Friend
Professional
- Messages
- 2,659
- Reaction score
- 865
- Points
- 113
CFR believes that Russia has fewer opportunities to fully protect its software.
The American analytical center of the United States from the Council on Foreign Relations (CFR), as part of a study of the level of import substitution in the Russian Federation, called for studying the level of security of the Russian Astra Linux operating system, which is widely used in government departments of the Russian Federation.
Specialists of CFR, an organization that positions itself as an independent organization, but has former intelligence officers, journalists, and representatives of large businesses on its board of directors (including the CFO of Alphabet), suggested using special services and the Open Source community to study the vulnerabilities of Astra Linux.
"Analysts in the United States and partner countries should use open-source intelligence to understand how Russia is implementing technologies such as the Astra Linux operating system," CFR said. The organization notes that Astra Linux "is widely used in Russian government agencies, which may create vulnerabilities that can be exploited on a proper scale." Analysts noted that Astra Linux is a highly customizable and supposedly secure version of the open-source operating system.
According to American analysts, Russia's transition to domestic and Chinese products may create certain weaknesses in the country's cybersecurity. "By switching to Chinese and domestic products, Russia is further losing access to cybersecurity talent in the United States, Western Europe, Japan, and other countries," CFR said.
Experts suggest that "Astra Linux developers have fewer opportunities to use a wider employee base to test and protect their code." CFR believes that this could be an area where "the US and its allies can take advantage in cyberspace."
On August 14, 2024, the Astra Group, the developer of Astra Linux, issued an official statement rejecting all accusations and threats from CFR.
The company stressed that such calls only confirm the correctness of their chosen strategy aimed at creating the most secure solutions. "Information security is embedded in Astra's DNA — this is our key priority," the company's representatives said.
Astra Linux developers are confident in their ability to test code and quickly eliminate vulnerabilities. They noted that they pay special attention to technologies such as mandatory access control, integrity control and closed software environment.
Due to the tense international situation, Astra Group has stepped up measures to detect malicious software inclusions and is conducting additional anti-virus monitoring using several specialized tools.
The company also reminded that the Astra Linux OS is certified by the FSTEC of Russia for the first level of trust and protection class, which confirms a high level of information security.
"The security of the IT infrastructure depends on the entire range of information security tools used in the organization," the Astra Group emphasized. Developers recommend that customers use a full set of information protection tools, taking into account specific threat models, and carefully follow the recommendations for configuring security.
Source
The American analytical center of the United States from the Council on Foreign Relations (CFR), as part of a study of the level of import substitution in the Russian Federation, called for studying the level of security of the Russian Astra Linux operating system, which is widely used in government departments of the Russian Federation.
Specialists of CFR, an organization that positions itself as an independent organization, but has former intelligence officers, journalists, and representatives of large businesses on its board of directors (including the CFO of Alphabet), suggested using special services and the Open Source community to study the vulnerabilities of Astra Linux.
"Analysts in the United States and partner countries should use open-source intelligence to understand how Russia is implementing technologies such as the Astra Linux operating system," CFR said. The organization notes that Astra Linux "is widely used in Russian government agencies, which may create vulnerabilities that can be exploited on a proper scale." Analysts noted that Astra Linux is a highly customizable and supposedly secure version of the open-source operating system.
According to American analysts, Russia's transition to domestic and Chinese products may create certain weaknesses in the country's cybersecurity. "By switching to Chinese and domestic products, Russia is further losing access to cybersecurity talent in the United States, Western Europe, Japan, and other countries," CFR said.
Experts suggest that "Astra Linux developers have fewer opportunities to use a wider employee base to test and protect their code." CFR believes that this could be an area where "the US and its allies can take advantage in cyberspace."
On August 14, 2024, the Astra Group, the developer of Astra Linux, issued an official statement rejecting all accusations and threats from CFR.
The company stressed that such calls only confirm the correctness of their chosen strategy aimed at creating the most secure solutions. "Information security is embedded in Astra's DNA — this is our key priority," the company's representatives said.
Astra Linux developers are confident in their ability to test code and quickly eliminate vulnerabilities. They noted that they pay special attention to technologies such as mandatory access control, integrity control and closed software environment.
Due to the tense international situation, Astra Group has stepped up measures to detect malicious software inclusions and is conducting additional anti-virus monitoring using several specialized tools.
The company also reminded that the Astra Linux OS is certified by the FSTEC of Russia for the first level of trust and protection class, which confirms a high level of information security.
"The security of the IT infrastructure depends on the entire range of information security tools used in the organization," the Astra Group emphasized. Developers recommend that customers use a full set of information protection tools, taking into account specific threat models, and carefully follow the recommendations for configuring security.
Source
