Home
Settings 
System for detecting warnings and eliminating computer attacks. On improving the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation. Positive technologies and s

System for detecting warnings and eliminating computer attacks. On improving the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation. Positive technologies and s

DECREE

PRESIDENT OF THE RUSSIAN FEDERATION

ABOUT IMPROVEMENT

STATE DETECTION, WARNING SYSTEM

AND ELIMINATION OF THE CONSEQUENCES OF COMPUTER ATTACKS

TO INFORMATION RESOURCES OF THE RUSSIAN FEDERATION

In order to improve the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation and in accordance with Article 6 of the Federal Law of July 26, 2017 N 187-FZ "On the security of critical information infrastructure of the Russian Federation" I decree:

1. To assign to the Federal Security Service of the Russian Federation the functions of the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation - information systems, information and telecommunication networks and automated systems departments located on the territory of the Russian Federation, in diplomatic missions and consular offices of the Russian Federation.

2. Establish that the tasks of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation are:

a) forecasting the situation in the field of supply information security Russian Federation;

b) ensuring interaction between owners of information resources of the Russian Federation, telecom operators, and other entities carrying out licensed activities in the field of information security when solving problems related to detection, prevention and elimination of the consequences of computer attacks;

c) monitoring the degree of security of information resources of the Russian Federation from computer attacks;

d) establishing the causes of computer incidents related to the functioning of information resources of the Russian Federation.

3. Establish that the Federal Security Service of the Russian Federation:

a) ensures and controls the functioning of the state system named in paragraph 1 of this Decree;

b) forms and implements, within its powers, state scientific and technical policy in the field of detection, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation;

to detect computer attacks on information resources of the Russian Federation;

to prevent and identify the causes of computer incidents related to the functioning of information resources of the Russian Federation, as well as to eliminate the consequences of these incidents.

4. Introduce into paragraph 9 of the Regulations on the Federal Security Service of the Russian Federation, approved by Decree of the President of the Russian Federation of August 11, 2003 N 960 “Issues of the Federal Security Service of the Russian Federation” (Collected Legislation of the Russian Federation, 2003, N 33, Art. 3254; 2004, N 2883; 2005, N 49, N 25; N 49, art. 6554; 2435; 2011, art. 1222; art. 818; art. ; N 26, Art. 3314, Art. 7139; ; 2017, No. 21, Art. 2991), the following changes:

a) subclause 20.1 should be amended as follows:

“20.1) within the limits of its powers, develops and approves regulatory and methodological documents on ensuring the information security of information systems created using supercomputer and grid technologies, information resources of the Russian Federation, and also exercises control over ensuring the information security of these systems and resources;” ;

b) subparagraph 47 should be stated as follows:

"47) organizes and conducts research in the field of information security, expert cryptographic, engineering cryptographic and special research on encryption tools, special and closed information and telecommunication systems, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;";

c) subparagraph 49 should be stated as follows:

"49) prepares expert opinions on proposals to carry out work on the creation of special and protected information and telecommunications systems and communication networks using encryption (cryptographic) means, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;".

5. Introduce into the Decree of the President of the Russian Federation of January 15, 2013 N 31c “On the creation of a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation” (Collected Legislation of the Russian Federation, 2013, N 3, Art. 178) the following changes:

a) from paragraph 1 the words “- information systems and information and telecommunication networks located on the territory of the Russian Federation and in diplomatic missions and consular offices of the Russian Federation abroad”;

b) paragraph 2 and subparagraphs “a” - “e” of paragraph 3 are declared invalid.

President

Russian Federation

Moscow, Kremlin

In particular, the order lists the requirements that apply “to technical, software, hardware and other means” used to search for signs of computer attacks, their detection, prevention and elimination of consequences, as well as to systems for exchanging information necessary for subjects in the event of if there is a cyber incident. The requirements for cryptographic means of protecting such information are also described.

It stipulates that user passwords, if used for authentication, must be stored encrypted, and that users must be notified when they need to change their passwords.

Other - quite standard, but often overlooked - security procedures are prescribed, such as blocking a session after a specified period of inactivity, notification of unsuccessful attempts to access the management of GosSOPKA funds, and recording all user actions since the moment of authorization in an electronic log.

For PPKA means, the need to maintain electronic magazines recording the technical condition and protecting these logs from editing and deleting information in them.

The document also stipulates the possibility of “regular self-testing of the software during operation.”

In general, the FSB order stipulates in detail every aspect of the functioning of GosSOPKA funds, and, according to experts, there cannot be excessive detail in this case.

GosSOPKA funds are the main protection of the critical information infrastructure of the Russian Federation. Their implementation should be regulated in as much detail as possible, without any uncertainty or the possibility of double interpretation. The purpose of the order is to determine the functions and capabilities that must necessarily be present in the GosSOPKA systems, as well as to indicate what should not be there. You can find shortcomings in any document, but in this case everything looks very clear: the organizations that will be involved in the final implementation of GosSOPKA funds have been given a specific framework within which they will have to carry out the tasks assigned to them,

The requirement related to ensuring the security of information when exchanging it with participants in information interaction (the National Coordination Center for Computer Incidents) deserves special attention: the cryptographic information protection tools (CIPF) used in GoSOPKA must be certified in the CIPF certification system.

General requirements for GosSOPKA tools are presented in sections 2, 8 and 9 of the document under consideration, which respectively define general requirements, requirements for the implementation of security functions, requirements for the construction and visualization of reports, respectively.

Thus, the requirements listed in Section 2 imply the exclusion of the possibility of managing GosSOPKA funds by third parties and unauthorized transfer of information to such persons. In addition, it is worth paying attention to the requirements for persons carrying out the modernization of GosSOPKA facilities and their technical support- Russian organizations that are not under the control of foreign persons.

In Section 8, the regulator describes in detail the requirements for the security functions that GosSOPKA must provide. The requirements are grouped into the following categories:

  • 1. Identification and authentication of users of GosSOPKA funds.
  • 2. Differentiation of rights of access to information and means of State Public Protection and Prevention.
  • 3. Registration of information security events.
  • 4. Updating software and service databases of GoSOPKA tools.
  • 5. Reservation and restoration of GosSOPKA funds.
  • 6. Monitoring the integrity of the software of GosSOPKA tools.
  • 7. Network time synchronization.

Finally, GosSOPKA tools must provide functionality for visualizing all processed information: information security events, incidents, vulnerabilities, and so on. Such information should be collected into reports (graphs, tables) manually or automatically, stored for a specified period and, if necessary, exported and corrected to direct recipients.

"Informzashita" received the right to perform the functions of the GosSOPKA center for government agencies, legal entities and individual entrepreneurs of Russia

2018

Sberbank's subsidiary will connect small businesses to GosSOPKA

On September 17, 2018 it became known that Sberbank's subsidiary Safe Information Zone (Bizon) would connect small businesses to the state system of protection against computer attacks (GosSOPKA). Kommersant writes about this with reference to the information security action plan of the national project “Digital Economy”.

Sberbank confirmed to the publication its intention to use its experience for cyber protection of small companies. The credit institution calls Bizon a “visionary” of the Russian cybersecurity market, among whose clients are “the largest companies” from the fields of finance, energy, air transportation, etc.

Losses of small and medium-sized businesses in Russia from hacker attacks in 2017 amounted to 12 billion rubles, estimates Marketing Director of Rostelecom-Solar Valentin Krokhin. Such companies, according to the expert, due to small budgets for information security, are noticeably worse protected from cybercriminals compared to large businesses.

The newspaper's source on the information security market notes that Bison has received large number money, and now they need to be repaid somehow.

The FSB has determined a list of information for mandatory sending to GosSOPKA

As it became known on September 10, 2018, the Federal Security Service has determined a list of information that must be sent to the state system for detecting, preventing and eliminating the consequences of computer attacks (GosSOPKA). The order is dated July 24, 2018, but was published only in the first ten days of September.

According to the first appendix to the FSB order, information directly or indirectly related to the functioning of critical information infrastructure facilities in the Russian Federation should be sent to GosSOPKA.

That is, firstly, this is information about the objects themselves included in the register of critical infrastructure, as well as about their possible exclusion from this register.

Secondly, this is information about computer incidents affecting the functioning of CII objects, with all available details: date, time, location of the object; the presence of a “cause-and-effect relationship between a computer incident and a computer attack”; possible links to other incidents; compound technical parameters computer incidents and their consequences.

In addition, GosSOPKA should receive information about the identification of significant violations of the security requirements of significant CII facilities, if as a result they create the preconditions for the occurrence of computer incidents.

A separate item includes “other information” in the field of detection, prevention and mitigation of the consequences of cyber attacks and response to incidents. It can be provided by both CII subjects and other bodies and organizations that are not part of the critical infrastructure of the Russian Federation, including international ones.

The second appendix to the order describes the procedure for providing information to GosSOPKA. In particular, it is stipulated that general information from the CII register and information based on the results of state control must be sent to the National Coordination Center for Computer Incidents (NCCI) at least once a month and no later than one month from the moment a CII object is included in the register of significant objects or excluded from it, or a change in the category of its significance or drawing up an inspection report based on the results of state control (if violations are identified).

The format in which the authorized body sends this information is determined by the authorized body itself.

As for information about specific incidents, they must be sent in accordance with the formats determined by the NCCCI and using the technical infrastructure of the Coordination Center designed for receiving and processing data on incidents.

If the CII facility does not have access to this infrastructure for any reason, then the information is sent through some other channel, including by post, fax or electronic communication to the addresses or telephone numbers NKTSKI.

Information must be received by the NCCC no later than 24 hours after the incident is detected. Another 24 hours are allotted to the NCCCI to notify the CII subject of receipt of this information.

The list of information received by GosSOPKA could be supplemented with the results of past security audits carried out at KII facilities by commercial structures specializing in searching for vulnerabilities in digital infrastructure, says Dmitry Gvozdev, CEO of the Information Technologies of the Future company. - It would also make sense to regularly enter data into GosSOPKA about what vulnerabilities could be identified in software, used at CII facilities, and which of them are corrected. This will help with the prevention of computer incidents and cyber attacks.

Read the text of the Order of the FSB of the Russian Federation dated July 24, 2018 No. 367 “On approval of the List of information submitted to the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, and the Procedure for submitting information to the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation" is possible.

The Law on the Security of CII of the Russian Federation obliges CII subjects to inform government agencies about cyber incidents

This legal act assigns to the FSB the authority to ensure the operation of the state system for detecting, preventing and eliminating the consequences of computer attacks (GosSOPKA). This refers to computer attacks on information systems, information and telecommunication networks and automated control systems that are located in Russia itself, as well as in diplomatic missions and consulates.

The decree lists the tasks that GosSOPKA must perform. These include forecasting the information security situation in the country, ensuring cooperation between telecom operators and owners of information resources in the field of cybersecurity, monitoring the security of Russian information resources and identifying the causes of information security incidents.

In addition to directly ensuring and monitoring the functioning of GosSOPKA, the FSB will be involved in the formation and implementation of state scientific and technical policy in the field of combating cyber attacks, as well as developing methodological recommendations for their detection, prevention, identification of causes and elimination of consequences.

Positive Technologies and Solar Security undertook the creation of turnkey GosSOPKA centers

To help Russian organizations solve this problem, Positive Technologies and Solar Security have combined proven Russian products with the experience and expertise of the largest commercial center for monitoring and responding to cyber attacks.

Within this direction: · Positive Technologies provides the customer with a set of technological solutions necessary to create the GosSOPKA center. It includes products for building information interaction with the main center of GosSOPKA, incident management, monitoring the security of internal infrastructure and perimeter, protecting the organization’s critical web services, detecting and blocking malicious mailings; · Solar Security operates these solutions, controls the security of the infrastructure, monitors and responds to information security incidents, as well as interacts with the main center of GosSOPKA; · Incident investigations are carried out using the combined expertise of partners.

Using this service allows organizations to short terms increase the overall level of security of critical infrastructure, as well as ensure compliance with the requirements of N 187-FZ and methodological recommendations for the creation of departmental and corporate centers of GosSOPKA.

The Federation Council approved the introduction of criminal liability for attacks on critical IT infrastructure

On July 19, it became known that the Federation Council approved the law “On the Security of Critical Information Infrastructure,” developed by the Federal Security Service (FSB) and submitted to the State Duma by the Government in December 2016. The document will come into force at the beginning of 2018.

The law introduces a classification of critical information infrastructure objects and involves the creation of a register of such objects, while defining the rights and responsibilities of both the owners of the objects and the bodies that protect these objects. The body that will be responsible for ensuring the security of the infrastructure has not yet been appointed.

The document also envisages the creation of a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of Russia (GosSOPKA), which will ensure the collection and exchange of information about computer attacks.

Simultaneously with the approval of the law “On the Security of Critical Information Infrastructure of the Russian Federation”, amendments arising from it to the laws “On Communications”, “On State Secrets”, “On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercise of State Control (Supervision) and Municipal control”, as well as amendments to the Criminal Code of the Russian Federation. Thus, in Chapter 28 of the Criminal Code “Crimes in the field of computer information» Article 274.1 will appear, which provides for punishment for damage caused to objects of critical information infrastructure.

The State Duma approved the bill on the security of critical infrastructure

The system is already working - in particular, contractors from the recent Confederations Cup joined it. However, there has not yet been a rule on mandatory connection to the system.

In addition, the President will need to determine the authorized body to ensure the security of critical information infrastructure. The FSB and the Federal Service for Technical and Export Control (FSTEK) will be involved in preparing the corresponding decree. CNews interlocutors in the information security market believe that the FSB will become such an authorized body.

Critical infrastructure entities

The subjects of critical information infrastructure will be government organizations, legal entities and individual entrepreneurs who own or lease information systems, information and telecommunication networks and automated control systems from a certain list of industries. The list of affected areas included energy, transport, communications, science, healthcare, fuel and energy complex, banking and other financial sectors, nuclear energy, defense, rocket and space, mining, metallurgical and chemical industries.

Critical infrastructure entities (CIS) will have to create security systems based on the requirements developed by the state. Also, SCI will have to immediately report computer attacks on them to GosSOPKA, take measures specified by the authorized bodies to repel attacks and allow intelligence officers to access their facilities.

In the event of an attack on financial sector facilities, the Central Bank will also need to be notified. To coordinate the activities of the SCI to repel computer attacks, the FSB will create a National Coordination Center for Computer Incidents.

The body authorized to ensure the security of critical information infrastructure will maintain a register of information technology information. This registry will collect information for GosSOPKA. When entering a SCI into the register, the category of its significance will be determined - from first to third. The category will be assigned based on the economic, social, political, environmental significance of a given facility, as well as taking into account its significance for defense.

The authorized body will also have the opportunity to conduct scheduled and unscheduled inspections of the information technology included in the register.

Criminal penalties for attacks on CII facilities

At the same time, amendments are being made to the Criminal Code to strengthen penalties for causing harm to critical information infrastructure (CII) objects. The creation of computer programs that are deliberately intended for unlawful access to CII facilities will be punishable by forced labor for a term of up to five years with restriction of freedom for a term of up to two years, or imprisonment for a term of two to five years with a fine of 600 thousand. up to 1 million rubles

Unlawful access to legally protected computer information stored in KII facilities will be punishable by forced labor for up to five years with a fine of 500 thousand to 1 million rubles. and restriction of liberty for a term of up to two years or imprisonment for a term of two to six years with a fine in the amount of 500 thousand to 1 million rubles.

Violations of the rules for operating means of storing, processing and transmitting information from CII objects or automated networks management and communication networks classified as KII will be punished by forced labor for up to five years with deprivation of the right to hold certain positions for up to three years, or imprisonment for up to six years with deprivation of the right to hold certain positions for up to three years.

2016

Over the past year, GosSOPKA has emerged from its infancy. Firstly, the first public signs appeared - the Center for Detection, Prevention and Elimination of the Consequences of Computer Attacks (KTsOPL) of the state corporation Rostec, the government of the Samara region, the tender of AFK Sistema, the intention of the FSO to attract GosSOPKU to create and ensure the operation of the closed state network RSNet. Secondly, the first document that was at least somewhat similar to a guidebook, “Methodological recommendations for the creation of departmental and corporate centers of the State Sociology and Public Safety Inspectorate”, appeared.

The main organizational and technical component of the system are centers for detecting, preventing and eliminating the consequences of computer attacks, which will be divided according to territorial and departmental characteristics. In particular, a main center, regional and territorial centers of the system, as well as centers of government agencies and corporate centers will be organized. The functioning of the latter will be ensured by the organizations that created them.

The system also includes the National Coordination Center for Computer Incidents created by the FSB, which organizes and exchanges information about them with legal entities that own critical IT infrastructure facilities in the Russian Federation, telecom operators that ensure interaction between critical IT infrastructure facilities, as well as with foreign government agencies and other organizations working in the field of cyber incident response.

The main functions of the system, as stated in the concept, are to identify signs of computer attacks, determine their sources and other related information, forecast the situation in the field of ensuring information security of the Russian Federation, collect and analyze information about computer attacks in relation to information resources of the Russian Federation, implement rapid response measures for attacks and liquidation of their consequences, etc.

Also within the framework of the system, it is planned to organize interaction with law enforcement and other government agencies, owners of information resources of the Russian Federation, telecom operators and Internet providers at the national and international levels. It will include the exchange of information on identified computer attacks and the exchange of experience in the field of identifying and eliminating software and hardware vulnerabilities and responding to computer incidents.

For the functioning of the system, it is planned to create an appropriate legislative framework, determine the procedure for recording and exchanging information about computer attacks, and the activities of system subjects in the field of detection, prevention and elimination of the consequences of attacks.

Technical problems of GosSOPKA

  • lack of own software of many classes, as system-wide ( operating systems, database management systems), and applied (for example, software for modeling deposits), for example, in the system of the Central Bank of the Russian Federation, 40% of foreign-made application software, foreign databases, OS, hardware and software are used - 95%;
  • lack of its own element base;
  • the practical absence of domestic telecommunications equipment throughout the country;
  • The topology of the country's transport network requires improvement from the point of view of ensuring its survivability.

Possible approaches to the design of GosSOPKA

An approach is possible based on the classification of information assets of organizations according to the degree of their value, importance for ensuring government management and preserving knowledge necessary for the development of the country. Differentiated requirements for the protection of information assets classified in this way can be established by law, placing responsibility on the departments themselves in whose jurisdiction the information resources are located - without the involvement of organizations accredited by the FSTEC of Russia.

In this case, it will be possible to create an arbitrary structure of GosSOPKA (segments of the system according to ministries, departments, organizations, constituent entities of the Russian Federation) and significantly reduce the cost of development work (there is no need to create your own software and hardware). Reliability will not be affected - isolating the most important elements of the IT infrastructure will be safer than connecting through trusted means.

The organic disadvantage of this approach is the isolation of part of the system, which entails a decrease in the efficiency of the system and inconvenience for users.

An alternative approach is to find critical infrastructure locations and protect them with trusted means. In this case, the classification of information resources according to their degree of importance is irrelevant, but a domestic software and hardware platform is necessary (or at least highly desirable).

The advantages of the second approach are significant. Firstly, there is no need to isolate system segments and a single protected information space with “transparent” administration is created. As a result, efficiency increases and control of all processes improves. Secondly, the protection of the country’s entire infrastructure is ensured by domestic software and hardware with the highest level of protection.

The price to pay for these advantages is the high cost of the project and long development time.

What threats should GosSOPKA counter?

The most dangerous cyberattacks are those behind which there are well-organized groups of cybercriminals and (or) states. But the cumulative damage caused to the economy by numerous less dangerous attacks can, over time, be considered a serious threat to the country.

2013

The FSB has prepared bills on the security of CII

The first of the bills determines how the security of critical IT infrastructure is ensured in Russia and establishes the principles for ensuring such activities, as well as the powers of government agencies in this area.

A significant part of critical IT systems is not owned by the state, so the bill also provides for “additional encumbrances” for persons who own such systems as property.

Its authors explain the need for the above law by the fact that the stability of the socio-economic development of Russia and its security, in fact, are made directly dependent on the reliability and security of the functioning of information and communication networks and IT systems, and at the same time, existing laws regulating relations in the field of security of critical IT infrastructure, are absent. This, according to the FSB, leads “to inconsistency and insufficient effectiveness of legal regulation in this area.”

The second bill defines penalties for violating legislation on the security of critical information infrastructure. At the same time, along with disciplinary, civil and administrative liability, criminal liability is also provided for violation of the law developed by the FSB.

For example, the FSB proposes to supplement Article 272 of the Criminal Code (“Illegal access to computer information”) with part five, which establishes liability for unlawful access to legally protected computer information that has caused damage to the security of critical information infrastructure or created a threat of its occurrence. The punishment provided for this will be up to 10 years in prison.

The bill also provides for criminal liability for violation of the rules for operating means of storing, processing or transmitting protected computer information or information and telecommunication networks and equipment, as well as for violating the rules of access to such networks, resulting in damage to the security of critical information infrastructure or creating a threat of its occurrence. The FSB proposes to punish this with imprisonment for a term of up to 7 years.

According to the FSB, after signing by the president, both bills should come into force in January 2015.

Details of the project from the FSB

The FSB expects that most of the legislative acts relating to the creation and operation in Russia of a unified state system of protection against computer attacks will be developed and published before the end of 2013, a source in the department told TAdviser on April 12, 2013. He notes that now the FSB is active in this direction.

The architecture of the system itself, according to the source, has not yet been worked out. Most likely, it will use an existing Russian solution, which will be modified specifically for this project, TAdviser’s interlocutor believes. Then it is planned to deploy this solution at the sites of telecom operators, he adds.

“In Russia there is no ready-made solution that can fully compete with foreign products like Arbor,” says TAdviser’s interlocutor from the FSB. “And developing such a solution from scratch would take a lot of time.”

DDos attacks cause the greatest damage to the state, a source in the FSB noted in a conversation with TAdviser, so a solution that is suitable for use in the state system for preventing and eliminating the consequences of computer attacks should be especially effective in this area.

Signed a decree on the creation in Russia of a system for detecting, preventing and eliminating the consequences of computer attacks on information resources located in the country and in diplomatic missions and consular offices of Russia abroad.

Its key tasks, in accordance with the presidential decree, should be forecasting situations in the field of ensuring [[information security, ensuring interaction between owners of IT resources in solving problems related to the detection and elimination of computer attacks, with telecom operators and other organizations engaged in information protection. The list of system tasks also includes assessing the degree of security of critical IT infrastructure"

PRESIDENT OF THE RUSSIAN FEDERATION

On improving the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation


In order to improve the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation and in accordance with Article 6 of the Federal Law of July 26, 2017 N 187-FZ "On the security of critical information infrastructure of the Russian Federation"

I decree:

1. To assign to the Federal Security Service of the Russian Federation the functions of the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation - information systems, information and telecommunication networks and automated control systems located on territory of the Russian Federation, in diplomatic missions and consular offices of the Russian Federation.

2. Establish that the tasks of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation are:

a) forecasting the situation in the field of ensuring information security of the Russian Federation;

b) ensuring interaction between owners of information resources of the Russian Federation, telecom operators, and other entities carrying out licensed activities in the field of information security when solving problems related to detection, prevention and elimination of the consequences of computer attacks;

c) monitoring the degree of security of information resources of the Russian Federation from computer attacks;

d) establishing the causes of computer incidents related to the functioning of information resources of the Russian Federation.

3. Establish that the Federal Security Service of the Russian Federation:

a) ensures and controls the functioning of the state system named in paragraph 1 of this Decree;

b) forms and implements, within its powers, state scientific and technical policy in the field of detection, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation;

c) develops methodological recommendations:

to detect computer attacks on information resources of the Russian Federation;

to prevent and identify the causes of computer incidents related to the functioning of information resources of the Russian Federation, as well as to eliminate the consequences of these incidents.

4. Introduce into paragraph 9 of the Regulations on the Federal Security Service of the Russian Federation, approved by Decree of the President of the Russian Federation of August 11, 2003 N 960 “Issues of the Federal Security Service of the Russian Federation” (Collected Legislation of the Russian Federation, 2003, N 33, Art. 3254; 2004, N 28, art. 2883; 2005, N 36, art. 3665; 2006, N 25, art. 2699; 2007, N 1, art. 205; N 49, art. 6133; 2008, art. 4087; no. 4921; 2010, art. 2054; .2435; 2011, No. 267; 2012, No. 8, Article 993; 2013, No. 1245; ; N 26, art. 3314; N 52, art. 7139; 2014, N 10, art. 6041; 2015, N 4, art. 7077; ; 2017, N 21, Art. 2991), the following changes:

a) subclause 20_1

"20_1) within the limits of its powers, develops and approves regulatory and methodological documents on ensuring the information security of information systems created using supercomputer and grid technologies, information resources of the Russian Federation, and also exercises control over ensuring the information security of these systems and resources;" ;

b) subparagraph 47 should be stated as follows:

"47) organizes and conducts research in the field of information security, expert cryptographic, engineering cryptographic and special research on encryption tools, special and closed information and telecommunication systems, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;";

c) subparagraph 49 should be stated as follows:

"49) prepares expert opinions on proposals to carry out work on the creation of special and protected information and telecommunications systems and communication networks using encryption (cryptographic) means, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;".

5. Introduce into the Decree of the President of the Russian Federation of January 15, 2013 N 31c “On the creation of a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation” (Collected Legislation of the Russian Federation, 2013, N 3, Art. 178) the following changes:

a) from paragraph 1 the words “- information systems and information and telecommunication networks located on the territory of the Russian Federation and in diplomatic missions and consular offices of the Russian Federation abroad”;

b) paragraph 2 and subparagraphs “a” - “e” of paragraph 3 are declared invalid.

President
Russian Federation
V.Putin

Electronic document text
prepared by Kodeks JSC and verified against.

1. The state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation is a single, geographically distributed complex, including forces and means designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents. For the purposes of this article, information resources of the Russian Federation are understood as information systems, information and telecommunication networks and automated control systems located on the territory of the Russian Federation, in diplomatic missions and (or) consular offices of the Russian Federation.

2. The forces intended to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents include:

1) divisions and officials of the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation;

2) an organization created by the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, to ensure coordination of the activities of subjects of critical information infrastructure on the issues of detecting, preventing and eliminating the consequences of computer attacks and response to computer incidents (hereinafter referred to as the national coordination center for computer incidents);

3) divisions and officials of subjects of critical information infrastructure who take part in detecting, preventing and eliminating the consequences of computer attacks and in responding to computer incidents.

3. Tools designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents are technical, software, hardware and other detection tools (including for searching for signs of computer attacks in telecommunication networks used to organize interaction objects of critical information infrastructure), prevention, elimination of the consequences of computer attacks and (or) exchange of information necessary for subjects of critical information infrastructure when detecting, preventing and (or) eliminating the consequences of computer attacks, as well as cryptographic means of protecting such information.

4. The National Coordination Center for Computer Incidents carries out its activities in accordance with the regulations approved by the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation.

5. The state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation collects, accumulates, systematizes and analyzes information that comes to this system through means intended to detect, prevent and eliminate the consequences of computer attacks, information that is provided by subjects of critical information infrastructure and the federal executive body authorized in the field of ensuring the security of critical information infrastructure of the Russian Federation, in accordance with the list of information and in the manner determined by the federal an executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation, as well as information that may be provided by other bodies and organizations that are not subjects of the critical information infrastructure, including foreign and international ones.

6. The federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, organizes in the manner established by it the exchange of information about computer incidents between subjects of critical information infrastructure, as well as between subjects of critical information infrastructure and authorized bodies of foreign states, international, international non-governmental organizations and foreign organizations operating in the field of responding to computer incidents.

7. Provision of information constituting a state or other secret protected by law from the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation is carried out in accordance with the legislation of the Russian Federation.

In order to improve the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation and in accordance with Article 6 of the Federal Law of July 26, 2017 No. 187-FZ “On the security of critical information infrastructure of the Russian Federation”, I decree:

1. To assign to the Federal Security Service of the Russian Federation the functions of the federal executive body authorized to ensure the functioning of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation - information systems, information and telecommunication networks and automated control systems located on territory of the Russian Federation, in diplomatic missions and consular offices of the Russian Federation.

2. Establish that the tasks of the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation are:

a) forecasting the situation in the field of ensuring information security of the Russian Federation;

b) ensuring interaction between owners of information resources of the Russian Federation, telecom operators, and other entities carrying out licensed activities in the field of information security when solving problems related to detection, prevention and elimination of the consequences of computer attacks;

c) monitoring the degree of security of information resources of the Russian Federation from computer attacks;

d) establishing the causes of computer incidents related to the functioning of information resources of the Russian Federation.

3. Establish that the Federal Security Service of the Russian Federation:

a) ensures and controls the functioning of the state system named in this Decree;

b) forms and implements, within its powers, state scientific and technical policy in the field of detection, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation;

to detect computer attacks on information resources of the Russian Federation;

to prevent and identify the causes of computer incidents related to the functioning of information resources of the Russian Federation, as well as to eliminate the consequences of these incidents.

4. Introduce into paragraph 9 of the Regulations on the Federal Security Service of the Russian Federation, approved by Decree of the President of the Russian Federation of August 11, 2003 No. 960 “Issues of the Federal Security Service of the Russian Federation” (Collected Legislation of the Russian Federation, 2003, No. 33, Art. 3254; 2004, No. 2883; 2005, No. 49; 2006, No. 2699; No. 49, Art. 6554; No. 43, Art. 4921; 2435, No. 267; 2012, No. 818; ; No. 26, Art. 7137; 2014, Art. ; 2017, No. 21, Art. 2991), the following changes:

a) subclause 20.1 should be amended as follows:

“20.1) within the limits of its powers, develops and approves regulatory and methodological documents on ensuring the information security of information systems created using supercomputer and grid technologies, information resources of the Russian Federation, and also exercises control over ensuring the information security of these systems and resources;” ;

b) subparagraph 47 should be stated as follows:

"47) organizes and conducts research in the field of information security, expert cryptographic, engineering cryptographic and special research on encryption tools, special and closed information and telecommunication systems, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;";

c) subparagraph 49 should be stated as follows:

"49) prepares expert opinions on proposals to carry out work on the creation of special and protected information and telecommunications systems and communication networks using encryption (cryptographic) means, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ;".

5. Introduce into the Decree of the President of the Russian Federation of January 15, 2013 No. 31c “On the creation of a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation” (Collected Legislation of the Russian Federation, 2013, No. 3, Art. 178) the following changes:

a) from paragraph 1 the words “- information systems and information and telecommunication networks located on the territory of the Russian Federation and in diplomatic missions and consular offices of the Russian Federation abroad”;

b) paragraph 2 and subparagraphs “a” - “e” of paragraph 3 are declared invalid.

President of the Russian Federation V. Putin

Moscow, Kremlin

Document overview

Previously, the FSB of Russia was entrusted with the authority to create a system for detecting, preventing and eliminating the consequences of computer attacks on Russian information resources (information systems and information and telecommunication networks located on the territory of our country and in diplomatic missions and consular offices of Russia abroad).

It was decided to entrust the Service with the functions of the federal authority authorized to ensure the functioning of the system.

It is clarified that the resources include information systems, information and telecommunication networks and automated control systems located on the territory of our country, in diplomatic missions and consular offices of Russia.

The system's objectives have been revised. The Regulations on the Service and the Decree of the President of the Russian Federation on the creation of the system have been adjusted.

Settings 

You may also like