71% of Russian companies report facing various difficulties in implementing the requirements of Federal Law No. 187-FZ "On the Security of Critical Information Infrastructure of the Russian Federation" (CII). This was revealed in a joint study by K2 Cybersecurity and Anti-Malware.ru. In addition, difficulties in complying with the law's requirements have forced 44% of respondents to significantly increase their security spending.
More than 14% of organizations have increased their IT security budget tenfold. This was primarily due to underestimating the amount of work required due to insufficient in-depth audits, as well as an increase in the amount of work due to the technical features of the infrastructure. Some companies lack a complete understanding of the legislative requirements, which further leads to an increase in the number of necessary security tools.
The category of CII entities includes enterprises whose disruption could lead to the failure of transport infrastructure, communication networks, public services, and damage to the life and health of people. The main goal of Federal Law No. 187-FZ is to protect the IT systems of government agencies, banks, industry, medical institutions, and other companies from cyberattacks. Although the law was adopted in 2018, 35% of respondents are still at the start of the project implementation. Only 7% of companies have fully completed it.
The majority of respondents (27%) cited the main difficulty as the selection and purchase of domestic software and equipment. This is due to its high cost and shortage. At the same time, almost half of those surveyed (48%) are confident that Russian products will meet the requirements of the law. 31% are not satisfied with what the market offers. Moreover, 21% of organizations (one in five) admit that they will not be able to switch to Russian products on significant CII facilities by 2025, according to the requirements of Decree No. 166.
Among other difficulties, companies mentioned: difficulties in understanding the law itself (13%), organizing processes (8%), and auditing and categorization (8%).
"The Decree of the President of the Russian Federation No. 250 dated 01.05.2022 'On Additional Measures to Ensure Information Security of the Russian Federation,' which specified specific responsible persons, largely prompted organizations to begin systematic work on implementing the requirements of Federal Law No. 187-FZ. The FSTEC of Russia has been conducting systematic explanatory work since 2017 to make it easier for CII entities to understand the law and bring their activities into compliance with its requirements. We constantly organize internal and external events, and send targeted mailings. Currently, organizations are actively sending us documents with lists and information about CII facilities. We predict further activation of CII entities in fulfilling the requirements of the law," says Valentin P. Danilushkin, Head of the Department of the FSTEC of Russia for the Central Federal District.
"According to the schedules, there is a phased transition of the critical information infrastructure of T Plus to Russian solutions, in accordance with the requirements of Federal Law No. 187-FZ. We believe that, due to the constantly increasing number of attacks, the requirements of the law seem justified. They are aimed at creating not only paper-based, but also practical information security. The adoption of the law and subordinate acts (in particular, Decrees 166 and 250) allowed Customers to demand compliance with information security requirements from suppliers in the proposed solutions," says Tatyana Zaitseva, Director of Information Security at T Plus.
"Despite the serious difficulties faced by businesses, the situation with CII security is positive. According to the study, 90% of CII entities have started implementing the law. We are talking about tens of thousands of organizations. In our experience, a large number of enterprises still use foreign solutions in the infrastructure of significant protection facilities, including security tools. At the same time, we see a trend that Russian vendors have now received a large growth driver due to the vacated product niches, as well as support from the state. Companies are developing their products, while using advanced technologies available on the market," said Andrey Zaikin, Business Development Director at K2 Cybersecurity.
"We see a significant change in the approaches of regulators towards practical, effective cybersecurity, including in terms of implementing specific approaches in enterprises: from the responsibility of management to the processes of assessing and confirming the level of security," comments Mikhail Kader, Solutions Architect for Information Security at Positive Technologies.
Now on home
Герой России Гарнаев: никто из профессионалов о возобновлении производства на КАЗ всерьёз не говорит
Система отслеживает спутники на высотах до 50 000 км и ведёт за ними наблюдение
The armored vehicle is equipped with a KamAZ-740.35-400 diesel engine with a power of 400 hp.
Constant improvements in avionics, weapons and tactical capabilities will make the aircraft a flexible response to future challenges
The exterior of the KamAZ-54901 features fairings on the cab and chassis for fuel economy
Fighters are in demand both domestically and abroad
Tyazhpromexport and Venezuela Agree on Plant Revival
The company not only completed the state order, but also quickly mastered the production of AK-12K for special forces
Experts have developed a photogrammetric complex with a resolution of less than 1 cm
