Sanitization of the code

Checking the security of state information systems for their admission to the single digital platform Gostekh will be delayed for a year – until March 30, 2024. Strengthening the security of GIS was required due to large-scale attacks on them after the start of the Russian military operation in Ukraine and systemic problems – the amount of work de facto turned out to be more than planned. The White House assures that the extension of the experiment will not shift the deadline for the transition to the platform of key federal GIS – it will begin on April 1, but will require expanding checks on departmental systems, as well as deepening the security analysis itself.

Prime Minister Mikhail Mishustin signed Government Decree No. 469 dated March 24, 2023 to extend for a year, until March 30, 2024, the terms of the experiment to increase the level of security of state information systems (GIS) of federal executive authorities and their subordinate institutions. The document also supplements the list of the goals of the experiment (defined by government decree No. 860 of May 13, 2022) with two new ones – this is an assessment of the level of security of GIS and their components as part of the transition to Gostech and the elimination of vulnerabilities found. De facto, we are talking about the fact that the transfer of GIS to the Gostech platform for security reasons will require more effort and time than expected. Gostekh itself, we recall, should become a development environment for state IT and allow the authorities to save on the use of systems already paid for by government customers by other government agencies – however, they decided not to rush to bring existing systems to the platform so as not to replicate code with vulnerabilities.

It should be noted that after the outbreak of hostilities in Ukraine on February 24, 2022, almost all GIS underwent large-scale hacker attacks (for more details, see Kommersant dated August 23, 2022). In a presentation on the results of the implementation of the Digital Economy national program, presented by Deputy Prime Minister Dmitry Chernyshenko in January 2023, it was also noted that more than half of GIS are subject to critical risks of denial of service for IT infrastructure.

In the office of Dmitry Chernyshenko, the reasons for extending the security audit of GIS were the increased attention to the issues of their security and the need to “approve a list of measures to eliminate GIS vulnerabilities”. Also, the GIS of individual authorities, for which they were not provided for, will fall under the checks, however, changing the timing of the experiment will not affect the implementation of the decree in any way and will not change the plans to transfer the GIS to Gostekh. In the Ministry of Digital Development, the extension of the experiment to Kommersant was also explained by the fact that “the requirements for information security have been improved, GIS will check for compliance with them even more carefully.”

The experiment itself to increase the level of security of information systems of the Ministry of Digital Development was launched as part of the federal project “Information Security” of the national program “Digital Economy” from May 16, 2022, participation in it is voluntary. For an independent analysis of the current level of GIS security, to check the practical possibility of exploiting vulnerabilities, the Ministry of Digital Transformation in September 2022 entered into a state contract with Vizum LLC in the amount of about 340 million rubles. As Kommersant was previously informed by the Ministry of Digital Development, there are more than 500 federal and 2.5 thousand regional GIS in the country. In July last year, the Deputy Prime Minister said that 150 GIS of high social importance would be transferred to Gostekh as a matter of priority. When assessing the feasibility of transferring the GIS to Gostech, the Ministry of Digital Transformation should take into account the reliability of operation, the amount of measures taken to protect information and the availability of the necessary information infrastructure, Kommersant was told in the office of the Deputy Prime Minister. The phased transition to the mandatory use of Gostekh and the state unified cloud platform in the creation and development of federal GIS will last from April 1, 2023 to December 31, 2025 (see Kommersant dated November 9, 2022), its schedule should be ready by the end of March.

Venera Petrova