Not all banks will switch to domestic software on time

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 20, 2025 9:20 am

The official Internet portal of legal information publisheddecreeVladimir Putin dated June 13, 2024 No. 500. The document introduces amendments todecreefrom May 1, 2022 No. 250 "On additional measures to ensure information security of the Russian Federation" and affects government agencies, state corporations and critical information infrastructure (CII) entities. The amendments expanded the existing ban on the use of information security systems from unfriendly countries. From 2025, companies covered by the decree will also be prohibited from using cybersecurity services (works and services) from organizations from these countries. Previously, it was only forbidden to install software.

Read also

39% of Russian banks believe turkey whatsapp resource that they will not have time to transfer critical information infrastructure facilities to Russian software before January 1, 2025. More than half of credit institutions have budgeted less than RUB 500 million for these purposes in 2024. At the same time, 88% of banks plan to spend no more than RUB 1.5 billion on AI development in 2024.

Alexander Khonin, head of the consulting and audit department at the integrator and provider of information security services Angara Security, said that the industry was expecting changes, which were previously announced by the Ministry of Digital Development.

"The changes do not change anything radically - rather, they clarify the requirements of the decree in accordance with today's standards. In fact, foreign services have already been disabled "on the other side", and with the latest package of sanctions for corporate structures, they will become in principle unavailable. Most companies are following the path of import substitution, since it is simultaneously supported by the requirements of Russian legislation and sanctions from unfriendly states," explained Rustem Khairutdinov, Deputy General Director of the Garda Group of Companies.

Alexander Khonin also confirmed that in fact such services are no longer used due to sanctions, so the decree will not have a significant impact on Russian companies. Alexander Bykov, head of security services at cloud provider Nubes, believes that this requirement is more likely seen as a political decision and the implementation of a counter-sanctions strategy.

The decree also instructs the Federal Security Service (FSB) to define requirements for accredited GosSOPKA centers, establish the procedure for their accreditation and its suspension - these centers are used as needed to prevent cyberattacks and eliminate their consequences. Alexander Khonin said that the FSB is already developing the relevant accreditation rules, and the amendments adjusted the decree taking this fact into account.

“This will make the process of responding to attacks more efficient for critical information infrastructure,” says Alexander Bykov.

According to Rustem Khairutdinov, the requirements for accredited centers of GosSOPK appeared due to the effect of scale. "Since the presence of a center has become a competitive advantage in the provision of services in the field of cybersecurity, there have been many such centers in the two years since the decree was issued: at the moment - 71center. Targeted work is required to keep them up to date to protect the country's cyberspace," said Rustem Khairutdinov.

The day before, the US imposed sanctions against Russia, affecting the activities of IT companies. One of the measures was a ban on the provision of IT services to Russian individuals and legal entities, regardless of their industry affiliation and the presence of personal sanctions.