Putin ordered state structures to give the FSB access to information resources

State structures should create units to ensure information security or assign this function to existing departments. From 2025, government agencies and organizations are required to switch to domestic software

Russian President Vladimir Putin signed a decree on additional information security measures. The document was published on the official Internet portal of legal information.

The decree applies to federal and regional executive authorities, state-owned companies and funds, strategic and backbone enterprises, as well as "legal entities that are subjects of the critical information infrastructure" of the Russian Federation. Their leaders should appoint a deputy who will be responsible for ensuring information security, including the detection, prevention and elimination of the consequences of cyber attacks. In addition, they are required to create units that will perform this function, or assign it to existing departments.

State structures should provide the FSB bodies with unhindered access, including remote access, to monitoring resources owned or used by them and follow their instructions based on its results. Heads of state bodies and organizations are personally responsible for information security

In addition, the decree prohibits government agencies from using information security tools produced in "unfriendly" countries. The ban will take effect on January 1, 2025.

“Establish that from January 1, 2025, bodies (organizations) are prohibited from using information security tools whose countries of origin are foreign states that commit unfriendly actions against the Russian Federation, Russian legal entities and individuals,” it says.

This also applies to manufacturers under the jurisdiction of "unfriendly" states, "directly or indirectly controlled by them or affiliated with them."

Putin banned the transfer of bank customer data to unfriendly countries Finance

Read on RBC Pro Pro $ 2 thousand for dismissal:how Zappos built the most unusual strategy Articles Pro Delisting Russian companies from foreign exchanges:how it affects stocks Articles Pro x The Economist The Fed made a historic mistake.Will this lead to a global recession?Pro Three steps,how to get a company out of the crisis Articles Pro Who and how will be punished for the implementation of Western sanctions Articles ProHow to attract star shots - 3 parameters,besides salary Pro Instructions How an accountant created India's largest $6 billion bank for the poor Articles

“If earlier the main regulator was the FSTEC [Federal Service for Technical and EXPORT Control], which issued various information protection requirements that government agencies were required to comply with, then recent events have shown that either the requirements themselves, or the process of their implementation, or the tools used turned out to be ineffective," cybersecurity expert Alexei Lukatsky told RBC.

Now, Lukatsky pointed out, all government agencies are required to comply with the requirements of the FSB based on the results of monitoring and responding to cyber incidents, while earlier the special service was responsible only for cryptography (ensuring data confidentiality), and also established requirements for repelling attacks for critical information infrastructure objects. “At the same time, no one cancels the requirements of the FSTEC,” he noted.

Speaking about the ban on the use of foreign security tools, the expert clarified that it will not be possible to install foreign antiviruses, “although they have already been almost completely replaced by Russian companies”, use foreign firewalls, intrusion detection systems, monitoring, information leakage protection, authentication tools and etc.

Pavel Korostelev, HEAD of the Security Code product promotion department, also told RBC that we are talking about antiviruses, firewalls, intrusion detection tools, an information security management system and vulnerability analysis systems. “It is curious that the idea of ​​this decree is that there are requirements for the assignment of information security functions to a person with the rank of deputy DIRECTOR or deputy head of a public authority, and this is a very high level,” he said, noting that these functions are usually performed by people "from the second or even third level of subordination." “This will potentially increase the level of maturity of organizations and increase the level of investment in information security,” the expert believes.

The list of "unfriendly" states compiled by the government includes all EU countries, the usa , SOUTH KOREA, Singapore, Taiwan, Japan and some others.

At the end of March, Putin signed a decree according to which, from January 1, 2025, government agencies are not allowed to use foreign software (software) at critical information infrastructure facilities. By this time, they should switch to domestically developed software. Since March 31, state purchases of foreign software for use on critical infrastructure without approval are prohibited.

Favorable course inFavorable exchange rate at VTB officesThe larger the amount, the greater the benefit.More than 1,000 branches across the countryPreliminary calculation inonline converter