标题: Regulator signals [打印本页] 作者: rabiakhatun 时间: 2024-11-7 18:12 标题: Regulator signals Almost 100% of socially significant services in Russia are provided digitally, the volume of investments in domestic IT solutions in 2022 amounted to 521.9 billion rubles, said Igor Lyapunov, CEO of Solar Group, at the SOC-Forum 2023. Despite the sharply increased number of cyber threats, the digitalization of production and healthcare continues, and the national project "Data Economy" is being prepared for launch, he said.
– We see two trends: on the content writing service one hand, accelerating digitalization, on the other, constant pressure from hackers sponsored by foreign states. Solar Group records more than 170 targeted attacks on Russian resources per day. According to our data, about 440 million lines of confidential information leaked online in 2023.
To counter these threats, business, the professional community and regulators need to work together.
But often operators or owners of resources related to critical information infrastructure (CII) try to artificially divide CII objects into segments to reduce negative consequences and reduce the category of significance, noted Deputy Director of the FSTEC of Russia Vitaly Lyutikov.
Since the end of 2022, FSTEC has checked more than 40 thousand systems, a third of which were returned for revision in terms of [assessment of possible] damage
Vitaly Lyutikov, FSTEC of Russia:
– When deciding which systems should be protected, we propose to be guided by documents developed by industry regulators and, of course, Government Resolution No. 127 as the main regulatory act.
Industry lists of typical critical information infrastructure facilities have been developed and agreed upon with the Russian Federal Service for Technical and Export Control in seven industries: science, fuel and energy complex, energy, transport, rocket and space and nuclear industries, and banking. Similar lists may appear in other areas by the end of 2023, said Elena Torbenko, head of the Russian Federal Service for Technical and Export Control, at the forum.
Standard lists are not lists of significant critical information infrastructure facilities, she emphasized.
A typical list is:
Types of systems that a critical information infrastructure entity has, taking into account its types of activities;
Systems that should be included in the list of objects subject to categorization.
“In our opinion, this is a great help to organizations at the initial stage of realizing themselves as subjects [of critical information infrastructure] and realizing their systems as objects that need to be protected,” noted Elena Torbenko.
FSTEC has identified more than 700 violations in the field of cybersecurity, Vitaly Lyutikov said. According to him,
In 98% of cases, the simplest violations are detected, which, nevertheless, can create the preconditions for the emergence of threats
“We will invite organizations that are scheduled for inspection in 2024 to meetings where we will present typical errors so that they have the opportunity to correct the shortcomings before the inspection,” warned Vitaly Lyutikov.
