At attention – Newspaper Kommersant No. 196 (7397) dated 10/21/2022

The introduction on October 19 in the Southern and Central Federal Districts of the country of a high alert regime may affect the operation of critical information infrastructure, including communication networks and data processing centers (DPCs), according to participants in these markets. Owners of networks and data centers must provide full access to them at the request of the Ministry of Defense, it is possible to turn off communications and increase control over the transfer of information. In general, the interpretation of the new conditions will depend on the initiatives of the executive branch, which vague wording gives “room for maneuver”, lawyers say.

Kommersant discussed with lawyers, participants in the IT and telecom market how the introduction of a high alert regime in the Southern and Central Federal Districts could affect the operation of communication networks and data centers. The “high alert level” is introduced in accordance with Presidential Decree No. 756. The document, among other things, assumes “the introduction of control over the work of communications and communications, computer centers and automated systems” (see “Kommersant” then October 19). The wording is enshrined in the law “On martial law”, communication networks and automated systems, according to 187-FZ, refer to critical information infrastructure facilities.

The introduction of control over the operation of computer centers and automated systems means that they can be used for the needs of the Ministry of Defense, says CorpSoft24 Lead Engineer Mikhail Sergeev:

“The owners of the data center and systems, at the request of the ministry, will have to provide full access, as well as allow the removal of the server, system, and even the data center, with the subsequent payment by the state of the cost of the property.”

But at this stage, such a development of events is unlikely, he said. “Owners of data centers and automated systems that are physically located in the regions where the regime has been introduced should reserve the systems so that they can be switched to another data center, then the operation will continue in normal mode in any case,” the expert adds.

Dmitry Galushko, General Director of Ordercom, notes that subscribers of operators in the Central Federal District and the Southern Federal District may experience a disconnection: “A similar precedent occurred in 2018 in Ingushetia, when the provision of cellular communication services was suspended as part of operational search activities and ensuring the security of the Russian Federation.” At that time, only emergency calls were available (see “Kommersant” dated October 24, 2018). According to Dmitry Galushko, now, if necessary, the executive branch will be able to apply the same measure. The Ministry of Digital Development did not explain to Kommersant how communication networks can be used when introducing a high alert level in the regions.

The Department of Information Technologies of Moscow reported that the department “will strengthen control over compliance with existing security requirements” in the city’s Data Processing Center, but “no new measures are planned to be introduced.” Kommersant sent requests to the largest data center operators: Sberbank, MTS, Rostelecom, Croc and Yandex, MegaFon, Vimpelcom, Tele2. All companies declined to comment.

There is no specific definition in the law of what an “automated system” and “computer center” are, says Maxima Ali, Partner, Head of IP/IT Practice at Maxima Legal:

“Whatever definition we choose, it will in any case be broad. But it is quite in the spirit of recent law-making to create such rules that the authorities would have carte blanche.”

Additional verification measures will be taken in relation to the listed facilities, says Roskomsvoboda lawyer Nikita Istomin: “They can affect not only the physical security of the equipment, but also information security systems: that is, what decisions are made on the infrastructure, whether the law on the installation of technical means to counter threats is observed, Are there any resources at all?

The decree, among other things, gives the right to “use any information systems and computer centers without any restrictions,” notes Nikita Filippov, head of the De Jure law office: “In this case, we are talking about control over any information that may represent interest for the military, including in order to prevent the leakage of secret or proprietary information.

Tatyana Isakova, Anna Zanina