The Ministry of Digital Development of the Russian Federation is going to create a register of unacceptable events in the field of cybersecurity by the end of the year, access to which will be given to all organizations. Kommersant writes about this, citing three sources in the industry. The information was also confirmed by the ministry.
First of all, the register will cover state bodies, state institutions and CII facilities, since they are subject to the May Day decree of Russian President Vladimir Putin on additional measures to ensure information security. According to the document, the responsibility for identifying and eliminating attacks falls on the deputy heads of organizations.
As the interlocutor of the publication explained, the list will include scenarios that are dangerous for IT companies, which “should not be allowed under any circumstances.” To identify potential threats, the Ministry of Digital Development intends to involve auditors and heads of organizations being assessed.
The ministry told the newspaper that as part of the presidential decree, a number of organizations and bodies were to conduct a security analysis and submit a report to the government. The work done has shown that unacceptable events need to be systematized. The Ministry of Digital Transformation specified that the register would be ready by the end of the year.
Once the list is operational, companies will have to identify the most typical scenarios for themselves and report them to the government, added a source close to the development of the initiative. Then organizations will conduct monitoring, which should confirm that there are no cybersecurity violations.
Alexey Lukatsky, an independent cybersecurity expert, noted that now companies are sending abstract statements about security risks to the Ministry of Digital Development. The expert believes that the creation of the register will make it possible to clearly show “what each company must protect itself from.”
Pavel Korostelev, head of the Security Code product promotion department, believes that the register does not aim to protect against cyber threats directly, but will help consolidate the risk base so that it is “unambiguously perceived”. According to the expert, each organization has its own unacceptable violations. For example, government organizations cannot afford to hack a page or send spam on their behalf, and online stores cannot afford to stop the sales service.
After the start of Russia’s special operation in Ukraine, a number of large corporations and almost all state information systems were subjected to hacker attacks. The interlocutor of the publication in the cybersecurity market said that after that, companies from all sectors of the economy were checked. It turned out that 79% of organizations had vulnerabilities in their systems, while 86% of them were successfully hacked.
Subscribe to Vedomosti on Telegram and stay up to date with the main economic and business news