The Information Security Center of the Federal Security Service of Russia is a rather closed structure that deals with information security issues at the level of the entire state. The center's activities are aimed both at protecting public infrastructure and combating the most dangerous cybercriminals, including professional hacker groups.
In this article, we will discuss the main functions of the FSB CIB, well-known practical cases of the center's work, and the arsenal of tools that specialists use in their work.
Little is known about the center's activities. This is primarily due to the specifics of the service itself, which solves a wide range of tasks, from investigating cybercrime in the e-commerce sector to combating what can be called IT extremism: the destructive activities of radical groups in the digital space.
The relevance of this and similar services focused on cyberspace is growing every year for natural reasons. The two main drivers are the ubiquity of digital technologies in the public sector, business and everyday life, as well as the growing importance and sensitivity of processes taking place in the digital space.
However, some aspects of the FSB's cybersecurity department can be presented on the basis of already known data on general practices used in the service.
For example, this applies to recruitment issues. Based on the general practice of the department, it can be assumed that specialists enter the CIB either from late courses of study at universities, or through the so-called guarantee institute. At the same time, they probably pass a comprehensive check, from the analysis of the biography to psychological tests, not to mention the verification of applied data.
If we talk about the tools that specialists use in their activities, we can proceed from the fact that the CIB is unlikely to have any restrictions in the context of the choice of software tools.
It can be assumed that the Center's employees use both their own developments and conditionally secure versions of foreign products, if necessary.
If we talk about the staff of the FSB's Cybersecurity Department, we can assume that it will expand in the near future. This is due not only to the growing number of cybercrimes, but also to changes in legislation that form and set strict rules for transmitting data on cyber incidents to relevant state bodies.
The authority granted to the body includes:
If we talk about information about the Center that gets into the media, then the situation here is quite typical for law enforcement and closed departments: for objective reasons, almost nothing is known about the success, so a few publications are mainly devoted to scandals around individuals. For example, some representatives of the Center became accused in a high-profile case of high treason and data transfer to the US special services in 2019.
It is not possible to qualitatively assess the center's activities due to incomplete data, since the available sources can only provide fairly limited information about incidents involving representatives of the Center, but there is practically no data on the results of its work.
In the face of a lack of information, the activities of the Central Intelligence Agency are partly mythologized, and the center is often attributed to a variety of actions, including measures to interfere in American elections.
In this article, we will discuss the main functions of the FSB CIB, well-known practical cases of the center's work, and the arsenal of tools that specialists use in their work.
Basic information about the agency
The FSB's Information Security Department is often confused with the so-called "K"department. Despite the similarity of activities, this is not entirely true, since Department " K " is a similar structure within the Ministry of Internal Affairs, and the Central Security Service is directly part of the Federal Security Service, and was formed on the basis of the disbanded Computer and Information Security Department (UKIB).Little is known about the center's activities. This is primarily due to the specifics of the service itself, which solves a wide range of tasks, from investigating cybercrime in the e-commerce sector to combating what can be called IT extremism: the destructive activities of radical groups in the digital space.
The relevance of this and similar services focused on cyberspace is growing every year for natural reasons. The two main drivers are the ubiquity of digital technologies in the public sector, business and everyday life, as well as the growing importance and sensitivity of processes taking place in the digital space.
About the activities of the Central Security Service of the FSB
Reliable data on the staff of specialists and the software tools used are not publicly available. Additional difficulties in discussing this topic arise in the context of Order No. 547 on data that can be used by foreign sources against the security of the country.However, some aspects of the FSB's cybersecurity department can be presented on the basis of already known data on general practices used in the service.
For example, this applies to recruitment issues. Based on the general practice of the department, it can be assumed that specialists enter the CIB either from late courses of study at universities, or through the so-called guarantee institute. At the same time, they probably pass a comprehensive check, from the analysis of the biography to psychological tests, not to mention the verification of applied data.
If we talk about the tools that specialists use in their activities, we can proceed from the fact that the CIB is unlikely to have any restrictions in the context of the choice of software tools.
It can be assumed that the Center's employees use both their own developments and conditionally secure versions of foreign products, if necessary.
If we talk about the staff of the FSB's Cybersecurity Department, we can assume that it will expand in the near future. This is due not only to the growing number of cybercrimes, but also to changes in legislation that form and set strict rules for transmitting data on cyber incidents to relevant state bodies.
The authority granted to the body includes:
- cybercrime investigation;
- public network monitoring and OSINT intelligence;
- finding and deanonymizing hackers;
- counterintelligence activities.
If we talk about information about the Center that gets into the media, then the situation here is quite typical for law enforcement and closed departments: for objective reasons, almost nothing is known about the success, so a few publications are mainly devoted to scandals around individuals. For example, some representatives of the Center became accused in a high-profile case of high treason and data transfer to the US special services in 2019.
Results
The FSB's powers in the field of information security are quite extensive, as are the tools for conducting operational work, monitoring and preventing crimes. This is probably the "most authorized" body of all the departments for combating cybercrime in different departments.It is not possible to qualitatively assess the center's activities due to incomplete data, since the available sources can only provide fairly limited information about incidents involving representatives of the Center, but there is practically no data on the results of its work.
In the face of a lack of information, the activities of the Central Intelligence Agency are partly mythologized, and the center is often attributed to a variety of actions, including measures to interfere in American elections.
