The Russian Federation Council has proposed introducing mandatory inspections of critical information infrastructure (CII) objects for vulnerabilities.
In an appeal to the Ministry of Digital Development, it is also proposed to establish fines for the untimely elimination of identified problems: up to 50,000 rubles for officials and up to 500,000 rubles for organizations.
CII includes control systems for power plants, telecommunications networks, financial institution databases, and other automated complexes in key industries. Their vulnerabilities—gaps in the program code or settings—allow attackers to disrupt the operation of facilities or gain unauthorized access.
The Russian Federation Council believes that the search for such weaknesses should become mandatory, with the involvement of both internal specialists and external researchers through Bug Bounty programs.
Current measures are insufficient: the analysis of the causes of vulnerabilities and their prevention are not regulated. The introduction of fines will encourage CII owners to more actively implement preventive measures, the Russian Federation Council said.
Read more on the topic:
Looking for loopholes: hackers have a sharp interest in online cosmetics stores
16,000 "white hackers" found vulnerabilities in the Russian electronic government
AppSec Solutions: two-thirds of banking applications in Russia are vulnerable