How the cybersecurity of critical information infrastructure facilities will be checked
Tashkent, Uzbekistan (UzDaily.com) -- The order of the Chairman of the State Security Service “On approval of the Regulations on cybersecurity and the procedure for assessing the level of cybersecurity of critical information infrastructure objects of the Republic of Uzbekistan” was adopted.
The assessment is carried out at the request of managers of cybersecurity and critical information infrastructure facilities in the State Security Service (hereinafter referred to as the authorized body).
Objects of critical information infrastructure - information systems used in the field of public administration and provision of public services, defense, state security, law and order, fuel and energy complex (nuclear energy), in the chemical, petrochemical industries, metallurgy, water use and supply, agriculture, healthcare , housing and communal services, banking and financial system, transport, ICT, ecology and environmental protection, mining and processing of minerals of strategic importance, manufacturing and other sectors of the economy and social sphere.
Also, the assessment can be carried out at the initiative of the authorized body or on its instructions from the State Unitary Enterprise “Cyber Security Center”. The assessment period is up to 3 months with the possibility of an extension for another 3 months.
The assessment examines the presence of threats that have a negative impact on the cybersecurity of critical information infrastructure (CII) facilities. In particular, the following questions are studied:
creation of a system for effectively ensuring cybersecurity of a CII facility;
prevention of unauthorized use of information in the information system, its destruction, modification, blocking (restriction), copying, provision and distribution, as well as other actions leading to disruption and (or) termination of the activities of CII facilities;
compliance of the cybersecurity system parameters with the requirements of technical regulations, implementation of measures to ensure cybersecurity and uninterrupted operation of the CII facility;
the ability to quickly restore the cyber defense system in the event of a cyber security incident;
an effectively established system for monitoring, auditing and analyzing cyber attacks, identifying, taking measures and eliminating their consequences;
availability of documents on cybersecurity and cybersecurity of the CII facility and its operation;
appointment of specialists to positions related to cybersecurity;
ensuring the protection of confidential information.
Based on the results of the assessment, a report is drawn up indicating the shortcomings that require elimination.