Authorities vow to protect NGOs from cyberattacks

On January 23, a group of senators and deputies of the State Duma will submit a bill to the lower house of parliament that will allow the authorities to provide non-profit organizations (NPOs) with server capacities on a secure infrastructure (Vedomosti reviewed the document).

The initiative was prepared by a group of United Russia members headed by First Vice Speaker of the Federation Council Andrey Turchak. Amendments are proposed to be made to Article 31.1 of the Law “On Non-Commercial Organizations” – it will be supplemented with two paragraphs. It is clarified that state and public authorities and local governments will be able to provide socially-oriented NPOs (SO NPOs) with computing power to provide access to information posted on their website, as well as help with the creation and automation of such sites, including using ” State Services”. The procedure for providing such assistance in the event of the adoption of amendments will be determined by the Russian government – it is assumed that this work will be completed within four months after the adoption of the bill.

The explanatory note clarifies that the websites of NGOs collecting humanitarian aid for “residents and defenders of the Donetsk and Luhansk People’s Republics (DPR and LPR), Zaporozhye and Kherson regions”, as well as NGOs fighting fakes and engaged in education and patriotic education of youth, The beginning of the special operation was subjected to massive cyber attacks, which often led to the suspension of their activities. According to the authors of the bill, a new type of “information support” will allow NGOs to ensure uninterrupted work. To create and automate websites, the Ministry of Digital Development of Russia will have the right to provide NGOs with access to the constructor – the Gosweb subsystem of the federal state information system “Unified Portal of State and Municipal Services” (“Gosuslugi”).

“The adoption and implementation of the draft law will help reduce the cost of SO NCOs for technical and material support. In addition, the proposed changes will help ensure the security of personal data of citizens working and interacting with SO NGOs, as well as increase the level of resistance of important social Internet resources to hacker attacks,” the authors sum up.

The financial and economic justification of the bill states that the implementation of its provisions will be carried out “at the expense of the federal budget funds provided for the federal executive body that performs the functions of developing and implementing state policy and legal regulation in the field of information technology.”

According to the register of socially oriented NGOs published on the website of the Ministry of Economic Development of Russia, as of January 20, 2023, it includes 46,953 organizations.

According to Turchak, this problem was brought to the attention of party supporters, who were approached with complaints about constant cyberattacks by socially oriented NGOs, which are engaged in particular in helping the front and residents of new regions. “As a rule, NGOs have neither the money nor the necessary competencies for information security, so it is not difficult for hackers to break into their sites and thereby interfere with work,” he explained. The senator added that the United Russia bill would allow social NGOs to strengthen the protection of their web resources free of charge. “And by placing sites on a secure state infrastructure, ensure the proper level of protection of personal data of citizens interacting with such organizations,” Turchak emphasized.

One of the authors of the bill, Olga Zanko, Deputy Chairman of the State Duma Committee for the Development of Civil Society, explained that work on the document began after several NGOs that had been subjected to cyberattacks addressed the central council of United Russia supporters: “The bill gives the authorities the right to provide support depending on financial and technological capabilities. Services can be provided in a variety of ways: from a secure server to an electronic signature and anti-virus protection.” According to Zanko, it has already been possible to reach an agreement with the Russian Ministry of Digital Transformation that a number of large all-Russian SO NPOs that have encountered hacker attacks will be able to switch to Gosoblako, and a number of others will have access to the Gosweb constructor, which will allow placing the site on a government server, which will ensure the safety and stability of work.

“The selection of NGOs will take place as with other forms of support already enshrined in law, such as grants, premises, free social advertising, etc. The procedure for providing such support at the federal level will be established by the Russian government,” the deputy added. “If we add up the digital server capacities at the disposal of state and municipal organizations in all regions of the country, and add to this the well-protected data centers of large companies, with which we have built interaction in the country, then we can definitely say that to help if there is a need for it, all 47,000 socially oriented NGOs in Russia can count on it,” says Anton Nemkin, member of the State Duma Committee on Information Policy, co-founder of the Digital Valley of the Kama Region (also among the co-authors of the bill). – At the same time, the bill is not imperative (that is, mandatory for execution. – Vedomosti) in nature, but only legalizes this possibility [помощи НКО]”.

For help, deputy Nemkin believes, “those NGOs whose activities are currently aimed at supporting the actions of the country’s leadership as part of a military special operation” will mainly apply for help: “After all, they are the target of hackers from unfriendly countries conducting random or targeted cyberhunting. That is, measures, including those to increase the level of protection, will be implemented in relation to those funds that really need it. If this draft law is adopted, the government will be instructed to determine the criteria for the need to support this or that Russian NGO, and the procedure for providing this assistance will also be developed.”

After massive attacks in 2022 on Russian digital resources, a lot of work was done to increase the infrastructure’s resilience to cyber attacks, identify backdoors and switch to domestic software, which led to a reduction in the consequences of cyber attacks, and their number also decreased, said Rustam Sagdatulin, director of ROCIT. “But government agencies will have to buy additional equipment to maintain the stable and secure operation of critical digital resources, as a result of which the load on such centers will only increase,” he notes. According to Sergei Naumov, CEO of Timeweb Cloud, this solution will allow SO NPOs not only to save on hosting, but also to improve the protection of personal data during the centralized transfer of NPO projects to state data centers. “For the organization of these processes, data centers can provide local engineers and security specialists, which most non-profit organizations now most likely do not have on their staff,” says Naumov.

According to Dmitry Gorkavenko, Business Development Director of iKS-Consulting, the regulation of the IT market of the Russian Federation is being improved in accordance with its development and the circulation of personal data – one of the key areas of information security regulation, and many SO NPOs or their partners can act as personal data operators, in including from the category of special ones – for example, about the state of health, diseases, cases of seeking medical help, about the composition of the family, etc., which can identify a person. “Working with such data requires additional organizational and financial costs from SO NCOs, up to the certification of information systems in the FSTEC of the Russian Federation. Not all SO NPOs can afford it. The provision of ICT infrastructure outsourcing services by the specialized federal executive authority on the basis of Gosoblak could reduce the risks of violation of legislation in the field of personal data, reduce the operational and financial burden on IT departments of SO NPOs,” the expert notes.