A unified approach or an individual one?

[rakhirhif8963]

Import Substitution for Critical Information Technologies Entities: How Russian Linguistic Technologies Reduce the Risk of Data Leaks
Critical information infrastructure (CII) entities may be required to switch to Russian software from January 1, 2021 — the corresponding bill was published at the end of May on the website of the Ministry of Communications. The document notes that this initiative will ensure the security and technological independence of information systems and networks, as well as automated control systems operating in healthcare and science, transport, communications, finance and energy, including nuclear energy, in the fuel and energy and defense industry complexes, in the mining, metallurgical and chemical industries.

Read more

The draft decree affects a wide range of enterprises from various industries, but it is obvious that the requirements for the critical information infrastructure of a nuclear power plant are much higher than, say, for the information system of a pawnshop. Federal Law No. 187 "On the Security of Critical Information Infrastructure" , which entered into force in 2018, takes into account the degree of significance of critical information infrastructure. But it is not yet clear whether this approach applies to this draft decree and whether uniform import substitution rules should be established for all critical information infrastructure or whether the rules should depend on the level of significance of the critical information infrastructure. The opinions of our experts were divided.

“Requirements and rules should not only be uniform, but also belarus mobile database and understandable for all participants in the process,” believes Nikita Shablykov.

Lev Matveyev also believes that there is no objective need for unique rules for different critical information infrastructure objects, explaining that one should not confuse the goals of import substitution with the essence of critical information infrastructure. The main tasks of import substitution are technological independence and economic growth, and the main requirement for critical information infrastructure is security.

Kirill Ugolev disagrees with them, and is sure that the level of critical information infrastructure significance should certainly be taken into account, and, in addition, it is necessary to assess the economic feasibility of such rules for different enterprises. And Dmitry Burlakov pointed out that due to the wide range of systems that fall under the criteria of critical information infrastructure, the development of uniform import substitution rules will most likely only lead to an ever-growing number of justified exceptions. In his opinion, approaches should depend on the industry and functional characteristics of the systems, their degree of criticality, the required service levels and information security.