Russia to ban State use of foreign software in bid to boost IT-security

Russia reportedly plans to ban imports of foreign software for state use from next year according to recent government statements.

Russians charged with using Carberp Trojan to collect more than £1m
Russians charged with using Carberp Trojan to collect more than £1m

The Russian government is considering establishing a national system of IT-security, including banning state use of foreign software  to cut dependence on potentially vulnerable imports, according to a recent statement by Nikolai Nikiforov, Russia's communications minister.

These plans involve the establishment of engineering and computing infrastructure, data centres, as well as domestic software to ensure full-scale operation of state information systems.

According to Nikiforov, Russia currently has a high dependence on imported software and hardware for state requirements, with total purchases valued at £1.6 billion (80 billion rubles per year.  The fall in oil prices and Ukraine-related western sanctions have cost Russia a combined £90 billion over the past year, but this latest move is reportedly prompted  by security rather than financial concerns.

Nikiforov said that  the establishment of such system is intended to prevent any violations of state sovereign by foreigners through their possible interventions in the state information system and will ensure Russia's independence in the field of IT-security.

Talking to SCMagazineUK.com, Bob Tarzey, analyst and director, Quocirca Ltd quipped: "I guess the Russian government must know something about the back doors can be included into software to make it so untrustworthy of other people's stuff!"  Certainly the Edward Snowden revelations are likely to have had an impact, and a separate report suggests that there is a possibility that use of the RSA cryptographic algorithm may be banned in Russian information systems.

It is planned that Rostec, (a local state corporation established to promote development, production and export of hi-tech industrial products for civil and defence sectors) will be responsible for the implementation of the project.

As part of these plans, the Russian government plans to establish a special state fund, which will focus on the support of domestic developments in the field of IT-security. It is planned that the fund will be formed by 10 percent levy on the sale of licences for software in Russia.

In addition, the Russian government plans to ban purchases of foreign software for state use, starting from July 1, 2015.

An official representative of Rostec said that the company has plans to centralise procurement of equipment and software on the basis of its RT-Inform subsidiary, one of Russia's leading IT enterprises.

He has also added that the annual value of purchases of foreign IT technologies used by the government and various state corporations is estimated at £1.6 billion, however it is possible that this figure will significantly decline next year.

It is planned that the savings will used to support domestic software developers.

David Lacey, independent former CISO and industry commentator said to SCMagazineUK.com, "Controlling the supply chain is essential to guarantee security. But few countries or organisations can achieve this because of overriding commercial demands. Banning foreign software is a smart move if you have competitive local sources of supply, but it's a backward step if you need to cut costs and take advantage of the broader global marketplace."

None of the software companies that SC Magazine contacted wished to comment on this reported development and its potential implications.

According to Nikiforov, Rostec has already started building a new IT cluster in  Innopolis, (an area in the Tatarstan Republic and one of the two Russian 'Science cities', along with Skolkovo).

It will house more than 2,500 domestic IT experts and developers. Among the products that will be designed in Innopolis are expected to be  ERP-systems, databases, operating system and application development environment.

It is planned that the development of new software and IT technologies will be conducted by Rostec jointly with Rostelecom, Russias's leading long-distance telephony provider. In the latter case, the cooperation of the companies will take place through the establishment of a new large state-owned enterprise, to be called 'National Center of Informatisation'. The new company will focus on the design of state information systems and the development of the e-government infrastructure.

In the meantime, some leading Russian analysts in the field of IT-technologies have already criticised state plans to appoint Rostec as the company responsible for reform of the national state IT security.  Ilya Massukh, president of the Fund of Information Democracy, one of Russia's leading IT technology analyst agencies  commented that Rostec has already been involved in the design of a unified state information system for national healthcare in Russia, but has so far failed to achieve any significant results.