The Central Bank’s supervised economy is growing – Kommersant

Under the current conditions, the Russian authorities are forced to look for ways to get guarantees that in important areas, in particular in the financial sector, electronic equipment is controlled by the one who bought it, and not the one who sold it. On Wednesday, May 24, the State Duma Committee on the Financial Market amended the bill that passed the first reading, giving the Bank of Russia the authority to issue permission to banks and other financial organizations to purchase software. Now it contains a rule according to which the regulator will also coordinate the purchase of radio-electronic products and telecommunications equipment.

As a source in the banking market told Kommersant, initially only software was written in the document: it was assumed that this would be enough to protect the internal perimeter of banks from intruders. However, a number of gadgets, for example, such as routers or routers, already come with their own software. Moreover, they can be accessed remotely, which means that through them it is quite possible to take control of the internal network of the bank.

The Bank of Russia must take care of the stability of the banking system, which, in the context of continuous computer attacks on financial organizations, is not the easiest thing to do. According to the regulator, in 2022 the number of cyber attacks on organizations in the financial sector increased from 330 to 1.5 thousand cases. Banks themselves often try to minimize costs and are in no hurry to abandon potentially dangerous, but already purchased and seemingly working equipment.

As noted in the Central Bank, in its structure in 2022, an industry coordination center for ensuring the technological sovereignty of the financial market was created, whose main tasks include, among other things, setting priorities for replacing foreign software and hardware, as well as testing and assessing the maturity of Russian solutions. According to a Kommersant source familiar with the situation, for six months now, banks have to coordinate with the Central Bank the purchase of hardware operating in critical information infrastructure systems (CII). Nevertheless, this norm had to be fixed by law.

Apparently, the whole point is in assessing the criticality of this or that infrastructure, and the further, the stronger the field of CII will expand. There are already known cases of banks being hacked through a vulnerability in the printer software. And smart speakers, smart sockets, smart refrigerators, etc. are also in use. So today the Central Bank separates malicious routers from safe ones, and soon it will have to deal with smart kettles and coffee makers.