Domestic HSM modules raised questions from banks
[ad_1]
The domestic hardware security modules proposed by the Central Bank for testing raised questions from bankers. In their opinion, the regulator proposed “incompatible with the main business processes of credit institutions” and expensive solutions, which risks slowing down the process of import substitution.
The Central Bank recommended that banks test domestic HSM modules, follows from a letter from the regulator dated August 7, sent to banks (available to Kommersant). Today, the requirements set by NSPK for HSM modules from Russian manufacturers correspond to the solutions of Crypto-Pro and System of Practical Security, so it is necessary to test them as a replacement for foreign ones, the document says. The Central Bank did not respond to Kommersant’s request.
The hardware security module (HSM) protects information systems that use cryptography from disclosing data from unauthorized access, physical opening, and retrieval of information. Modules are available in different variations, from a simple expansion card to individual devices that have anti-vandal protection.
Bankers fear that the tests will hinder effective import substitution. The bank transfers funds through the Central Bank payment system – this is a key business process, and it is in any bank, explains the interlocutor of Kommersant from among the bankers. At the same time, all interaction of the payment segment of the Central Bank goes through the Signature cryptographic information protection tool (CIPF), which the Crypto-Pro solution does not support, he explains. Previously, the choice in this direction was free, but now the Central Bank insists on the use of Russian HSM modules of specific companies, he notes.
In addition, HSM modules are quite an expensive product, the bankers emphasize.
A credit institution needs at least two HSM modules – a main and a backup one, while, for example, one Crypto-Pro module can cost about 3 million rubles, Kommersant’s interlocutors say.
The implementation of a module for testing implies a chain of internal procedures for migration, embedding and testing the solution, and the module itself is a technically complex complex, testing all the necessary functions of which may require the use of a large number of human resources and time, adds Artem Brudanin, head of cybersecurity at RTM Group .
Deputy General Director of CryptoPro Stanislav Smyshlyaev explained that interaction with HSM in the payment segment in banks is implemented either using proprietary software (software) or through modules from one of several developers of processing solutions.
All such implementations were created, finalized, tested and applied earlier with HSM of foreign manufacturers, he says.
After receiving the FSB certificate for HSM developed by CryptoPro, the top manager adds, banks and developers of processing software actively began testing it in terms of compatibility with existing software. For a “wide variety of systems”, according to him, compatibility has already been confirmed, a number of banks, in particular from the top 10, are already conducting procurement procedures in order to use CryptoPro HSM in the payment segment.
Information security experts specify that the use of HSM in the payment segment is not connected with the “Signature”. “Signature” is a system of cryptographic authentication of documents, in fact, a means of electronic signature and verification. HSM is a software and hardware module that provides protection of cryptographic keys, it is a solution for protecting customer data and transactions during their transmission and storage in case of hacking,” emphasizes Mr. Brudanin. From a technical standpoint, he argues, “these are very different products.”
[ad_2]
Source link
