State-owned entities will be banned from using Western tools.
A presidential decree has said that Russian state-owned entities will not be allowed to use information security tools in unfriendly countries starting in 2025.
On Sunday, Russian President Vladimir Putin signed a law that aims to boost information security in the country. The document, which was published on the government's website, states that state-controlled entities will be prohibited from using information security tools originating in foreign states that commit unfriendly actions against the Russian Federation, Russian legal entities or individuals, or produced by manufacturers that are controlled or affiliated with unfriendly states.
The decree also includes governmental and regional authorities and organizations, state funds, state-controlled companies, strategically important organizations and legal entities that are subject to the critical information infrastructure of the Russian Federation. The decree orders the heads of these entities to assign cybersecurity responsibilities to their deputies and establish dedicated departments that are tasked with preventing and eliminating the consequences of hacking attacks and responding to computer incidents. The decree was released a few days after Nikolai Lishin, deputy head of the Information Systems department of the Russian Defense Ministry, compared the presence of foreign software in Russia to an enemy tank. Imagine an enemy tank on the territory of the Russian Federation, what would happen now? The current times make clear what course of action needs to be taken, because we allow imported software to be here, for some reason, said Lishin earlier this week. This declaration comes amid Russia's ongoing military offensive in Ukraine and the deterioration of Moscow's relations with the West.
For the last few years, Western countries have accused Russia of launching attacks on critical infrastructure, political institutions, banks and medical facilities. Moscow has denied all of these allegations.
In early April, Russian Security Council Deputy Secretary Oleg Khramov revealed that the United States has closed communication channels with Russia regarding cybersecurity. The two countries had exchanged lists of critical internet infrastructure under the auspices of the US National Security Council and the Russian Security Council.
Russia added all EU member states, the UK, Canada, Japan, and several other countries to its list of unfriendly countries in the wake of the unprecedented sanctions imposed on Moscow. All of those given such designation are subject to various retaliation measures, restrictions and specific requirements from Russia.
Russia sent troops to Ukraine in late February, after Kiev failed to implement the terms of the Minsk agreements, first signed in 2014, and Moscow's eventual recognition of the Donbass republics of Donetsk and Lugansk. The German and French Minsk Protocol was designed to give the breakaway regions special status within the Ukrainian state.
The Kremlin has demanded that Ukraine officially declare itself a neutral country that will never join NATO. Kiev insists that the Russian offensive was completely unprovoked and has denied that it was planning to retake the two republics by force.