Zakhar Pozhidaev, Head of Critical Infrastructure Security

[tanjimajuha20]

Kaspersky ICS CERT expert Vladimir Dashchenko believes that we should not expect universal standards in the full sense of the word: “General requirements for ensuring the security of systems, including IT and APCS, exist in various industries. These include by-laws of 187 of the Federal Law “On the Security of Critical Information Infrastructure of the Russian Federation” (Orders 235 and 239 of the FSTEC of Russia). In terms of international standards, we hong kong cell phone number list can highlight the ISO/IEC 27000 series for IT; the IEC 62443 series for general industrial APCS; IEC 62445, 2859, 63096 - APCS of NPPs. These standards have been extensively tested in engineering practice. It should be taken into account that the practical provision of cybersecurity for systems of various purposes heavily depends on the context and specific properties of the object itself. Thus, active work is currently underway in international communities to develop standards for protecting the industrial Internet of Things. So, we can expect regular release of new ones. standards and updating of existing ones is possible this year and in the following years, however, universal standards for all systems of various purposes should not be expected."

at Softline, also believes that there is no universal pill that can solve all the problems with information security in the country at once. However, there is a successful practice of implementing industry standards: "The efficiency of such standards depends on the degree of their development and support at the local level. In general, a working industry standard allows you to build a security vertical in the industry, as well as take control of procurement in terms of information security. Although this approach may lead to a decrease in competition in terms of the measures and means of information protection used, it also provides flexibility in managing the information security of the industry and allows you to respond more quickly to changes in legislation. Both IT and industrial systems mainly require a private approach to information security, since it is used in the creation of these systems themselves. In a broad sense, the information security of IT and industrial systems is subject to federal laws, and in a narrower sense, it is possible to use industry-level standards, holdings, etc.

According to independent IT and telecom expert Vadim Plesskiy, a standard is meaningless if no one or very few people use it. Various types of conflicts are also possible, given the fact that a significant portion of Russian systems are based on open source: "Let's take Linux as an example, on which many security tools, both software and hardware, are built. The "standardization body" is Linus Torvalds, the "voluntary dictator" of the Linux kernel. Knowing Linus' character, one can assume that he will say/show officials who want to "standardize" his work. Vendors will still have to adapt to the development of the Linux kernel, and not vice versa."