According to web application security specialists, the Ministry of Economic Development of Russia has launched an initiative to move the country’s entire critical IT infrastructure into the use of home software, arguing national security reasons. However, it is obvious that this plan is the Soviet version of President Donald Trump’s ban against some technological implementations produced by Chinese companies allegedly linked to the Communist Party.
The bill, submitted by Deputy Economy Minister Azer Talybov, seeks to force banks and other private companies, as well as government agencies, to use only software and hardware produced in Russia, which would allow developers to increase its market presence and ensure the integrity of critical IT infrastructure.
This proposal complies with the Critical Computer Infrastructure Security Act, which came into force in January 2018, as mentioned by web application security experts. This law lays down guidelines for the protection of government, defense companies, energy and nuclear sector, transport, finance, among other Russian organizations’ networks.
One of the fundamental provisions of this law is that these companies must connect to the State Protection System, which is responsible for preventing, detecting and eradicating computer threats against Russia. This law also set new and more forceful penalties for attacks on critical computer infrastructure.
While this plan sounds good, and would work as retaliation against import substitution implemented by Donald Trump), it would be virtually impossible to make it work. According to Alexei Lukatsky, a specialist in web application security, Russian developers do not have the resources, knowledge and techniques to realize this technological transition.
Another drawback is that making this transition would be incredibly costly. A Russian bank, whose name was not disclosed, would have calculated an investment of almost 400 billion rubles to complete the process. Finally, specialists from the International Institute of Cyber Security (IICS) believe that it is necessary for Russian legislators to define which hardware and software components should be replaced, as the proposal, as presented, is quite ambiguous.