Protection of critical information infrastructure and GosSOPKA

[Rakhirandiseo]

2018 should be the year of the digital economy (DE), but, as the head of the Sberbank IS service (IS Competence Center in the state program DE) stated, in terms of IS, funding amounted to 5% of the plan. With such predictability of funding, the fate of the "Information Security" direction of the state program "Digital Economy" is unclear.

Despite the author's skepticism, the FSTEC documents regulating critical infrastructure were adopted in January 2018, and the wave of categorization of objects began. Medical institutions and energy have taken the lead, but the financial sector intends to complete the categorization only in 2019. In 2019, critical infrastructure entities - owners of significant critical infrastructure objects - must connect to GosSOPKA, which will most likely degenerate into a wave of connections "somehow". Enterprises are objectively not ready to qualitatively and fully monitor their critical infrastructures, despite the extremely relaxed requirements of the FSB - the classic methodological recommendations provide only 12 fairly simple types of incidents in the style of "denial of service attack".

All key owners of critical information el salvador mobile database facilities — government agencies, large industrial companies, etc. — have started doing something on the topic of critical information infrastructure, which stimulates the development of security monitoring center (SOC) markets and somewhat spurs the development of information security services in government agencies — now the efficiency of their work is measured not only by the absence of comments following inspections by regulators, but also by the presence and quality of information security incidents that they transfer to GosSOPKA. Some critical information infrastructure entities have already received inquiries “why are you transferring so few incidents?”