Russian banks will stop punishing hacker attacks

The Bank of Russia will restructure its department of information protection.

Thursday, November 12, 2020, 7:10 GMT

FinCERT, the key branch of the agency responsible for responding to computer problems, will be dissolved and its responsibilities will be shifted to other divisions – supervising banks’ operations in the area of network technology and cyber risk monitoring.

Central Bank restructures defense service:

A big reform of the Department of Information Security (DIB) has began with the Bank of Russia (Central Bank, Central Bank). According to Kommersant, this would most likely lead to the dismantling of the FinCERT unit (CERT, Device Mergency Response Team), which has held a managerial role in the DIB system since 2018.

The key aim that can be directed by the central bank is to try to distinguish the supervisory roles of banks’ information management operations and the cyber-risk control functions through various agencies, so that banks, needing support, do not receive retribution, as is now happening. Actually, FinCERT handles all of these functions.

The Central Bank reported, according to Kommersant, that the composition of the DIB had changed as of 5 November 2020. The improvements are due to the need for the core company processes to be improved. The Central Bank representatives noted that the achievement of the aim indicators set out in the “Key directions for the growth of information security in the credit and financial sector for the period 2019-2021” depends on them The collection of information on countering transactions without the permission of financial institution customers, which is collected by financial institutions, is among those processes.

What the current system would look like is not yet known; the name FinCERT will still continue, as the promotion of this brand took five years, but the duties will be shifted to other divisions.

Today, more than 800 organisations, including all Russian banks, as well as law enforcement authorities, suppliers, network operators, device integrators, anti-virus software developers and other companies operating in the field of information security, are interested in the FinCERT information sharing system. The information sharing scheme may be linked to any capital market investor or organization operating in the area of information security in the financial sector.

What the current system would look like is not yet known; the name FinCERT will still continue, as marketing this brand took five years, but the duties will be moved to other divisions.

Today, more than 800 organisations, including all Russian banks, as well as law enforcement authorities, suppliers, network operators, device integrators, anti-virus software developers and other computer security firms, are involved in the FinCERT information sharing system. The information sharing mechanism can be connected to any financial market investor or organization operating in the area of information security in the financial sector.

Often the quality of treatment is poor. The last straw could be the story, as one of Kommersant’s interlocutors indicated, of the removal of funds via the quick payment mechanism in August 2020. It took FinCERT about two weeks to alert the market of this vulnerability, and then it turned out that a lot of URS bank events were not considered at all, even for 2019.

Market participants expect that the roles of the RIB will be divided between separate divisions in the new system and that the specialization of jobs will allow them to work more effectively. As Kommersant writes, though, this may play a cruel joke, as the regulator’s tests of banks may get stricter after the restructuring.

Why the present system was formed:

FinCERT was established at the Central Bank in 2015. At the same time, a computer forensics laboratory was equipped and ASOI was put into operation. However, the issues related to cybersecurity have not diminished.

In November 2017, the Central Bank welcomed public corporations to their boards of directors to add information security and IT specialists. The Central Bank agreed in February 2018 to establish a DIB. Around the same time while working with biometric data at government departments and banks, the regulator published a list of security risks. A requirement was proposed in March 2018 for the provision of information management services for financial institutions, compliance with which is voluntary.

Finally, at the Central Bank, the DIB was founded in May 2018 . For this reason, the bank’s key management and information protection department was split into two separate structures – the department of information security and the department of security. The Center for Credit and Financial Sphere Control and Reacting to Computer Attacks (FinCERT) formed the base for the creation of the Department of Information Security, which was granted management status.

The Central Bank has released a draft standard at the beginning of May 2018 to ensure the information security of financial institutions in Russia, which could normalize the sharing of cyber-attack information, rendering the data supplied by banks more secure. This standard was reviewed by the FSB for accordance with the information standards supplied to the state system for the identification, avoidance and removal of machine attack (GosSOPKA) implications. The standard assumed that FinCERT would exchange data with GosSOPKA.