Russia Establishes Cyber Incident Response Groups to Combat Cyberattacks

By Riley ThompsonTechnology News

Russia Forms Cyber Incident Response Groups to Fight Cyberattacks

In various regions of Russia, Cyber Incident Response Groups (GRIIBs) are being established as part of operational headquarters for cybersecurity. For example, a decree on the creation of such a group was recently published on the website of the Tver Region government. The GRIIB will include the most competent representatives from regional government agencies in responding to cyberattacks.

According to the document, the group is tasked with participating in the elimination of the consequences of computer attacks, overseeing efforts to address vulnerabilities in the infrastructure of government agencies and institutions, and preparing reports on the results of incident investigations, as reported by “Kommersant.”

The GRIIB has the authority to request additional information related to incidents from users of information systems and to involve employees of affected institutions in investigations. The operational headquarters will coordinate cybersecurity actions among executive authorities, conduct training exercises for responding to information security incidents, and monitor compliance with recommendations from the FSB and FSTEC.

According to Nikita Kotikov, an offensive security expert at RAD COP, the practice of creating operational response groups is already quite common in Moscow. Their responsibilities include detecting potential threats and investigating attacks. In the Novosibirsk Region, a monitoring and response center has already been established as part of the State Budgetary Institution “Information Protection Center of the Novosibirsk Region,” which has been operating since March 2023, according to the regional government.

A source in the Ulyanovsk Region government clarified that a similar project is being prepared there: “Everything is being done in accordance with the recommendations of the Ministry of Digital Development.” The Ministry of Digital Development stated that, at present, “additional standard regulations” are being developed together with interested agencies to standardize the work of regional cybersecurity headquarters.

Leave a Reply