President of Russia Vladimir Putin: Good afternoon, colleagues.
Today we will discuss issues pertaining to protecting and ensuring the reliable operation of our information systems and communications networks, as well as measures to counter external threats in this area. This is a complicated topic that is, of course, extremely relevant. Everybody understands that. It is of primary importance for our sovereignty and security, for the economy, governance and public stability.
The number of cyberattacks on Russian information infrastructure has been growing in the past years. For several years. But since the special military operation in Donbass and Ukraine, challenges in this sphere have become even more serious and critical. Russia has essentially become the target of aggression, of an information war.
The number of cyberattacks, including complex attacks, has multiplied. Experts believe it would not be possible for lone hackers to achieve that. The hackers attack from different countries in a well-coordinated effort. These attacks are conducted by state-run structures, and we know that the armies of some countries officially include cyber troops.
Targeted attempts to disable online resources of critical information infrastructure in Russia have been detected. Media outlets, financial institutions and widely used public websites and networks have been hit the hardest.
Official government websites have been subjected to serious attacks. Attempts to hack into corporate networks of major Russian companies are detected substantially more often.
The following tactic was used in the majority of cases: access to Russian websites is blocked and information becomes unavailable or is replaced with false information. The latest algorithms and combined technology are employed. Increasingly more advanced software is used that is able to damage devices running on different operating systems.
I will point out another serious challenge. One of the tools of sanctions’ pressure on Russia involved restrictions on foreign IT products and software. A number of Western tech companies unilaterally cut off Russia from technical support services for their equipment. Incidents where their products became limited or blocked have become more frequent.
All this should be taken into account when Russian companies and public authorities introduce new foreign IT products or use previously installed ones.
Even today, it can be said that the cyber aggression against us has failed, as well as the entire sanctions attack on Russia. We have been generally ready for this attack, as a result of the systematic work we have been doing in recent years.
Our specialists have been making dedicated efforts to protect the information infrastructure, ensuring the stable operation and security of networks and communication channels, and, I repeat, we have managed to do a lot, including the creation of our own unique technologies.
This effort was properly regulated, administratively and legally, as strategic planning documents were adopted, which identified the main threats and risks in this area and specific steps to neutralise them.
As I have already noted, with the legal framework significantly strengthened, the protection of information at state bodies and critical infrastructure facilities became far more effective. However, the nature of challenges and threats is changing fast. The entire information sphere is showing rapid growth. We certainly need to be mindful of this and keep all these matters under constant scrutiny and review.
Presidential Executive Order No. 250 signed on May 1 stipulates new parameters and requirements for such work. To follow up on that, today we will discuss the draft Basic Principles of State Policy on Ensuring the Security of Russia's Critical Information Infrastructure.
What should we focus our attention on?
First of all, we must work very seriously, constantly and in real time to improve and fine-tune the information security mechanisms of the crucial sector-specific facilities, on which the defence capability and stable economic and social development of our country depend.
I would like to point out that to date, a third of such facilities have no information security departments, although it has been said more than once that such departments must be established as soon as possible and that they should include professionals who have a good knowledge of the given sector’s specifics.
Furthermore, the coordination of all information security departments’ activities at the critical facilities must be ensured at the strategic level, and the heads of these organisations shall be held personally responsible for this, as per Executive Order No. 250, which I have mentioned.
The second task is to reinforce the protection of the information and communication systems of government agencies. The inspections held in 2021 showed that the majority of these agencies’ resources are vulnerable to large-scale attacks and to destructive external influence, especially those that are still using the last generation of foreign technologies.
We must strengthen the protection of the national digital space; there must be no weak spots here. It is essential to neutralise the risk of breaches of confidential information and personal data, including through stricter control of the use of office equipment, infrastructure and communications.
Given all this, I think it makes sense to discuss establishing a state information security system. I would like you to submit concrete proposals on the additional measures we must take to ensure the stable work of the information infrastructure of our government agencies and institutions.
The third priority is to dramatically reduce the risks associated with the use of foreign-made software, computer technology and telecommunication equipment.
I would like to stress once again that the ongoing extensive digitalisation in the Russian public administration system and economy (we launched this process several years ago) should be protected as much as possible from any potential negative external impact. The obvious way to achieve this goal is to shift to domestically developed equipment, technology, software and products.
Allow me to remind you that, according to the recently adopted decisions, using foreign means of information security will be completely prohibited as of 2025. Therefore, to strengthen our technological sovereignty, the Government needs to create a modern Russian base of electronic components within the shortest term possible. We have been discussing this for a long time now and we are working on it diligently. I hope we will see the results very soon.
Our job is to develop and implement our own technological equipment, including the equipment required for developing hardware and software systems. Tools and resources of the Digital Economy National Programme can be widely used here.
I would like to hear your opinion not only on how we can stimulate import substitution in this essential industry but also on how we can develop our own unique products that would be highly competitive.
Another measure is supporting our domestic ICT developers. I am confident that overall, it is important to improve coordination between all competent government agencies and organisations.
We have already made some progress by establishing a national crisis response centre to prevent targeted cyber-attacks. Every federal district has an information security commission chaired by a presidential plenipotentiary envoy.
The most important thing is to make all these efforts logical and consistent, to connect the work of all information security stakeholders based on the peculiarities of particular industries and regions.
Now let us begin with reports.
I would like to give the floor to Security Council Secretary Nikolai Patrushev. Please.