Critical information infrastructure (CII) objects are information systems,

[tanjimajuha20]

The amendments are proposed to the federal law of July 26, 2017 No. 187 "On the security of the critical information infrastructure of the Russian Federation". The Ministry of Digital Development, Communications and Mass Media worked on the bill. It is expected to enter into force on March 1, 2025.

networks, and control albania whatsapp number database systems operating in the areas of healthcare, science, transport, communications, finance, energy, nuclear energy, defense, mining, metallurgy, the chemical industry and the fuel and energy complex, state registration of rights to real estate, and the rocket and space sector.

Critical information infrastructure entities are organizations or individual entrepreneurs who own or lease these information systems.

According to the changes, the government and the Central Bank (CB) will be able to formulate requirements for software and electronic products used at significant critical information infrastructure facilities, including telecommunications equipment and hardware and software systems (HSS). The government will establish cases and procedures for approving the use of foreign products.

In the banking and financial sectors, this will happen in agreement with the Central Bank.

Leading information security consultant at Innostage LLC Anastasia Ilyina explained to ComNews that for some significant critical information infrastructure facilities there are no equivalents of domestic software or the transition to it is impossible due to the technical features of the facility, so the bill allows for the possibility of using foreign programs and electronic products.

The document should improve the categorization of critical information infrastructure objects. The government and the Central Bank will determine in each industry the types of information systems that should be classified as significant critical information infrastructure objects. There are three categories of significance in total: first, second, third.

"In order to properly categorize critical information infrastructure facilities, government agencies, the Central Bank of the Russian Federation and Russian legal entities performing functions on the development, implementation or realization of state policy and (or) legal regulation in the established sphere of activity, form lists of typical industry-specific critical information infrastructure facilities, including the names of types of information systems, functions performed and types of activity," the draft law states. In the same way, instructions on assigning categories to critical information infrastructure facilities will be approved.

The government and the Central Bank will also work on import substitution deadlines. Previously, the decree regulated deadlines for government agencies and state-owned companies: they must abandon foreign software at critical information infrastructure facilities from January 1, 2025 (Decree of the President of the Russian Federation of March 30, 2022 No. 166). According to the new bill, for significant critical information infrastructure facilities that do not belong to the state, the transition deadlines will be set depending on the readiness of domestic solutions. Separate documents will be adopted to determine the deadlines and the list of significant critical information infrastructure facilities.

The transition and compliance with deadlines will be monitored by industry departments.

According to the Ministry of Digital Development, the agency encountered the problem that many companies did not want to classify critical information infrastructure objects as significant. "Whether or not to classify a critical information infrastructure object as significant is determined by the owner of a particular information system. Companies often neglect this and minimize the number of systems that are defined as significant critical information infrastructure objects. The bill will allow each industry to establish a unique list of objects where the use of Russian software and electronic products will be mandatory," the agency's website says.