MOSCOW, October 27. The Federal service for technical and expert control (FSTEC) has recognized the vulnerability of personal data and addresses of citizens, sent to state agencies, as they are not encrypted during the transmission process may become available to third parties. It follows from the answer of the head of technical and export control Vladimir Selin to the corresponding request of state Duma Deputy Ilya Kostunov.
For its part, the MP raised the question of the timing of the adoption of measures to encrypt such information, and stresses that the need of its protection are fixed in the decree of the President of the Russian Federation.
“The service shares your concern about the security of personal data collection and user messages on the websites of state authorities”, – reads the response from the service (copy is available).
Celine reminded that the service by its order approved the requirements on the protection of information that is not part of the state secret, contained in state information systems. In particular, operators should “ensure that measures to protect the information from disclosure, modification and imposition (entering false information)”, namely to create “a secure connection with the use of cryptographic means of information protection”.
The implementation of these measures will contribute to the connection state information systems and information and communication networks of state bodies to the Internet via its state of the Russian segment pursuant to the decree of the President of the Russian Federation from may 22 of 2015 “On certain issues of information security of the Russian Federation”, – stated in the answer to United Russia FSTEC.
“Very well, that the presidential decree provides measures for the encryption of the channel by which citizens interact with the site departments. But the question is, at what time these measures will be implemented”, – said Tuesday the Kostunov, commenting on the response received from the service. He promised that in the near future will make inquiries in the office about what time frame they plan to protect the information of citizens that they leave on the websites of government agencies.
According to the MP, “it is important to communicate to Federal authorities with information about their sites and web reception are an integral part of the state information system”. “Information from citizens need to get to the offices via a secure channel,” he said.
In September, the Kostunov addressed in the Ministry of economic development and the service’s proposal to introduce a mandatory encryption of personal data of citizens and their appeals to state bodies. According to him, the now widespread use of open http Protocol means “any computer in the path of information on the Internet can copy or change the text sent to a government institution”. In separate settlements network “communications may be under indirect control of local officials or criminal groups, not concerned that complaints or reports of crimes went through the Internet directly to the attorney General or the FSB,” warned the Kostunov.