Regulatory security of CII
Fundamentals of the regulatory and methodological base of the domestic system for ensuring the safety of CII
Federal Law of July 26, 2017 No. 187-FZ
“On the Security of the Critical Information Infrastructure of the Russian Federation”
Decree of the President of the Russian Federation of December 22, 2017 No. 620 On the improvement of GOSSOPKA
The current state of the regulatory legal framework in the field of GosSOPKA
Federal Law No. 194-FZ dated July 26, 2017 “On Amendments to the Criminal Code of the Russian Federation”
03 or 26.07.2017 No 193-03
Federal Law of July 26, 2017 No. 187-FZ “On the security of the KII RF”
“On Amendments to Certain Legislative Acts of the Russian Federation”
Decree of the President of the Russian Federation, approved on December 22, 2017 No 620
Order of the FSB of Russia “Procedure for the exchange of information about CT>> dated July 24, 2018 No. 368
Order of the FSB of Russia List of information provided to GosSOPKA “dated July 24, 2018 No. 367
Order of the FSB of Russia Regulation on the NCCKI “dated July 24, 2018 No. 366
Order of the FSB of Russia “Procedure for informing the FSB of Russia about clinical trials, responding to them, taking measures to eliminate the consequences of spacecraft carried out in relation to significant objects of the RF CII” dated 19.06.2019 No. 282
Requirements for subdivisions and officials of the subjects of GOSSOPKA
Guidelines for the creation of departmental and corporate centers
GOSSOPKA
Guidelines for establishing the causes and eliminating the consequences of CI
Order of the FSB of Russia “Requirements for the funds of the State SOPKA” dated 06.05.2019 No. 196
Order of the FSB of Russia “Procedure, technical conditions for the installation and operation of GosSOPKA” dated June 19, 2019 No 281
- Model regulation of interaction
- Methodological recommendations for detection
- computer attacks
- Methodological recommendations for carrying out activities to assess the security from spacecraft
New Decree of the President of the Russian Federation
The decree was developed taking into account the experience of implementing the provisions of 187-FZ, and is aimed at eliminating certain gaps that were used by unscrupulous leaders
Considered norms of the Decree
Decree of the President of the Russian Federation of May 1, 2022 No. 250
On additional measures to ensure the IS of the Russian Federation”
► Create a structural subdivision in the body (organization) that performs security functions, including the OPCA (detection, warning and ….) (p / p. b p. 1)
► Make, if necessary, decisions on the involvement of organizations in the implementation of activities for the GSCA. In this case, only organizations that are accredited centers of GosSOPKA can be involved (p / p. d p. 1)
FSB of Russia to organize the accreditation of GosSOPKA centers (p / p. and p. 5)
The FSB of Russia to determine the transitional period during which it is allowed to carry out OPLC activities on the basis of agreements concluded with the FSB of Russia (NKTsKI) (p / p. 6 p. 5)
Transitional period defined
The transitional period during which it is allowed to carry out activities under the OPCA is 3 years from the date of entry into force of this order.
The order comes into force on December 13, 2022.
Order of the FSB of Russia dated November 1, 2022 No. 543 “On the determination of the transition period provided for by subclause <<bo clause 5 of Decree 250
What will we do and what are we already doing
Development of a draft Regulation on accreditation of GosSOPKA centers
Development of draft Requirements for State SOPKA centers
► Development of an order of the FSB of Russia, which will approve all this
About the draft Regulations on the accreditation of centers
Determine the procedure and deadlines for applying for accreditation
- The procedure and terms for the formation of the certification commission
- Criteria for which accreditation will be carried out
- Procedure and direct stages of inspections
- during accreditation
- The procedure for issuing an accreditation certificate and its validity period
- ► The procedure for suspending the accreditation of the GosSOPKA center, as well as the procedure for terminating it
- About the draft Requirements for GosSOPKA centers
- ► Determine the tasks and functions of the GosSOPKA centers
- ► Requirements for the staff of the GosSOPKA center (from education to specific knowledge and skills)
- Classes of centers (by type of activity and set of functions)
- Requirements for the activities of GosSOPKA centers
- Requirements for the minimum-sufficient composition of the GosSOPKA center
What are you still waiting for
Center GosSOPKA
Detection of computer attacks and identification of computer incidents (work of the 1st line)
Eliminating the consequences of computer attacks and responding to computer incidents (responding to the CI card)
Prevention of computer attacks (carrying out security assessment activities)
What are you still waiting for
It will be possible to select one or more areas of accreditation for which the organization will apply
Would like to note
► Regulations on accreditation and Requirements for GosSOPKA centers will have to be issued
► The concept with three areas of accreditation is a priority, but not yet final
► If you have any ideas and your view on the current Concept, then we will be glad to hear them
Thank you for your attention!
NATIONAL COORDINATION CENTER FOR COMPUTER INCIDENTS
GosSOPKA
In the beginning there was a word…
On January 1, 2018, 187-FZ “On the Security of the CII of the Russian Federation” came into force, according to Article 9 of which, without exception, all subjects of the CII are required to inform the federal executive body authorized in the field of ensuring the functioning of the state system for detecting, preventing and eliminating consequences about computer incidents computer attacks. In accordance with the order of the FSB No. 366, the NKTsKI (National Coordination Center for Computer Incidents) was appointed such body.
The owners of significant CII objects, in accordance with Article 10, are charged with the task of ensuring continuous interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation.
FSB orders must be read to the end
On September 6, in addition to the order on the creation of the NKTsKI, two more orders of the FSB No. 367 and 368 were registered in the Ministry of Justice, which approved the lists of information and the procedure for exchanging information with GosSOPKA.
On a cursory reading, the eye may catch on to the fact that the orders say that the subject can work directly with the FSB and send notifications and requests to the NKTsKI by mail, telephone or facsimile. But this paragraph cannot be taken in isolation from the entire text of the document. Upon careful reading of the document, it makes sense to pay attention to the fact that two concepts are used in the text: “notification” and “informing”.
Notification – as sending notifications and requests as part of responding to an incident between CII subjects – is indeed allowed by phone, while informing, which includes, among other things, reporting technical details about the incident, is already carried out using the technical infrastructure of the NCCCI.
As a result, CII subjects cannot do without connecting to the State SOPKE. And besides, it is also necessary to remember the observance of the prescribed formats for the exchange of information with the NCCC.
What’s to be done
As part of the creation of the GosSOPKA center, CII subjects must complete the tasks of:
- detection of computer attacks and incidents;
- prevention of computer attacks and incidents;
- response to computer attacks and incidents
- liquidation of consequences of computer attacks;
- search for signs of computer attacks in networks;
- exchange of information with GosSOPKA;
- ensuring the protection of information.
And as part of the implementation of these tasks, the subject should provide the following functions:
- interaction with the NCCCI in solving problems related to the detection, prevention and elimination of the consequences of computer attacks on information resources and response to computer incidents;
- development of documents regulating the processes of detecting, preventing and eliminating the consequences of computer incidents and responding to computer incidents;
- operation of tools designed to detect, prevent and eliminate the consequences of computer attacks and respond to computer incidents, identify errors in the operation of the tools and send information to the manufacturer of the tools about the errors detected, as well as update the tools used to ensure the protection of information resources, send proposals to the NCCKI on improvement of funds;
- receiving reports of incidents from personnel and users of information resources;
- registration of computer attacks and computer incidents;
- analysis of information security events;
- inventory of information resources;
- analysis of threats to information security, forecasting their development and sending the results to the NCCIS;
- compiling and updating the list of threats to information security for information resources;
- identification of information resource vulnerabilities;
- formation of proposals for increasing the level of security of information resources;
- compiling a list of computer incidents;
- liquidation of consequences of computer incidents;
- analysis of the results of liquidation of the consequences of incidents;
- establishing the causes of computer incidents.
- Stages of creation of the GosSOPKA center
The set goals and objectives should be implemented with the help of organizational and technical measures. To optimize the process and build a development roadmap, it is necessary to divide the process of connection, support and development into stages, including the following tasks:
- development of the concept of construction of the GosSOPKA center;
- development of an operational and organizational model (including the organizational and staffing structure) of the GosSOPKA center, taking into account the requirements for the implementation of the Federal Law “On the Security of the Critical Information Infrastructure of the Russian Federation” dated July 26, 2017 N 187-FZ;
- development of the architecture of the GosSOPKA center;
- development of the processes of the GosSOPKA center with reference to the business processes and IT infrastructure of the subject;
- development of key performance indicators (metrics) to evaluate the effectiveness of processes (part of a process or a group of processes) of the GosSOPKA center;
- selection and implementation of technical means to ensure the processes of the GosSOPKA center;
- implementation of the developed processes;
- monitoring the effectiveness of the implemented processes in accordance with the developed metrics;
- development of a visualization system for reporting on events and metrics of the processes of the GosSOPKA center for the levels of company management, management of information security departments and operational personnel;
- development of the necessary regulatory documentation;
- staff training.
How Informzaschita can help in the story with GosSOPKA
The Informzashchita company is ready to help carry out the entire range of work to create a GosSOPKA center in the subject of KII and connect the created center to the NKTsKI infrastructure.
The Federal Security Service of Russia and the Informzaschita company in December 2018 signed an agreement on cooperation in the field of detecting, preventing and eliminating computer attacks within the State SOPKA.
The agreement gives the Center for detection (Security Operation Center), prevention and elimination of the consequences of computer attacks of the Informzaschita company, operating under the IZ:SOC brand , the right to perform the functions of the GosSOPKA center for state bodies of the Russian Federation, Russian legal entities and individual entrepreneurs. As part of the functions of the State SOPKA Center, Informzashchita will perform the tasks of detecting, responding to and eliminating the consequences of computer attacks, as well as assessing the security of the infrastructure and ensuring the interaction of the State SOPKA Subjects with the National Coordination Center for Computer Incidents.
You must be logged in to post a comment.