CII Protection

Critical information infrastructure (CII) is a set of information systems, networks and technologies that are critical to the functioning of an organization or the state.

On January 1, 2018, Federal Law No. 187-FZ dated 26.07.2017 «On the Security of Critical Information Infrastructure of the Russian Federation» came into force. The law defines information security requirements binding on critical information infrastructure entities.

Companies operating in the mining, metallurgical, chemical, nuclear and defense industries, healthcare, energy, transport and communications fall under the requirements of the legislation on CII security. CII subjects also include enterprises of the fuel and energy complex and organizations from the banking and financial sector. Violation of the requirements of regulatory legal acts in the field of critical information infrastructure protection entails liability in accordance with the legislation of the Russian Federation.

Ensuring the security of CII is a key task for national security and stability in today's information world. The complexity and uniqueness of CII objects emphasize the importance of creating individual approaches to their protection. Intruders can use various tactics and techniques. To effectively combat them, it is necessary to actively model information security threats and adapt to the evolving methods of intruders.

Effective protection of CII requires:

  • Conduct regular analysis of existing and new threats, as well as research of vulnerabilities of KII facilities
  • Ensure physical security at KII facilities (access control to premises, equipment protection, organization of data copies on physically separate media)
  • Ensure network protection (network access control, firewalls, IDS/IPS systems, authentication and data encryption)
  • Ensure the use of information systems protection tools (anti-virus software, intrusion detection and prevention systems, firewalls)
  • Conduct regular updates of technical means of protection (software, PACs)
  • Conduct training of personnel in the basics of information security
  • SATEL specialists have successful experience in implementation of projects on protection of critical information infrastructure and are ready to provide assistance in justification of attribution or not of a company to the subjects of critical information infrastructure, formation of a commission for categorization, collection of initial data required for categorization, preparation of a list of critical information infrastructure objects, categorization and preparation of information on the results of assignment of a critical information infrastructure object to one of the categories of significance or on the categorization of critical information infrastructure objects.

    After the FSTEC of Russia approves the information, SATEL specialists are ready to perform a full range of work to create a system to ensure information security of significant objects of critical information infrastructure, namely to develop: terms of reference, threat models, design and organizational and administrative documentation.