Federal Service for Technical and Export Control

Last updated
The shield of the Federal Service for Technical and Export Control Federal Service for Technical and Export Control MoD Russia.gif
The shield of the Federal Service for Technical and Export Control

The Federal Service for Technical and Export Control of Russia (FSTEC of Russia / FSTEK) is a military agency of the Russian Federation, under the Russian Ministry of Defence. [1] It licenses the export of weapons and dual-use technology items, and is also responsible for Russian military information security. [2]

FSTEC of Russia maintains the Data Security Threats Database, Russia's national vulnerability database. [3] and requires Western technology companies to submit source code and other trade secrets before allowing their products to be imported into Russia. [4] FSTEC also liaises with the FSB, which controls cryptography in Russia. [5]

In 2019, FSTEC of Russia granted Astra Linux special status regarding its use in processing Russian classified information. [1]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">National Security Agency</span> U.S. signals intelligence organization

The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The NSA has roughly 32,000 employees.

<span class="mw-page-title-main">Bureau of Industry and Security</span> Bureau of the U.S. Department of Commerce

The Bureau of Industry and Security (BIS) is an agency of the United States Department of Commerce that deals with issues involving national security and high technology. A principal goal for the bureau is helping stop the proliferation of weapons of mass destruction, while furthering the growth of United States exports. The Bureau is led by the Under Secretary of Commerce for Industry and Security.

<span class="mw-page-title-main">Communications Security Establishment</span> Canadian cryptologic agency

The Communications Security Establishment, formerly called the Communications Security Establishment Canada (CSEC), is the Government of Canada's national cryptologic agency. It is responsible for foreign signals intelligence (SIGINT) and communications security (COMSEC), protecting federal government electronic information and communication networks, and is the technical authority for cyber security and information assurance.

<span class="mw-page-title-main">Federal Security Service</span> Principal security agency of Russia

The Federal Security Service of the Russian Federation is the principal security agency of Russia and the main successor agency to the Soviet Union's KGB; its immediate predecessor was the Federal Counterintelligence Service (FSK) which was reorganized into the FSB in 1995. The three major structural successor components of the former KGB that remain administratively independent of the FSB are the Foreign Intelligence Service (SVR), the Federal Protective Service (FSO), and the Main Directorate of Special Programs of the President of the Russian Federation (GUSP).

<span class="mw-page-title-main">Export of cryptography from the United States</span> Transfer from the United States to another country of technology related to cryptography

The export of cryptography from the United States to other countries has experienced various levels of restrictions over time. World War II illustrated that code-breaking and cryptography can play an integral part in national security and the ability to prosecute war. Changes in technology and the preservation of free speech have been competing factors in the regulation and constraint of cryptographic technologies for export.

In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment constrains the ability of a subject or initiator to access or modify on an object or target. In the case of operating systems, the subject is a process or thread, while objects are files, directories, TCP/UDP ports, shared memory segments, or IO devices. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, the operating system kernel examines these security attributes, examines the authorization rules in place, and decides whether to grant access. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed to identify weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

<span class="mw-page-title-main">Federal Office for Information Security</span> German federal agency

The Federal Office for Information Security is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility include the security of computer applications, critical infrastructure protection, Internet security, cryptography, counter eavesdropping, certification of security products and the accreditation of security test laboratories. It is located in Bonn and as of 2024 has about 1,700 employees. Its current president, since 1 July 2023, is former business executive Claudia Plattner, who took over the presidency from Arne Schönbohm.

The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

A vulnerability database (VDB) is a platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities. The database will customarily describe the identified vulnerability, assess the potential impact on affected systems, and any workarounds or updates to mitigate the issue. A VDB will assign a unique identifier to each vulnerability cataloged such as a number or alphanumeric designation. Information in the database can be made available via web pages, exports, or API. A VDB can provide the information for free, for pay, or a combination thereof.

<span class="mw-page-title-main">Astra Linux</span> Russian Linux-based computer operating system

Astra Linux is a Russian Linux-based computer operating system (OS) that is being widely deployed in the Russian Federation to replace Microsoft Windows. Initially it was created and developed to meet the needs of the Russian army, other armed forces and intelligence agencies. It provides data protection up to the level of "top secret" in Russian classified information grade by featuring mandatory access control. It has been officially certified by Russian Defense Ministry, Federal Service for Technical and Export Control and Federal Security Service.

The following outline is provided as an overview of and topical guide to computer security:

Offensive Security is an American international company working in information security, penetration testing and digital forensics. Operating from around 2007, the company created open source projects, advanced security courses, the ExploitDB vulnerability database, and the Kali Linux distribution. The company was started by Mati Aharoni, and employs security professionals with experience in security penetration testing and system security evaluation. The company has provided security counseling and training to many technology companies.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

The Data Security Threats Database is the Russian Federation's national vulnerability database. It is maintained by the Russian Federal Service for Technical and Export Control. As of 2018, the BDU contained only roughly one-tenth of the number of entries of the corresponding U.S. National Vulnerability Database.

<span class="mw-page-title-main">RusBITech</span> Russian technology company

RPA RusBITech JSC is a Russian technology company specializing in production of high technology solutions for Russian state enforcement structures, mainly for the Russian Army. The most known product is the computer operating system called Astra Linux which is nowadays used almost totally throughout Russian military forces. The main Russian Army headquarters, The National Defense Management Center's, information systems are based on Astra Linux. The Director General of RusBITech is Alexei Bocharov.

References

  1. 1 2 Cimpanu, Catalin. "Russian military moves closer to replacing Windows with Astra Linux". ZDNet. Retrieved 2019-06-01.
  2. "Federal Service for Technical and Export Control (FSTEC)". www.globalsecurity.org. Retrieved 2019-06-01.
  3. Leyden, John (17 July 2018). "Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow". www.theregister.co.uk. Retrieved 2019-06-01.
  4. "Under pressure, Western tech firms bow to Russian demands to share cyber secrets". Reuters. 2017-06-24. Archived from the original on June 24, 2017. Retrieved 2019-06-01.
  5. Carr, Jeffrey. (2012). Inside cyber warfare (2nd ed.). Beijing: O'Reilly. p. 225. ISBN   9781449310042. OCLC   774147707.