The state system of detection, prevention and elimination of the consequences of computer attacks. On improving the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation

DECREE

President of the Russian Federation

About improvement

State detection system, warnings

And eliminate the consequences of computer attacks

Information resources of the Russian Federation

In order to improve the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation and in accordance with Article 6 of the Federal Law of July 26, 2017 N 187-FZ "On the Safety of Critical Information Infrastructure of the Russian Federation" Decree:

1. To entrust to the Federal Security Service of the Russian Federation, the functions of the federal executive authority authorized in the field of ensuring the functioning of the state system of detection, prevent and eliminate the effects of computer attacks on information resources of the Russian Federation - Information systems, information and telecommunication networks and automated control systems on Territories of the Russian Federation, in diplomatic missions and consular institutions of the Russian Federation.

2. To establish that the tasks of the state system of detection, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation are:

a) forecasting the situation in the field of information security of the Russian Federation;

b) ensuring the interaction of the owners of the information resources of the Russian Federation, telecom operators, other actors carrying out licensed in the field of information protection, when solving tasks relating to the detection, prevention and elimination of the consequences of computer attacks;

c) exercising controlling the degree of security of information resources of the Russian Federation from computer attacks;

d) establishing the causes of computer incidents related to the functioning of information resources of the Russian Federation.

3. To establish that the Federal Security Service of the Russian Federation:

a) provides and controls the functioning of the state system, named in paragraph 1 of this Decree;

b) forms and implements within its powers, state scientific and technical policy in the field of discovery, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation;

to detect computer attacks on the information resources of the Russian Federation;

to prevent and establish the reasons for computer incidents related to the functioning of information resources of the Russian Federation, as well as to eliminate the consequences of these incidents.

4. To make a provision on the Federal Security Service of the Russian Federation, approved by the Decree of the President of the Russian Federation of August 11, 2003 N 960 "Questions of the Federal Security Service of the Russian Federation" (Meeting of the legislation of the Russian Federation, 2003, N 33, Art. 3254; 2004, N 28, Art. 2883; 2005, N 36, Art. 3665; N 49, Art. 5200; 2006, N 25, Art. 2699; No. 31, Art. 3463; 2007, N 1, Art. 205; N 49, Art. 6133; N 53, Art. 6554; 2008, N 36, Art. 4087; N 43, Art. 4921; N 47, Art. 5431; 2010, N 17, Art. 2054; n 20, st 2435; 2011, N 2, Art. 267; N 9, Art. 1222; 2012, N 7, Art. 818; N 8, Art. 993; N 32, Art. 4486; 2013, N 12, Art. 1245 ; N 26, Art. 3314; N 52, Art. 7137, 7139; 2014, N 10, Art. 1020; N 44, Art. 6041; 2015, N 4, Art. 641; 2016, N 50, Art. 7077 ; 2017, N 21, Art. 2991), the following changes:

a) Subparagraph 20.1 shall be amended as follows:

"20.1) within its powers develops and approves regulatory and methodological documents on the issues of ensuring the information security of information systems created using supercomputer and grid technologies, information resources of the Russian Federation, and also monitors the provision of information security of the specified systems and resources;" ;

b) subparagraph 47 shall be amended as follows:

"47) Organizes and conducts research on information protection, expert cryptographic, engineering and cryptographic and special studies of encryption, special and closed information and telecommunication systems, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ; ";

c) subparagraph 49 shall be amended as follows:

"49) preparing expert opinions on proposals for the creation of special and protected using encryption (cryptographic) means of information and telecommunication systems and communication networks, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ; ".

5. To make a decree of the President of the Russian Federation of January 15, 2013 N 31c "On the establishment of a state system of detection, prevent and eliminate the consequences of computer attacks on information resources of the Russian Federation" (meeting of the legislation of the Russian Federation, 2013, N 3, Art. 178) The following changes:

a) from paragraph 1 of the word "- information systems and information and telecommunication networks located in the Russian Federation and in diplomatic missions and consular agencies of the Russian Federation abroad" to exclude;

b) Paragraph 2 and subparagraphs "A" - "E" of clause 3 to recognize in invalid strength.

The president

Russian Federation

Moscow Kremlin

Recent years, information security issues at the state level pays a lot of attention, a whole range of measures to enhance digital frontiers are being carried out. One of the most important steps in this direction was the adoption of Federal Law No. 187 "On the Safety of Critical Information Infrastructure of the Russian Federation" and the launch of a global system to combat computer attacks - a state system of detecting, preventing and eliminating the consequences of computer attacks (hereinafter - the GOSSOPDA).

The Law on the Safety of Critical Information Infrastructure (hereinafter referred to as KII, prescribes key organizations to which public authorities include government agencies and key enterprises of the main sectors of the Russian Federation, ensure the safety of their information systems, communication networks and technological systems. The list of affected areas of the economy was: energy, including atomic, transport, communications, science, healthcare, banking and financial sectors, defense, rocket-space, mining, metallurgical and chemical industries.

Security incidents at key enterprises of the country may have serious consequences of the scale of the city and even a whole region, and it does not matter that it will be their cause - targeted hacker attacks or random personnel errors. To prevent possible incidents and the fulfillment of the requirements of the state, the organization should create a security system of KII, to ensure its operation and connect to the GOSOPK system.

The StateSopka is a global collection and exchange of information on computer attacks on the territory of the Russian Federation, the 8th center of the Federal Security Service of the Russian Federation (hereinafter - the FSB of the Russian Federation) is responsible for its creation. The main goal is to prevent and counteract attacks, primarily external, due to the continuous monitoring of IB incidents and timely generation of measures. To achieve this goal, a network of corporate and departmental centers of the GOSOPK, which should cover all key companies. Departmental centers are being built in state authorities, in state corporations - corporate centers. Many major integrators and manufacturers of information security solutions began to create commercial Corporate Centers of the State School and are ready to provide a full range of monitoring services, response, etc. Organizations that do not plan to create their own center. When connecting to the State School of the Organization, commitments are committed to immediate sending messages if computer attacks are detected and responding in case of information on a possible attack. Having found an attack, the GOSOPDA Center must transfer information to the main center, which in turn will transmit this information to other centers already with recommendations on countering. This approach significantly increases the degree of readiness and, as a result, the level of security of organizations.

The regulatory and methodological base required to create the GOSOPK centers is still being developed, and at the moment there are more questions than answers. But the main center of the StateSop on the basis of the 8th center of the FSB of the Russian Federation has already been established and operates, and many organizations have begun to build the necessary infrastructure.

In the near future, the developed FSB of the Russian Federation "Methodical recommendations on the creation of departmental and corporate centers of the state system of detection, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation" will be issued. These guidelines define the main list of functions, measures and solutions to create a GOSOPK centers. The document can also be made to edits, but you can already talk about the general concept. It is known that the GOSSOP system will have a tree hierarchical structure, where the central node is the main center of the GOSSOP on the basis of the 8th center of the FSB of the Russian Federation, and departmental and corporate centers are in the subordinate position. The interaction between the centers is carried out vertically. At the same time, departmental and corporate centers can be united, also forming a hierarchical structure with a heading center of the GOSSOP headed. The structure of the GOSSOP system is shown in Figure 1.

Picture 1. Hierarchical structure of the StateSopka

The centers of the states are assigned two main tasks. The first is to ensure the safety of its information resources, including the implementation of monitoring the security, attack detection, continuous improvement of applied protection measures. The second is the timely exchange of information about computer attacks with the head center (in the case of submission to the Head Center) or with the main center of the GOSSOP. For the implementation of these tasks, full-fledged IB SOC (Security Operation Center), with all necessary technical and process base, should be built within corporate and departmental centers.

For the effective functioning of the GOSOPK system, corporate and departmental centers must ensure the implementation of a number of functions that are defined in the methodological recommendations developed by the FSB:

  1. carry out a regular inventory of information resources in order to control all changes;
  2. we systematically carry out a set of activities to identify vulnerabilities that can be used by intruders, including scanning, internal and external penses, analyze settings, etc. Further develop measures to eliminate and, basic, control the execution of these measures to avoid the situation, as with the sensational encryptionors of Wannacry and Petya, when even after the release of updates necessary to close vulnerabilities, dozens of companies have become victims of viruses, since these updates were not timely installed;
  3. based on the results of inventory and identified vulnerabilities, perform analysis of current threats and possible attacks and develop measures to counteract;
  4. constantly improve the qualifications of specialists involved in the detection processes, prevention and elimination of the consequences of computer attacks, as well as raise the awareness of the staff to prevent social engineering attacks. Who is warned, he is armed. It will never be superfluous to remind employees that you cannot go on the links in letters from unknown senders and where to contact, if they still discovered, and something went wrong;
  5. the process of receiving reports of incidents from employees should be built. Special attention should be paid to messages that are massive;
  6. to detect the attacks of various focus, the GSSPK centers must ensure a centralized collection of IB events from IT and IB infrastructure, analyze these events and the correlation;
  7. in case of detection of an attack, an operational opposition should be carried out by coordinating resources and directly applying countermeasures;
  8. it is necessary to investigate the confirmed incidents, analyze the causes and consequences. It is very important to understand why this incident in principle was possible, as a team worked, how to improve protection measures, draw conclusions about the implemented IB measures and the work of specialists;
  9. well, in conclusion, the centers of the GOSOP should carry out regular planned interaction with the head or main center on inventory issues, identifying vulnerabilities, etc. And, most importantly, to promptly notify in case of detection of attacks and respond promptly if information on possible attacks is received.

To implement all these functions, a whole complex of technical means is necessary:

  • means of interaction with staff. If the company already has a call center and ServiSedesk, you can use them as a database, as well as standard methods of communication: telephone, mail, Web form;
  • tools of automated interaction with the main center of the GOSSOP. To solve this task, some Russian manufacturers have already developed specialized software, a kind of portals. They allow you to carry out bilateral interaction in terms of reception and transmit information about assets, incidents, attacks and threats, automatically fill in the incident cards in the form of the regulator;
  • system of collecting, analyzing and correlating information security events (SIEM), which allows you to organize a single point for collecting information on suspicious events and IB incidents;
  • the vulnerability scanners needed to assess the security of information systems, which allows you to correlate IB events with data on real IT infrastructure vulnerabilities;
  • protection tools to detect computer attacks at the network level at the level of applications, etc., transfer information about IB events in SIEM to correlate, prevent and actively counteract attacks. As a basic set of such funds, we see IDS / IPS solutions, WAF systems, firewalls, anti-virus software, DDOS protection;
  • also for generating IB events on information resources (OS, network equipment, application servers, Web services and databases), you must configure regular audit mechanisms.

Special requirements for technical means are not yet presented, with the exception of the software necessary for direct interaction with the heads and the main centers of the GOSSOP - it should be in the register of domestic software. With the output of the regulatory documentation, the situation will most likely change, and additional conditions will appear. The composition of the technical means for each organization is determined individually, within the framework of design work, the specifics of the information infrastructure in the enterprise, already available tools for the protection and processes of IB, are taken into account. As a rule, a significant part of the technical solutions needed to create corporate and departmental centers already exist in organizations.

And if there are no special problems with the protection of special problems, much more difficult to the question of the necessary personnel resources. The implementation of the processes, the introduction and operation of technical means requires the team of experienced and qualified specialists. Specialists need to interact with users, monitoring operators, incident response team, technical service specialists (protection administrators, SIEM administrators), security assessment specialists (for fencing, scanning), IB analysts for developing incident identification scenarios, technical Experts, lawyers, etc. For the most part, the tasks of the StateSop requires narrow-profile specialists, which are not easy to find on the market, therefore the personnel problem becomes the main problem when building the GOSOPK centers.

The creation of departmental and corporate centers of the GOSSOP requires a thorough approach, serious development of process support is needed, serious development of technical support and expert team of specialists. It is necessary to conduct an infrastructure survey, to determine the necessary technical means, architecture, requirements for settings, scenarios for detecting incidents. Next, to implement and configure the necessary means of protection, to develop organizational and administrative documentation, including the procedure for responding, the procedure for processing and investigating IB incidents, the procedure for interaction with the main center of the GOSSOPK, and the main one - to ensure the implementation of all required functions to provide IB, monitoring and responding, preferably in around the clock. The front of work is huge, and the organization that has decided to connect to the GosSPEC can choose the following options:

1. Build your own Center for the GOSSOP on the basis of its personnel resources. Such an approach requires huge temporary, resource and financial costs, but will allow full control over all processes and will significantly increase the role of the organization in the system of the GosSPEC. It is advisable for large departments and corporations that plan to execute the Functions of the GOSSOP in relation to subsidiaries. In the territorially distributed companies in the formation of the team, it is recommended to attract regional employees - this will make it possible to achieve significant savings, as wages in the regions below and due to the time zone difference can be obtained by a larger temporal coating.

2. Attract external specialists for individual tasks. It does not always make sense to try to argue immense. So, when building the Center for the GOSSOPD, the transfer of part of the tasks to outsourcing can be the best solution to problems with frames and terms of implementation. According to the methodological guidelines, the ability to outsource individual functions is also provided for departmental, and for the corporate centers of the GOSSOP. It is advisable to transmit simple and resource-intensive first line tasks to outsourcing, such as monitoring and detecting incidents, accompanying protection tools. Such work is easy to fix in the contract, delimit the zones of responsibility, agree on SLA (Service Level Agreement), it is convenient to control their execution. This will allow you to get rid of the routine and significantly unload your own staff. It also makes sense to attract external specialists to solve the tasks of the third line, for example, for analytics and developing the incident detection scenarios, policy development for protection products. These expert tasks require narrow-profile specialists, who, firstly, it is difficult to find, and secondly, it is not always possible to provide them with fulltime-loading and contain them in the state can be economically inexpedient. For outsourcing of individual tasks, as a rule, attract system integrators and companies that provide professional services by IB.

3. Transfer all functions to the head office center or commercial corporate center. Actual for organizations that should connect to the GosSPEC, but due to the lack of people and competencies are not ready to build their own infrastructure. Such interaction scheme will be distributed in large corporations, where the centralized management of IB resources of the head organization is practiced. In this case, subsidiaries do not build their SOC, and connect their information resources to the SOC of the head center, which on a contractual basis can execute all the necessary safety, monitoring, response and information exchange. A similar interaction scheme is meant using the services of commercial corporate centers that will be built on the basis of integrators and manufacturers of IB solutions. On the company's side, only the control function and a certain amount of work on the adaptation of the internal processes of IB to functioning within the GOSSOP system, building processes of interaction with the Head Center, ensuring the readiness of IT and IB specialists to take an active part in the investigation and elimination of the consequences of incidents.

Connecting to the GOSSOPK system and the construction of corporate and departmental centers will significantly increase the level of maturity of the IB and the real security of the information resources of key Russian companies. The creation of such a system should be a rapid jump forward in IB issues, many organizations today only master the basic security measures, but from January 1, 2018, the moment of entry into force of the law on security of the CIA should go to the SOC technology. And despite the fact that the process of this complex, requiring a lot of effort, the benefits of such events is obvious. And here, first of all, the result is important: the security of key enterprises of the Russian Federation. The formal approach to the closure of imposed claims cannot be applied, as including in the Criminal Code of the Russian Federation, amendments are made, establishing serious punishments not only for attacking (punishment of up to 10 years of imprisonment for cyberatics), but also for those responsible for the protection of KII ( The punishment of up to 6 years of imprisonment for violations of the rules of operation). Perhaps these are tough measures, but the price of IB incidents at key enterprises of the country may be too large.

Bibliography:

  1. On the safety of the critical information infrastructure of the Russian Federation: dated July 26, 2017 N 187-FZ (last revision) // Consultant Plus. Legislation. VersionProf [Electronic resource] / Consultant Plus JSC. - M., 2018.
  2. Sirtukova E. Climbing the StateSop // Jet Info: Monthly Business Edition - 2017. - №7-8. URL: http://www.jetinfo.ru/author/ekaterina-syurtukova/voskhozhdenie-na-gossopka (date of handling: 03/10/2018).
  3. Criminal Code of the Russian Federation: dated 06/13/1996 No. 63-FZ (ed. From 19.02.2018) // Consultant Plus. Legislation. VersionProf [Electronic resource] / Consultant Plus JSC. - M., 2018.

In order to improve the state system of detection, prevent and eliminate the consequences of computer attacks on the information resources of the Russian Federation and in accordance with Article 6 of the Federal Law of July 26, 2017 No. 187-FZ "On the Safety of Critical Information Infrastructure of the Russian Federation" decree:

1. To entrust to the Federal Security Service of the Russian Federation, the functions of the federal executive authority authorized in the field of ensuring the functioning of the state system of detection, prevent and eliminate the effects of computer attacks on information resources of the Russian Federation - Information systems, information and telecommunication networks and automated control systems on Territories of the Russian Federation, in diplomatic missions and consular institutions of the Russian Federation.

2. To establish that the tasks of the state system of detection, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation are:

a) forecasting the situation in the field of information security of the Russian Federation;

b) ensuring the interaction of the owners of the information resources of the Russian Federation, telecom operators, other actors carrying out licensed in the field of information protection, when solving tasks relating to the detection, prevention and elimination of the consequences of computer attacks;

c) exercising controlling the degree of security of information resources of the Russian Federation from computer attacks;

d) establishing the causes of computer incidents related to the functioning of information resources of the Russian Federation.

3. To establish that the Federal Security Service of the Russian Federation:

a) provides and monitors the functioning of the state system, named in this Decree;

b) forms and implements within its powers, state scientific and technical policy in the field of discovery, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation;

to detect computer attacks on the information resources of the Russian Federation;

to prevent and establish the reasons for computer incidents related to the functioning of information resources of the Russian Federation, as well as to eliminate the consequences of these incidents.

4. Submit to clause 9 of the Regulations on the Federal Security Service of the Russian Federation, approved by the Decree of the President of the Russian Federation of August 11, 2003 No. 960 "Questions of the Federal Security Service of the Russian Federation" (Meeting of the legislation of the Russian Federation, 2003, No. 33, Art. 3254; 2004, No. 28, Art. 2883; 2005, No. 36, Art. 3665; No. 49, Art. 5200; 2006, No. 25, Art. 2699; No. 31, Art. 3463; 2007, No. 1, Art. 205; No. 49, Art. 6133; No. 53, Art. 6554; 2008, No. 36, Art. 4087; No. 43, Art. 4921; No. 47, Art. 5431; 2010, No. 17, Art. 2054; No. 20, st . 2435; 2011, No. 2, Art. 267; No. 9, Art. 1222; 2012, No. 7, Art. 818; No. 8, Art. 993; No. 32, Art. 4486; 2013, No. 12, Art. 1245 ; No. 26, Art. 3314; No. 52, Art. 7137, 7139; 2014, No. 10, Art. 1020; No. 44, Art. 6041; 2015, No. 4, Art. 641; 2016, No. 50, Art. 7077 ; 2017, No. 21, Art. 2991), the following changes:

a) Subparagraph 20.1 shall be amended as follows:

"20.1) within its powers develops and approves regulatory and methodological documents on the issues of ensuring the information security of information systems created using supercomputer and grid technologies, information resources of the Russian Federation, and also monitors the provision of information security of the specified systems and resources;" ;

b) subparagraph 47 shall be amended as follows:

"47) Organizes and conducts research on information protection, expert cryptographic, engineering and cryptographic and special studies of encryption, special and closed information and telecommunication systems, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ; ";

c) subparagraph 49 shall be amended as follows:

"49) preparing expert opinions on proposals for the creation of special and protected using encryption (cryptographic) means of information and telecommunication systems and communication networks, information systems created using supercomputer and grid technologies, as well as information resources of the Russian Federation ; ".

5. To make a decree of the President of the Russian Federation of January 15, 2013 No. 31c "On the establishment of a state system of detection, prevent and eliminate the consequences of computer attacks on the information resources of the Russian Federation" (meeting of the legislation of the Russian Federation, 2013, No. 3, Art. 178) The following changes:

a) from paragraph 1 of the word "- information systems and information and telecommunication networks located in the Russian Federation and in diplomatic missions and consular agencies of the Russian Federation abroad" to exclude;

b) Paragraph 2 and subparagraphs "A" - "E" of clause 3 to recognize in invalid strength.

President of Russian Federation V. Putin

Moscow Kremlin

Overview of the document

Earlier, the FSB of Russia was entrusted with the authority to create a system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of Russia (information and information and telecommunication networks located on the territory of our country and in diplomatic institutions and consular institutions of Russia abroad).

It was decided to establish the function of the federal authority authorized in the field of operation of the system.

It has been clarified that resources include informsystems, information and telecommunication networks and automated control systems located on the territory of our country in diplomatic institutions and consular institutions in Russia.

Revised system tasks. Adjusted position on the service and decree of the President of the Russian Federation on the creation of the system.

Protection of information at the state level is a whole range of events and tools. The protection of state secrets is engaged in a specialized state authority - the Federal Security Service. However, not all information to be protected can be attributed to GT. And in support of the Order No. 31 and as a response to a rapidly changing situation in the world, President Vladimir Putin, the decree creates a specialized state system of the GOSSOP. Consider in more detail the organizational and technical aspects of the new state system.

In January 2013 President Vladimir Putin signed a decree on creating in Russia State system of detection, prevention and elimination of the consequences of computer attacks or GosSopka

Its key objectives, in accordance with the Presidential Decree, should be predicting information security situations, ensuring the interaction of IT resource owners in solving problems related to the detection and liquidation of computer attacks, with telecom operators and other organizations carrying out information protection activities . The system's task list also includes the evaluation of the degree of protection of the critical IT infrastructure from computer attacks and establishing the causes of such incidents.

The next step was in December 2014 approved by President Vladimir Putin concept The state system of detection, prevention and elimination of the consequences of computer attacks on the information resources of the Russian Federation. And in March 2015, the FSB published an extract from this document containing data on how this system will be arranged.

The system should protect more than 70 executive bodies, as well as objects of critical infrastructure: atomic and hydroelectric power plants, cities supply systems and roszervas specialist. To cope with this task, GosSopka Will in real time to monitor electronic resources, identify and predict the occurrence of threats, as well as to improve existing security systems, interacting with telecom operators and Internet providers.

According to the document, the system is a single centralized territorial-distributed complex, including forces and means of detecting, preventing and eliminating the consequences of computer attacks, the federal authority authorized in the field of ensuring the safety of the critical infrastructure of the Russian Federation and the authority authorized in the field of creating and ensuring the functioning of the system .

Under "Means"the concept implies mainly technological solutions, and under "Forces" - Special divisions and employees from the federal authority responsible for the system, as well as telecom operators and other organizations that carry out licensed activities in the field of information protection.

The system will function created in the FSB National Coordination Center for Computer Incidents

Main organizational and technical The system component is the detection centers, prevention and elimination of the consequences of computer attacks, which will be divided into territorial and departmental features. In particular, the main center, regional, territorial centers of the system, as well as centers of government agencies and corporate centers will be organized. The functioning of the latter will be provided by organizations that created them.

In accordance with the concept, the territorial structure of the GOSSOP has the form:

The framework of the system is planned to organize interaction with law enforcement and other government agencies, owners of information resources of the Russian Federation, telecom operators and Internet providers at the national and international levels. It will include the exchange of information on the identified computer attacks and the exchange of experience in the field of identifying and eliminating vulnerabilities of software and equipment and response to computer incidents.

The representative of the 8th center of the FSB voiced the main tasks of departmental centers:
  • detection of signs of computer attacks Formation and maintenance of detailed information on information resources in the area of \u200b\u200bresponsibility of the departmental center
  • collection and analysis of information about computer attacks and affected by computer incidents
  • conducting operational response activities and computer incidents caused by them, as well as to eliminate the consequences of data of computer incidents in information resources
  • adoption of management decisions to ensure information security information resources
  • identification, collecting and analyzing information about vulnerabilities, as well as conducting measures to assess the protection of computer attacks and viral infection of information resources
  • informing stakeholders and subjects of the GOSSOP on the detection, prevention and elimination of the consequences of computer attacks
  • ensuring the protection of data transmitted between the departmental center and the main center of channels protected using the Certified FSB of Russia Information Protection
  • providing additional information about computer incidents in information and telecommunication networks in the area of \u200b\u200bresponsibility of the departmental center, at the request of the Main Center of the GOSSOP.

Taking into account the functions of those given in Conceptsit turns out the following interaction scheme GosSopka


  • the practical absence of domestic telecommunication equipment throughout the country;
  • the topology of the country's transport network in terms of ensuring its survivability requires improvements.

    • And in conclusion it is worth mentioning a connection FINCERT. and GosSOP According to Alexei Lukatsky, it was said that the FINCERT center created by the central bank will enter the system - apparently as a departmental one. Lukatsky notes: "To the banks should look at the hill. There are two reasons. The first - from the hill will work firmly to work with the FINCERT, passing the information received from banks and recycled. The second - all those who fall under the law" On the Safety of Critical Information Infrastructure "law., they will have to connect to the hill. "