Ministry of communications proposes to oblige credit and financial organizations, enterprises of the defense industry and the fuel industry, energy, transport and state agencies to use “predominantly” Russian software from 1 January 2021, the year. About it writes RBC with reference to developed by the Department and sent for approval to the Ministry, the FSB and the Federal service for technical and export control project of the decree of the President. Experts say that it will take years and hundreds of billions of rubles.
In the document, a copy of which is publication and the authenticity of which was confirmed by two people familiar with the source, talking about the new requirements for the owners of so-called critical information infrastructure (CII). This concept was introduced adopted in 2018, the year the law “On the security of critical information infrastructure”.
Object CUES is a computer network and other it infrastructure of state bodies, scientific and financial organizations, defense, fuel and nuclear industries, transport, energy and others. Such objects are their owners required to connect to the State system of detection, prevention and elimination of consequences of computer attacks (it runs FSB) and report through it all cyber incidents.
If the proposal of the Ministry of communications will be implemented at critical facilities will be allowed only from the registry of programs produced in Russia and the EAEU and equipment from the national registry of electronic products. An exception will be made if the owner of the object CUES will prove that the Russian alternative to a particular foreign software or hardware does not exist or it will not allow companies to carry out the objectives set by the law. In any case, support such equipment may only be carried out by Russian companies.
the Source in the office of the Vice-Prime Minister Yuri Borisov told RBC that on the initiatives of Minkomsvjazi they know and underharvest them at the same time, “the document is not yet seen.” Among the five largest Russian banks in leading cellular operators, and industrial companies has not provided comments on the Agency’s initiative.
Experts interviewed by the publication, note that the translation of critical information infrastructure to the domestic software and hardware has long been known, for the owners of such objects, the prospect is not new. But to meet in such a short time — until 1 January 2021-go only a little more than six months — will be problematic. Especially hard to have representatives of the energy, metallurgical and chemical industry and fuel and Energy companies and nuclear power — they have a refresh cycle of information systems is especially long. To interfere in it, says Andrey Zaikin, guiding the direction “Information security” in it, CROC will be problematic.
According to information security expert, Cisco Systems Alexey Lukacova, the oil industry workers or metallurgists, and other continuous production, the process of a full launch of “domestic” may take at least 5 — 10 years. It is important to take into account the cost of such a transition last year, said the expert, one of the major state-owned banks estimated costs for your organization in 400 billion rubles.