After the outbreak of the Russian special operation, numerous state information systems and large corporations faced large-scale hacker attacks. Under these conditions, the Ministry of Digital Development of Russia instructed key state corporations to assess the level of their information systems protection and their capability to cope with cyber threats.
The letter was sent to 58 key state corporations. It follows from the document that the check must be carried out before July 1. Any specialized organizations certified by the FSTEC (Federal Service for Technical and Export Control) and the FSB (Federal Security Service) can be involved for verification. The list of the Ministry includes such companies as Russian Post, Gazprom-Media Holding (GPM), Rosatom, SIBUR, Sberbank and others.
The check involves identifying strategic risks and vulnerabilities in the system that "can be used by external and internal violators," as well as shortcomings of existing means of protection against threats. Unacceptable events include leaks of personal data and other confidential information, fraudulent actions in banking systems, etc.
The results of the assessment will be sent to the government, and the information received will be taken into account when developing new measures to ensure the security of information resources, follows from the letter of the Ministry. The document does not clarify whether these checks will be carried out with public money or should be paid for by companies.
According to Ivan Melekhin, a director of the Center for monitoring and countering cyber attacks of IZ:SOC "Informzashchita", organizations will have to conduct a risk analysis and subsequent cyber studies. The situation is complicated by the fact that the specialized software used for verification is often not home-produced, and many specialized companies left the Russian market after the start of the special operation. These include ESET, Avast, Fortinet, NortonLifeLock Inc., Forcepoint (Websense) and others.