VIENNA, February 15. /TASS/. International cooperation in cyber security should aim at preventing cyber attacks, but not just at counteracting them, Deputy Secretary of Russia’s Security Council Oleg Khramov said on Wednesday at the OSCE conference titled Cyber Security for Critical Infrastructure: Strengthening Confidence Building underway in Vienna.
"It is undoubtedly an important task to create efficient mechanisms for responding to computer incidents. But it is a fight against consequences," Khramov said. "According to our forecasts, sophistication and complexity of cyber attacks will be on the rise simultaneously with an increase in counteractive measures. So if we want to really protect infrastructure, prevention of cyber attacks should be defined as the aim of our cooperation."
"About twenty years ago, Russia made production, distribution and application of malware a criminal offence and that helped to increase efficiency in the war on crime in the sphere of high technology," Khramov said.
‘We have been repeatedly calling on all the countries to follow our example so that production of malicious software will become a crime. Unfortunately, inaction has resulted in high-tech means needed to carry out cyber attacks turning into a rather lucrative commodity," he said. "However, this criminal business carries a threat that the digital space will be militarized and terrorist structures will use it."
Moreover, Russia has put forward initiatives that manufactures should be made responsible for ensuring security of programs and hardware tools.
"Everybody must realize now that we are in the same boat and insufficient protection of information assets, at least in one country, threatens global security," he added.
UN governmental experts in international cyber security are drafting regulations for the states’ responsible conduct in the information space, the Russian security official said.
Russia believes it right that in the interests of forming a safe and secure global information space the following provisions should be included in the document.
"First, the states should take exhaustive measures to counteract cyber attacks being carried out within their territories. Real sovereignty in the supranational information and telecommunication infrastructure would facilitate this," he is convinced.
"Second, any accusations against states of their involvement in cyber attacks should be proven," he said adding the creation of a system of international information security, which should incorporate interests of all nations, had become reality.
According to Khramov, critical infrastructure facilities have become quite vulnerable since information and communications technologies came to be used for their functioning. "In the wake of the rapid development of the digital environment, new sources of threats have been emerging that are often latent," Khramov explained.
The deputy secretary general also said that due to the breakneck speed at which the Internet is developing, "the working capacity of critical infrastructure’s elements could be damaged through cyberattacks involving a great number of user communication equipment as well as smart consumer electronic devices." "Such destructive impact could have military and terrorist purposes," Khramov added.
Khramov went on saying that "according to Russia’s information security concept, ensuring sustained and smooth functioning of the information infrastructure is one of the key tasks aimed at protecting national interests in the information sphere." "At the same time, it is very important to build mutually beneficial cooperation between state security agencies and companies that own critical facilities and operate them," he noted.
According to the Russian official, it is impossible to achieve success without defining clear and precise rules, so a law on critical information infrastructure has been drafted in Russia, which is currently under consideration by the nation’s parliament.
"The bill stipulates setting up a mechanism for effective interaction between all interested parties based on mutual responsibility for ensuring the safety of critical information infrastructure. The document’s main principle is that the owners of critical infrastructure facilities are obliged to ensure their safety while the state commits to assisting them in every possible way, particularly providing information on any immediate threats to information security and assisting in developing the necessary protective equipment. In return, the owners are obliged to inform authorities about significant computer issues," the deputy secretary general said.
He added that in practical terms, a state service for detecting and preventing cyberattacks was in the process of being established.