70mn cyberattacks, mostly foreign, targeted Russia’s critical infrastructure in 2016 – FSB
“Seventy million cyberattacks [targeted] relevant facilities of the Russian Federation during this year,” the official told a State Duma committee for Information Policy, adding that the bulk of the attacks originated from abroad.
Touching on Russia’s readiness to ward off the mounting number of cyber threats, Murashov insisted that “at present, Russia has sufficient potential in the development of means of information security.”
However, while many major Russian companies, such as state-controlled energy giant Gazprom and those in charge of critical railway infrastructure, are considered well-protected, there are enterprises that remain particularly vulnerable to such attacks.
“There are companies, where, from our point of view, there is not enough attention being paid to this issue,” Murashev said.
The committee’s meeting was centered on debate over a new bill titled “On the Security of Critical Infrastructure of the Russian Federation,” that is designed to ensure that all companies deemed to be a part of Russia’s critical infrastructure are equipped with effective means to fight off the cyberattacks.
The draft bill envisions that a special register of all companies and agencies that control objects of critical infrastructure be drawn up. Once the entity is in the list, it will be obliged to purchase means for detection and countering cyberwarfare, as well as to report all attempts to disrupt their information security to the relevant state bodies and provide assistance in the investigations that follow. The companies will be divided into three groups, gauging the degree to which their infrastructure is critical.
The bill, which is still in the works, was reportedly backed by State Duma’s Committees for Security and Information Policy on Tuesday, paving the way for its final passage by lawmakers, Russia’s Izvestia daily reported, citing State Duma sources.
So far, it is unclear what state agency will be entrusted with the right to choose the companies for the list, although the FSB has been touted as the most likely pick.
Apart from measures to enhance the protection of critical infrastructure objects, the bill aims to deter potential cyberattacks with heavier punishments. Perpetrators who are writing and spreading malicious computer programs with a purpose of attacking Russia’s critical information infrastructure would face up to 10 years in jail.
This comes after a number of Russia’s security bodes spoke of a heightened threat to Russia’s cybersecurity, citing an increased rate of hacking attacks.
Earlier in January, the head of Russia’s Security Council, Nikolay Patrushev, told Rossiyskaya Gazeta daily that Russia has witnessed “a growing number of attempts to inflict damage to Russian information systems from abroad,” by means of hacking attacks and unlawful collection of personal data. Patrushev noted that while Washington under Barack Obama’s administration was constantly accusing Russia of hacking, “all major internet servers are located on US territory and are used by Washington for intelligence and other purposes aimed at retaining [US] dominance in the world.”
In December, the FSB issued an alert, warning of an imminent cyberattack that it said was about to target Russia’s financial system. The FSB traced the planned large-scale attack to servers and command centers in the Netherlands belonging to a Ukrainian hosting company. Russia’s Communications Ministry has worked out potential counter-measures in connection with the threat.