Recent Posts
- Ukraine recovery should be based on development of territorial communities, innovations, involvement of professional domestic community – results of ESUR forum 29.06.2023
- Ukraine repatriates five more seriously wounded Russian POWs 10.04.2023
- Rada intends to include history of Ukraine, foreign language in final certification for general secondary education 10.04.2023
- Rada terminates protocol on joint anti-terrorist measures in CIS territories for Ukraine 10.04.2023
- 100 Ukrainians, incl defenders of Mariupol, returned according to swap procedure – Yermak 10.04.2023
Special Communications Service awaiting submission of critical infrastructure entity lists to form critical information infrastructure list at entities
KYIV. Oct 29 (Interfax-Ukraine) – The State Service for Special Communications and Information Protection of Ukraine has been waiting for over six months from authorized agencies to submit lists of critical infrastructure entities, after which work will start on the formation of a list of critical information infrastructure at these entities.
Head of the State Special Communications Service Yuriy Schyhol told Interfax-Ukraine that to date, Ukraine has not yet formed a list of critical infrastructure entities and there is no register of critical information infrastructure that are on the relevant entities.
"A year ago, we launched this process […]. Ministries and departments, within their responsibility, had to form such a list and submit it to the State Special Communications Service for validation. But this process is going slower than we expected, due to the bureaucratic mechanism and the ‘great willingness’ of many structures to be included in this list. After all, the status of the critical infrastructure entities presupposes a certain regulation and heightened attention. Although six months have already passed, objective and correct information has not yet been submitted by all departments that are responsible for that," Schyhol said.
According to him, eight authorized agencies have already submitted their proposals: the Economy Ministry, the Energy Ministry, the Infrastructure Ministry, the Health Ministry, the Ministry of Community and Territorial Development, the Ministry of Digital Industry, the National Health Service and the National Securities and Stock Market Commission.
"The Ministry of Internal Affairs said they do not have such entities. The Ministry for Strategic Industries has reported on the need for additional time due to the large number of entities," the head of the State Service for Special Communication said.
Schyhol also said that only after identifying all the entities that have the critical information infrastructure, and creating their register, the State Special Communications Service will be able to audit the protection systems of the critical information infrastructure at the enterprises that are included in the register, and formulate conditions for each enterprise, the implementation of which will ensure high-quality protection of the critical information infrastructure.
The methodology for protecting the critical information infrastructure already exists in the form of an order from the administration of the State Special Communications Service, at the moment the document is of a recommendatory character.
"This document is based on the approaches of the U.S. National Institute of Standards and Technology (NIST) on cyber defense, in particular, reflects most of the provisions of the CyberSecurity Framework information protection guideline. NIST regularly updates this guideline, and we plan to follow the same path, to make it ‘live’ a document that will be regularly reviewed and which will take into account all the current challenges," Schyhol said.
He also stressed the importance of creating a separate information protection service in each ministry and department and reforming the existing information protection services.