Roskomnadzor asks for private VPN owners to provide data on IP addresses

Companies are increasingly entering data on the use of foreign encryption protocols in their corporate networks in the White List of Roskomnadzor. Hoping into such a list, hopes a business, should legalize the work of its IT systems, however, experts say, the transition to “Russian alternatives” is not always possible.

The “White List” of IP addresses using foreign encryption protocols created by the RKM CDU (subordinate to the RKN), today there are 75 thousand records, they told Kommersant in the service. This is six times more than in 2023, when, according to the statement of the head of the RKN, Andrei Lipov, there were only 12 thousand records. The department asks the owners of private foreign virtual networks (Virtual Private Network-VPN) to provide data on IP addresses, protocols and their purposes in the event that they abandon them in case of abandoning them if they abandon them Technical reasons are impossible.

A notification of the recommendation to abandon foreign encryption protocols, “used, including applications that provide access to prohibited information,” was published on the Roskomnadzor website on April 10. The experts surveyed by Kommersant then focused on the fact that it is premature to talk about compulsory locks on the fact of using foreign encryption protocols, and the request itself to provide data looks like a monitoring measure that is aimed at determining the number of users of foreign protocols.

Despite the fact that the interlocutors of Kommersant’s interlocutors are in no hurry to connect the notification with the upcoming VPN locking by the protocols, they note that such tactics fit into the general trend in the development of blocking systems from Roskomnadzor. Thus, according to the head of the University 2035 AIS research department, Yaroslav Seliverstov, modernization of technical means of counteracting threats for 60 billion rubles, laid down in the federal project “Cybersecurity Infrastructure”, is aimed at analyzing traffic on protocol signatures, including VPN, which will “increase the level of effectiveness of access to the means VPN up to 96%.  » However, Mr. Seliverstov draws attention to the risk of false triggers for legal business processes and an increase in the bureaucratic load on the company.

The Federal Service for Technical and Export Control and the Federal Security Service of Russia previously approved a number of technological solutions that use Russian encryption algorithms. They are developed with a number of Russian IB companies, including the Solar, Safety Code and Infotex. For example, GOST VPN is already used in Continent and Vipnet crypto -shit. According to the leading engineer of Corpsoft24, Mikhail Sergeyev, they are competitive in areas where it is required to comply with the standards, for example, in the public sector and critical infrastructure, but today their use is limited in industries depending on global standards, such as international trade and IT development, due to inconsistency with Western systems.

Kommersant’s worshipers note that for most internal processes, Russian companies use virtual private networks with foreign protocols, because they are easier to use and are presented in the public domain.

The head of the GazinformService IT Defense Group Sergei Polunin concludes that the ranges of IP addresses of large companies are and so public and a potential problem may become a fan blocking of everything that does not include the White List.

“If Roskomnadzor will block all the communications not according to GOST, then the Russian business will hand over his addresses to the regulator, so as not to lose the opportunity to maintain communications with both his remote employees and offices, and with other companies,” said Positive Technologies consultant Alexei Lukatsky. RUVDS hosting director, Nikita Tsaplin, does not exclude that in the future access to the VPN can be “permits” from the service.

Philip Krupanin