About the news
The Federal Service for Technical and Export Control (FSTEC) plans to create a rating of critical information infrastructure facilities depending on their level of information security
This list will include companies with the lowest level of protection that have experienced hacking or data leaks. This was announced by Vitaly Lyutikov, Deputy Director of the service, at the SOC-Forum 2024
According to Lyutikov, the service intends to automate the process and provide an opportunity for each manager to see his current assessment in real time. At the first stage, the rating will be advisory in nature, which means there will be no sanctions for getting into it
Expert commentary
At the moment, even in the absence of cyber incidents, supervisory authorities such as the FSTEC and the FSB can impose sanctions on organizations for non-compliance with the security requirements of CII facilities, says Anton Averyanov, CEO of the ST IT group of companies and TechNet NTI market expert. Regulatory authorities have the right to impose coercive measures, including temporary restriction of access to information resources or suspension of the operation of the CII facility
In addition, prescriptions and recommendations may be issued to improve the information security system, non-compliance with which may entail additional liability measures, the expert adds
