Cybersecurity goes on air – Newspaper Kommersant No. 208 (7409) dated 11/10/2022

“Kommersant” learned that the government is developing regulation for the media in terms of infrastructure information security. To do this, it is planned to create a register of significant media, identify “unacceptable threats” and oblige to conduct regular checks on the security of networks. Market participants believe that the initiative is necessary, but fear rising costs – according to experts, costs can reach tens of millions of rubles a year.

The Ministry of Digital Development is preparing regulation of cybersecurity in the media, a source in the IT market told Kommersant and confirmed by a source familiar with the situation. According to them, it was tentatively decided not to extend to the media the requirements of legislation on critical information infrastructure (CII, it includes banks, telecom operators, etc.), but to oblige them to conduct regular checks on the security of networks.

It is planned to create a register of “significant media” (now a number of market participants, including Kommersant, is already included in the list of backbone organizations) subject to special control. For them, a “list of unacceptable events in the field of cybersecurity” will be prepared. Also, the Ministry of Digital Development intends to develop security standards for each type of media: television, radio and Internet portals. The ministry did not respond to Kommersant’s request.

Hacker attacks on the Russian media have increased dramatically since the outbreak of hostilities in Ukraine. In 2022, more than 30 media outlets turned to the Center for Monitoring and Control of the Public Communications Network of Roskomnadzor (TsMU SSOP) for help in repelling cyber attacks, Kommersant was told in the department. They claim that “cyber attacks are sponsored by unfriendly countries and continue to be a threat to the Russian information infrastructure.”

Some media representatives positively evaluate the initiative of the Ministry of Digital Development. “The actions of the regulator are extremely useful if they allow creating a uniform level of cybersecurity for the entire media ecosystem,” said Timofey Shcherbakov, RBC Operations Director. However, he clarifies, it is practically impossible to ensure the absolute security of public information systems: “The probability of realizing threats of service failure and information substitution will always be non-zero.” Other media did not comment on the initiative of the Ministry of Digital Development.

The media, or rather, the platforms for their online publications, have traditionally not been protected as thoroughly as other Internet platforms, such as Internet banking, e-commerce, or personal accounts in public and private services, notes Rustem Khairetdinov, an independent cybersecurity expert: “ It was believed that hacks of such services could not cause significant damage, so it makes no sense to equate them with CII. But the events of recent months have shown that the publication of fakes or, for example, the expression of an alternative political position of employees can cause a negative effect in society, up to riots.”

Full-fledged protection of information resources, especially such large companies as federal media, requires significant costs, which, if regulatory measures are taken, will fall on the organizations themselves, experts say. A service to protect one information resource from attacks today can cost from 1.5 million rubles. per year, says Rustem Khairetdinov. Ivan Melekhin, Director of the Center for Monitoring and Prevention of Cyber ​​Attacks IZ:SOC Informzashchita, believes that the requirements for media security should not differ much from the requirements for CII. According to him, the cost of comprehensive protection of networks of key media will amount to 10-30 million rubles. in year.

From a technical point of view, the implementation of certain cybersecurity solutions in the media is not much different from the situation in other industries, believes Evgeny Budarin, head of the pre-sales support department at Kaspersky Lab: “But when working with the media, it is important to take into account the high degree of criticality of successful cyber attacks that can seriously affect their reputation and credibility.”

Tatiana Isakova, Valeria Lebedeva