Evgeny Khasin made the statement during a session discussing issues

tanjimajuha20 · Post by **tanjimajuha20** » Wed Jan 22, 2025 9:41 am

This was reported by Yevgeny Khasin, Deputy Director of the Department of Cybersecurity of the Ministry of Digital Development, at the III International Forum of State Cybersecurity "TsifraTech". According to the representative of the Ministry of Digital Development, the additions will clarify the controversial positions macedonia whatsapp number database of the decree and determine the methods of monitoring its implementation. He did not disclose the details and deadlines, but said that the Ministry of Digital Development is not involved in this.
and results of the implementation of Decree No. 250 of the President of the Russian Federation dated 01.05.2022 No. 250 "On additional measures to ensure the information security of the Russian Federation". He admitted that the decree gave "not such a good result as we would like", but its main goal was to respond to the new challenges that appeared in February 2022 and to lay the "spirit" of the changes: "The spirit of the decree, its main goal is, firstly, to convey to everyone the relevance of information security. Secondly, to indicate that information security is an integral part of IT technologies, the activities of a government agency and a commercial organization. The decree shows where to go."

The session participants spoke about the difficulties that organizations and government agencies faced when implementing the decree. They noted that in some cases there was a problem with the appointment of responsible people. "Somewhere, the deputy general director for information security was appointed nominally. Someone's career took off: he was the head of information security, and suddenly he got a higher position. At the same time, the department did not expand - that is, we are talking about nominal implementation of the decree," commented Alexander Khonin, head of the consulting and audit department of Angara Security, a group of companies providing services in the field of information security (IS). Artem Sychev, adviser to the general director of the company - developer of solutions in the field of IS Positive Technologies, agreed with this, saying that the appointed deputies "in a few cases are really professionals", despite the fact that formally everything was done.

The speakers touched on the issue of personnel qualifications: many of them do not have sufficient training to fully comply with the requirements of the decree. "Even professional security personnel need training. Where is the personnel training program? There is none, because there is no agreement between all participants in the process at the regulatory level. The spirit of the decree is cool, but it quickly dissipates," noted Artem Sychev from Positive Technologies.

Director for Regional Sales Development at B2G "RTK-Solar" Natalia Kim spoke about the situation in the regions. She said that customers had asked who is the subject of the decree - many still do not understand this. Evgeny Khasin replied that there are no discrepancies in this issue, but added that it is still not clearly stated whether the requirements apply to all systemically important strategic enterprises or only to those that are subjects of critical information infrastructure.

Natalya Kim noted that not everyone will have time to implement import substitution and fully implement the decree within the allotted time frame - before the beginning of 2025.

Read also

Decree No. 250 puts us in time trouble
Decree No. 250 sets the task of replacing foreign solutions for supporting information security by January 1, 2025. According to the participants of the discussion at the AM Camp conference, this period is extremely tense. In a large company, such a project will take at least one and a half to two years, even without taking into account the shortage of electronic components and difficulties with logistics.

Participants also spoke about the difficulties in assessing security, which, according to the decree, organizations had to conduct. They had to comply with the requirements of different regulators, which had completely different assessment criteria. "The Ministry of Digital Development issued a recommended technical specification, which provided a description of the assessment. The FSB, within the framework of the State Security and Anti-Corruption Committee, has its own methodological recommendations for analyzing security. The customers did not have a common understanding of the methodology; everyone took different paths," Alexander Khonin from Angara Security explained to ComNews.

The participants also discussed the problem of control over the execution of the decree. According to them, the requirements of the decree are being observed formally, but there is no proper control over the execution. "If the decree is to be supplemented, we would like the control methods to be oriented towards clear indicators that really characterize security. If a company can ensure operational reliability so as not to interrupt the operation of systems longer than necessary for technological maintenance, does not allow an intruder to violate operational reliability and steal data - this is an indicator that can provide an understanding of whether there is security or not. And not what we are currently counting. For example, how many firewalls are there. Do they provide security or not? These indicators do not say anything at all," said Artem Sychev from Positive Technologies.