Czechia issues security warnings over possible unavailability of technology from suppliers in Russia

The National Office for Cybersecurity and Information Security (NÚKIB) has issued an official warning against information and communication technology providers from the Russian Federation. The reason for this is that due to economic sanctions, there is a risk of non-compliance with contractual obligations by companies that have a significant relationship with Russia.

NÚKIB issues warnings based on the Cybersecurity Act. It is therefore a binding approach and the establishments concerned by this law will have to carry out risk analyses. If risky technologies appear in the systems, it will be necessary to determine whether there is a risk of unavailability of services or supplier supply constraints and, if necessary, to draw the consequences. According to the authority, the warning is preventive.

According to the cyber authority, an ICT supplier with a significant relationship with the Russian Federation is identified by several indicators. For example, it is based in Russia, dependent on supplies from Russia, or has research and development activities based in this country. Further details are available in the questions and answers on the Office’s website.

The economic impact on the operation of Russian ICT providers can take several forms. For example, some companies are restricted by shutting down payment systems, while others report service limitations and the provision of support and service, etc. In addition, major global suppliers are limiting their activities in Russia, and Russia also wants to impose sanctions on the European Union or the Czech Republic.

Cyber ​​authorities rate the threat as high, so it is likely to very likely. Under the Cyber ​​​​Security Act, it is the third of four. The warning is effective today.

NÚKIB, contrary to warnings against Chinese companies Huawei and ZTE, did not give an address. So he doesn’t have a list of Russian ICT companies that seem problematic. The Office recalls that the precautionary warning draws attention to the effects of economic sanctions,

“This is not a warning against specific companies. It concerns a large number of companies, each institution must make an individual assessment,” Karel Řehka, director of NÚKIB, told Lupa. because the production of hardware is not so common in Russia. “At the same time, no Russian technology is prohibited.”

NUKIB is not only active in the current crisis, Russia would have been watching for a long time. As the Office recently stated, it has not yet been certain that it has information to take legal action.

The Cyber ​​Authority also monitors issues such as Russian legislation, which in many ways resembles Chinese legislation. Either way, it looks risky. States of this type are capable of applying espionage on citizens or businesses, appointing secret service agents or having problems with law enforcement.

NÚKIB also assesses non-technical aspects in Russia and China. These also lead to the preparation of the substantive intent of the law, which could exclude Chinese vendors from building 5G networks. Řehka said he wants to apply a similar mechanism to the entire field of information technology, that is, outside of 5G.

NUKIB warning on Russian technologies:

The National Office of Cybersecurity and Information Security has issued a WARNING under the Cybersecurity Act regarding the growing threat of non-compliance with contractual obligations by suppliers of ICT services and products with a relationship significant with the Russian Federation.

The threat lies in the effects of economic sanctions on and from the Russian Federation, which can lead to non-compliance with contractual obligations by ICT providers who have a significant relationship with the Russian Federation.

NÚKIB recommends that organizations subject to cybersecurity law take precautionary measures to ensure that possible non-compliance with contractual obligations by suppliers with a significant relationship with the Russian Federation does not limit the functionality of the systems that ‘they manage. It also recommends that this threat be taken into account in business continuity plans so that the provision of services can be ensured even if the threat persists.

We are issuing this warning for precautionary reasons. We warn of the heightened level of threat that those obligated under cybersecurity law face on a regular basis. There is a risk that one of their main ICT suppliers may not provide the necessary products or services. NÚKIB warns of the level of this threat, which is linked to suppliers who, due to the current economic sanctions, are more likely to be unable to meet their obligations.

NÚKIB rates this threat in terms of probability at High, ie the threat is likely to very likely. In connection with this threat, it recommends performing the actions described in the WARNING.

Administrators and operators of systems governed by cybersecurity law must deal with the alert, in particular they must take it into account in the risk analysis and take the appropriate measures. The proposal of possible measures contains the warning issued. Persons not covered by the Cyber ​​​​Security Act may also be asked to consider taking the actions recommended by the warning if they deem it relevant to their needs.

Dear readers, we are dealing with the situation in Ukraine through the servers that belong to our publisher, the Internet Info company. We offer a selection of some texts:



Leave a Comment