection to the system of companies that are not subject to critical information infrastructures (CII). NKTsKI deputy director Petr Belov spoke about this at the SOC Forum 2024.
Interview: The Future of Cybersecurity Law with Petr Belov, Deputy Director of NKTsKI
Editor: Thank you for joining us today, Mr. Belov. As we understand, the National Coordination Center for Cyber Incidents (NKTsKI) is developing a draft law that will govern the State System for Detection, Prevention, and Elimination of Consequences of Cyber Attacks (GosSOPKA). Can you begin by explaining the primary purpose of this initiative?
Petr Belov: Absolutely, thank you for having me. The draft law we are working on is designed to establish a comprehensive framework that clearly delineates the roles and responsibilities of all participants involved in cybersecurity within our nation. It aims to enhance our capacity to detect, prevent, and respond to cyber threats effectively. This legislation will also ensure that even companies not classified under critical information infrastructures can connect to the system, thereby strengthening the overall cybersecurity posture of our country.
Editor: That sounds like a significant step forward. What are some of the key components of this draft law that you believe will have the most impact on organizations?
Petr Belov: One of the core components is the formal definition of tasks, rights, and duties for each participant in the cybersecurity framework. This clarity is crucial, as it will reduce ambiguity and enhance coordination among various stakeholders—including government bodies, private companies, and critical infrastructure operators. Additionally, by regulating connections for non-CII companies, we are encouraging a culture of cybersecurity across the entire industry, ensuring that smaller entities are not left vulnerable.
Editor: The implications of this draft law reach far and wide. How do you envision it affecting the private sector, particularly businesses that may not fall under critical information infrastructures?
Petr Belov: This draft law seeks to create a more integrated approach to cybersecurity that is inclusive of all sectors. For businesses outside the critical information infrastructure, participating in GosSOPKA means they will have access to guidance, resources, and support systems that were previously limited to larger organizations. Moreover, they will be better equipped to identify threats and respond to incidents, ultimately fostering a safer digital environment for everyone.
Editor: With cyber threats constantly evolving, how will this law adjust to keep pace with technological advancements in the cyber realm?
Petr Belov: The law will include provisions for regular updates and adaptations based on the latest cybersecurity trends and threat assessments. It will also promote collaboration between public and private sectors to continuously improve our collective capability to address new challenges. By facilitating ongoing dialogue and feedback from industry experts, we can ensure that our legislative approach remains relevant and effective.
Editor: That sounds promising. To wrap up, what practical advice would you offer to organizations currently navigating the complex landscape of cybersecurity before this law is enacted?
Petr Belov: I recommend that organizations start developing a strong cybersecurity culture internally. This includes training employees about basic cyber hygiene practices, conducting regular security assessments, and ensuring that robust incident response plans are in place. Engaging with professional cybersecurity communities and staying informed about the latest threats will also prepare them for the eventual integration into the GosSOPKA framework.
Editor: Thank you for sharing these valuable insights, Mr. Belov. We look forward to seeing how the implementation of this law will enhance our national cybersecurity defense.
Petr Belov: Thank you for having me. I believe that through collaboration and commitment, we can build a resilient cybersecurity landscape together.