A senior representative of Russia’s Federal Security Service says the agency has prepared a bill to put additional responsibility on businesses that own critical elements of the national data structure, adding the state alone cannot guarantee protection.
The deputy head of the FSB’s Center for Communications Security, Nikolay Murashov, made the announcement on Thursday in the course of the Infoforum-2017 national conference dedicated to data security.
“Business must understand its responsibility for disturbing the process of data management that could trigger the domino effect. Various terrorist and extremist groups are actively creating and perfecting the means to attack the objects of critical infrastructure,” the official said.
He noted that FSB experts estimate the damages inflicted by hacker attacks worldwide as between US$300 billion and $1 trillion over the past few years. This amounts to 0.4-1.5 percent of combined global GNP.
Murashov also told forum participants that attacks on data infrastructure could lead not only to financial losses, but also to various disastrous consequences.
“The stability of the social and economic development has been put in direct dependence on the security of the critical informational infrastructure,” he said.
In mid-2016, Russia introduced a broad package of laws targeting terrorism and extremism that included a provision that obliges all communication companies, including internet providers, to retain information about their clients’ data traffic for three years (one year for message services and social networks) and also to keep actual records of phone calls, messages and transferred files for six months.
The same law orders communications companies to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data. The amendments concerning data storage and security should come into force in 2018 to give data companies time to restructure and prepare the necessary hardware.
The motion has been met with strong opposition on the part of the business community. As a result of the subsequent parliamentary discussions, President Vladimir Putin issued a separate decree ordering measures to be taken so that the financial risks of the law will be minimal. Additionally, the State Duma Security Committee promised to make necessary changes in the law after it is tested through practical application.