The Gostekh platform will have a center for responding and monitoring cyber attacks

The Integral Research Institute, subordinate to the Ministry of Digital Development, began publishing tenders for work to create a center for monitoring and responding to computer attacks on the Gostekh platform. By the end of the year, according to Kommersant, the ministry intends to allocate about 450 million rubles for the project, and the center must be created by the end of 2024. Now government IT systems are migrating to Gostekh, and the threat of cyber attacks is growing. And although the budget corresponds to the scope of work, it will be extremely difficult to organize monitoring of so many different systems, experts say.

The Ministry of Digital Development will allocate 450 million rubles by the end of the year. to ensure the cybersecurity of the state platform Gostekh (its operator is Sber), an interlocutor close to the project told Kommersant, and was confirmed by an interlocutor in the government. The funds are allocated to the Scientific Research Institute (SRI) Integral, which is subordinate to the Ministry of Digital Development, which in mid-May was selected as the single contractor to create a center for detecting, preventing and responding to cyber attacks until 2024.

Since the beginning of September, the Integral Research Institute began publishing tenders for work to strengthen the Gostekh infrastructure. For example, on September 13, a tender was published for the development of a module for “centralized collection of information on the detection, prevention and elimination of the consequences of computer attacks” of the Gostekh cybersecurity center worth 108.3 million rubles. The government order dated May 15, which assigns the right to research institutes to work on cybersecurity within the framework of Gostekh, states that the institute can involve co-executors in the work if it carries out at least 50% of the volume of work.

Now the main state center for responding to incidents is the state system for detecting, preventing and eliminating the consequences of computer attacks (GosSOPKA; controlled by the FSB through the NKTsKI). An interlocutor close to the development of Gostech notes that one of the conditions for migrating any state information system to Gostech is its connection to GosSOPKA. “The main goal is to organize a head center for all subjects of GosSOPKA within the framework of Gostekh. This requires a “single information window” and coordination of actions for all platform participants in their interaction with NCCCI,” explained the Integral Research Institute. The Ministry of Digital Development and Gostekh did not answer Kommersant.

Since the beginning of 2022, government IT systems have been and remain constant targets of attackers. In the second quarter, according to Positive Technologies, government agencies accounted for 14% of the total number of companies in which an attack led to a leak of confidential data (first place among industries). In particular, the Ministry of Energy, the Ministry of Agriculture and others have already launched their response centers.

In the current situation, all government agencies and state-owned companies are becoming targets, so Gostekh needs the project, says Alexander Matveev, director of the center for monitoring and countering cyber attacks IZ:SOC Informzashchita. He considers the planned budget adequate, but emphasizes the complexity of the task: such a network of information systems will require processing a very large amount of data, as well as taking into account the activity of a wide variety of users.

Tatiana Isakova