"In essence, critical information infrastructure
Posted: Mon Jan 20, 2025 3:53 am
The Russian government published on the official Internet portal of legal informationresolution, which makes a change inresolutionfrom February 8, 2018 No. 127.
This means that the new resolution has removed the obligation to form lists of critical information infrastructure facilities, as well as the need to send them to the FSTEC.
entities have been bahamas whatsapp number databa se deprived of the authority to categorize themselves - precisely to eliminate possible cases of underestimating the significance category of critical information infrastructure objects or reducing their declared number. Now government agencies are forming lists of typical industry-specific critical information infrastructure objects for various sectors of the economy, and on their basis, categorization will be carried out without the participation of critical information infrastructure entities," explained Security Vision CEO Ruslan Rakhmetov.
At present, there are lists of typical industry-specific critical information infrastructure facilities operating in the fields of communications, transport, healthcare, energy, fuel and energy complex, as well as the chemical, defense, mining, and metallurgical industries.
Previously, the authors of the resolution explained that the rules for categorizing critical information infrastructure facilities contained contradictory clauses: according to clauses 5 and 15, critical information infrastructure entities are required to form lists of critical information infrastructure facilities subject to categorization and send them to the Federal Service for Technical and Export Control (FSTEC). At the same time, according to clause 10, lists of typical industry critical information infrastructure facilities are formed by government agencies and authorized legal entities in agreement with FSTEC. The lists are required as initial data when categorizing critical information infrastructure facilities. The new resolution cancels subclause "g" of clause 5 and clause 15, and also makes adjustments to subclause "c" of clause 14.
Critical information infrastructure (CII) objects are information systems, networks, and control systems operating in the areas of healthcare, science, transport, communications, finance, energy, nuclear energy, defense, mining, metallurgy, the chemical industry and the fuel and energy complex, state registration of rights to real estate, and the rocket and space sector.
Critical information infrastructure entities are organizations or individual entrepreneurs who own or lease these information systems.
In March 2024, ComNews wrote that organizations avoid classifying critical information infrastructure facilities as significant for a number of reasons. One of them is saving money on information security. This fact was confirmed by representatives of the Ministry of Digital Development, Communications and Mass Media. "Whether or not to classify a critical information infrastructure facility as significant is determined by the owner of a particular information system. Companies often neglect this and minimize the number of systems that are defined as significant critical information infrastructure facilities. The bill will allow each industry to establish a unique list of facilities where the use of Russian software and electronic products will be mandatory," a representative of the Ministry of Digital Development, Communications and Mass Media wrote on the agency's website.
Read also
This means that the new resolution has removed the obligation to form lists of critical information infrastructure facilities, as well as the need to send them to the FSTEC.
entities have been bahamas whatsapp number databa se deprived of the authority to categorize themselves - precisely to eliminate possible cases of underestimating the significance category of critical information infrastructure objects or reducing their declared number. Now government agencies are forming lists of typical industry-specific critical information infrastructure objects for various sectors of the economy, and on their basis, categorization will be carried out without the participation of critical information infrastructure entities," explained Security Vision CEO Ruslan Rakhmetov.
At present, there are lists of typical industry-specific critical information infrastructure facilities operating in the fields of communications, transport, healthcare, energy, fuel and energy complex, as well as the chemical, defense, mining, and metallurgical industries.
Previously, the authors of the resolution explained that the rules for categorizing critical information infrastructure facilities contained contradictory clauses: according to clauses 5 and 15, critical information infrastructure entities are required to form lists of critical information infrastructure facilities subject to categorization and send them to the Federal Service for Technical and Export Control (FSTEC). At the same time, according to clause 10, lists of typical industry critical information infrastructure facilities are formed by government agencies and authorized legal entities in agreement with FSTEC. The lists are required as initial data when categorizing critical information infrastructure facilities. The new resolution cancels subclause "g" of clause 5 and clause 15, and also makes adjustments to subclause "c" of clause 14.
Critical information infrastructure (CII) objects are information systems, networks, and control systems operating in the areas of healthcare, science, transport, communications, finance, energy, nuclear energy, defense, mining, metallurgy, the chemical industry and the fuel and energy complex, state registration of rights to real estate, and the rocket and space sector.
Critical information infrastructure entities are organizations or individual entrepreneurs who own or lease these information systems.
In March 2024, ComNews wrote that organizations avoid classifying critical information infrastructure facilities as significant for a number of reasons. One of them is saving money on information security. This fact was confirmed by representatives of the Ministry of Digital Development, Communications and Mass Media. "Whether or not to classify a critical information infrastructure facility as significant is determined by the owner of a particular information system. Companies often neglect this and minimize the number of systems that are defined as significant critical information infrastructure facilities. The bill will allow each industry to establish a unique list of facilities where the use of Russian software and electronic products will be mandatory," a representative of the Ministry of Digital Development, Communications and Mass Media wrote on the agency's website.
Read also