Cybersecurity Department of the Ministry of Digital Development: goals, objectives and successes

[Father]

The year 2022 boasts many unpleasant records, one of which was an unprecedented number of hacker attacks on enterprises of various directions and on Russian state institutions, as well as a systematic leak of user data.

It is not surprising that business and government at different levels have seriously thought about information security, as well as the consequences of its absence. Such a boom was caused by the geopolitical events of February 24, 2022. But the Ministry of Digital Resources was ahead of time and in mid-February 2022 announced the launch of an industry division that will deal exclusively with cybersecurity at the state level.

Currently, the Cybersecurity Department of the Ministry of Digital Development of the Russian Federation is responsible for the federal project "Information Security" of the national program "Digital Economy of the Russian Federation". The project is curated by Deputy Minister of Digital Development Alexander Shoytov.

Alexey Yakovlev
Head of Marketing and Information Project Development Department at MIMINO outsourcing company

Information technologies are central to the work of government agencies and organizations. Cybercriminals and spies can use cyberspace to steal state secrets, breach information security, extortion, and other crimes. Therefore, cybersecurity is currently one of the most pressing issues, and a separate cybersecurity department in the Ministry of Digital Development is necessary to ensure the security of state information systems.

According to the latest news, the head of the department, as well as experts, actively share information security statistics with the media and comment on relevant articles, participate in the development of industry standards and the formation of expert groups. With the participation of the Ministry of Digital Development, a number of promising information security projects are being implemented, from the National Cyber Polygon to the bug bounty program "Gosuslug".

Stated goal​

The main task of the "Ministry of Cybersecurity" is to coordinate and attribute counteraction to cyber attacks. The agency deals not only with the traditional issue of protection, but also with the investigation of crimes.

It is important to note that the Department of Cybersecurity of the Ministry of Digital Development of Russia is responsible for investigating cyber attacks on organizations that are subordinate to the Ministry of Digital Development, as well as all GIS.

Alexander Zubrikov
General Director ITGLOBAL.COM Security

The presence of such a body in the Ministry of Digital Development will be able to show expert assessment and qualified assistance in protecting all areas of activity that are somehow related to digital technologies.

The department can be a regulator in the market of cybersecurity services, and can develop both information security standards (for example, the same analog of the Western PCI DSS, according to which everyone continues to work now, or NIST SP-800), and requirements for the work of information security companies. This is also a long overdue decision.

The Ministry of Digital Development told Izvestia that the Cybersecurity Department, along with analyzing and collecting data on attacks to more effectively counter them in the future, will determine whether hackers belong to certain groups. Usually, such industry centers do not engage in such activities, since they do not directly enhance the security of objects, but are limited to analytics and development of security measures based on it.

Similar centers​

The Information Security Department of the Ministry of Digital Development is not the first information security department attached to state institutions in Russia. Back in 2018, the Bank of Russia created such a division. But it is more concerned with the regulatory component, as well as monitoring the implementation by financial organizations of the Central Bank's instructions on information security.

Vadim Tynchenko
Head of the Department of Artificial Intelligence of the REC "AI Technologies" of Bauman Moscow State Technical University

I believe that this need is now ripe, given that the number of cybercrimes has increased. As well as the number of stored and processed personal data of citizens of the Russian Federation, documents with various security labels in the authorities, account numbers and data of citizens in the banking sectors. This needs to be closely monitored, events should be held, and training should be provided so that leaks do not occur, and recently these leaks are becoming more and more frequent. Therefore, I believe that right now, in the era of digitalization, a separate department that will carry out supervision, conduct training activities and properly protect data is necessary.

In early 2022, the Ministry of Energy announced the launch of a pilot project to create a Single Industry Center for Coordinating and countering Cyber Attacks (Energy CERT). The division deals with industry-specific cybersecurity and also does not investigate attacks, as does the Information Security Department of the Central Bank.

Expert opinions​

A Cyber Media correspondent interviewed information security industry experts on how they see the functions of the new department and what they consider most important in its work.

In their opinion, it is necessary to introduce the practice of information security, standardization of secure development, as well as introduction to the practice of creating a secure product environment at the design stages.

Mykola Shcherbatenko
IT specialist in the field of cybersecurity, Product Manager "Faculty of Programming" of Synergy University

Usually, when preparing an IT product, the first step is to develop it, and the second is to search for vulnerabilities. But the results of research in the field of information security showed that this approach is erroneous. It is necessary to introduce such an approach to the protection of information systems as cyber-immunity, that is, it is necessary to introduce information security directly at the initial stage of product development.

First of all, according to market representatives, the cybersecurity department should pay attention to the following issues:

• ensuring the security of critical information systems of the state, such as communication systems, energy, financial systems, and others;
• develop a comprehensive cybersecurity strategy that meets the country's national security goals.;
• monitoring of cybercrime and organizing a rapid response to cyber attacks;
• training of personnel of state institutions and organizations in the rules of information security;
• establish partnerships with public and private organizations to share information and best practices in cybersecurity;
• increase public awareness and education on cyber hygiene and safe online practices.

Lilia Aleeva
Director of Marketing and Direct Sales at ICL Services, PhD in Economics

These issues should be given high priority, as they are essential components of a robust cybersecurity system that can effectively protect against cyber threats. For example, developing a comprehensive cybersecurity strategy can provide a single direction for all stakeholders involved in cybersecurity, ensuring that resources are distributed efficiently and efficiently. Partnerships with public and private organizations can help leverage expertise and resources to ensure a more coordinated and effective response to cyber threats.

Experts are divided on the creation of cybersecurity centers for all FOIVS and regulators. Some believe that the Department of cybersecurity in the Ministry of Digital Development is sufficient, while others believe that the creation of such centers in departments will not be superfluous and will lead to an increase in the level of cybersecurity of the country as a whole.

Lilia Aleeva
Director of Marketing and Direct Sales at ICL Services, PhD in Economics

Yes, I believe that the practice of creating cybersecurity centers should be mandatory for all federal executive authorities and regulators. Cybersecurity is a critical issue that affects all sectors of society, and the establishment of specialized cybersecurity centers can help ensure timely and effective detection and elimination of cyber threats.

For example, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the federal agency responsible for protecting critical infrastructure from cyber threats, operates several cybersecurity centers that provide real — time monitoring, analysis, and response to cyber threats, ensuring that critical infrastructure is protected from cyber attacks.

In addition, other countries, such as the United Kingdom and Australia, have set up dedicated cybersecurity centers to protect their critical infrastructure from cyber threats.

As for the disadvantages, the practice of creating cybersecurity centers in different structures requires a significant amount of resources. And in addition to financial costs, the personnel issue will be difficult, as there is a shortage of qualified personnel on the market.

Results​

Almost all document management and all departments have moved online. Those who haven't moved are at least halfway there. New cloud services are constantly emerging, and all public services should move online by the end of 2023. All this makes life incredibly easier for Russian citizens, but it also threatens the safety of personal data, as well as creates a field for various kinds of cybercrime.

Given the speed of digitalization achieved in Russia over the past 4 years and the number of cyber attacks in 2022, the creation of a separate information security department in the Ministry of Digital Development does not seem excessive.