Russian president Vladimir Puitn authorized the Federal Security Service (FSB) to oversee the system, which is supposed to ensure the security of the informational infrastructure in Russia and in its diplomatic offices abroad, provide “situation forecasts,” render information resources virtually immune to attacks and identify the reasons behind attacks.
The decree “On the development of a statewide system for the detection, prevention and response to cyberattacks against information resources of the Russian Federation” was signed on Jan. 15.
According to it, FSB is supposed to develop methods to detect attacks that target not only state agencies but also “other information systems,” as long as the latter’s owners permit. The same methods will be used by federal authorities to secure the exchange of information about “computer incidents.”
Many countries operate cybersecurity systems. Ruslan Gattarov, head of the Commission for Information Society at the Federation Council, says that, in the United States, cyberattacks are usually at the top of the threat advisory scale.
“A typical cybersecurity system in America comprises network and computer activity identifiers, decryption devices, output media for the operator to make a decision (such as a display) and interfaces to perform activities,” president of the Information Democracy Fund, Ilya Massukh, told Kommersant.
He did not mention how much such a system costs.
No system can provide full security, experts say.
“There is no one system capable of effectively preventing attacks of the scale of the ‘Red October’ [a global cyber-espionage campaign against government bodies, energy systems and military enterprises]," said InfoWatch CEO Natalya Kasperskaya.
"[These attacks] are all sophisticated and multi-layered, and when they are targeted against a specific victim, it is extremely hard to identify them,” she added.
The Virus Business
There is another side to the presidential decree, as the concern over cybersecurity creates a window of opportunity for business.
Nemanja Nikitovic, managing director of Optima Infosecurity (Optima Group), calls the decree “a big step by Putin’s” that will provide a stimulus to the digital market and create a new commercial niche of “information security.”
“We have had examples of this kind in Europe," Nikitovic said. "The authorities came up with an initiative that drove the cybersecurity market, where companies not only develop systems to prevent cyberattacks but also provide security advice.”
Kasperskaya hopes that officials will engage existing market players that are interested in such orders, instead of creating a completely new agency — even though it is a state initiative and the Federal Security Service is responsible for the project.
A source familiar with Kaspersky Lab told RBTH that the antivirus firm did not mind being involved in the project. However, there have been no proposals from the authorities to help them build a cybersecurity system.
“If the Federal Security Service approaches the Lab, it will gladly take part in the project,” the source says, adding that Kaspersky Lab is capable of addressing challenges of this scale. “They have developed some market-leading solutions, especially when it comes to DDoS attacks.”
Kaspersky Lab has thus far been unwilling to comment on the practicability and effectiveness of the decree, as well as its intention to be involved in the project.
Company spokesperson Yevgeny Gukov explains that the decree is lacking sufficient technical specifications of the anticipated protection system. In addition, according to Gukov, government initiatives of this sort are beyond Kaspersky Lab’s expertise.