Deputies adopted on Wednesday by a majority vote a draft law that prohibits the use and purchase of antivirus products and services from legal entities from Russia or controlled by this country. The new amendment provides that the law will apply not only to government agencies, but also to all networks and computer systems that manage classified information belonging to public and private legal entities.
The reason for initiating this draft law was that in the conditions of the war in Ukraine, Russia could use this software for a cyber attack. The explanatory note cites the Russian companies Kaspersky and Group-IB as an example.
The project was adopted on Wednesday in Chamber of Deputies, decision-making body, 257 votes to 1, with 4 abstentions, after being previously approved by the Senate.
Scope of law enforcement – also extends to private networks and IT systems with classified information
The amendment passed by the Chamber of Deputies was tabled by Minister of Digitalization, Liberal Sebastien Bourduilla, and provides that:
- “This law applies to all networks and computer systems that manage classified information belonging to public and private legal entities located in the territory of Romania, with the exception of those belonging to public authorities and institutions provided for in paragraph (6)” .
These are state authorities and institutions with their own powers in the field of national security, cyber security, national defense and public order (N/A SRI, SIE, STS, MApN, DNSC, etc.).
The new amendment mainly covers “those networks and IT systems of holders of industrial security permits, industrial security notices or industrial security certificates, which may be legal entities of private law and which, although they meet the conditions of access and authorization provided for in GD no. 585/2002, have Russian antivirus licenses.
- “In terms of the INFOSEC source protection criteria, they meet the conditions stipulated by Law No. 182/2002 and HG No. 585/2002 (both are old laws), as they do not provide for the implementation of cyber protection with a specific type of operator.
- However, there is a vulnerability of legal entities under private law that share classified information, according to GD no. 585/2002, and which are currently unstoppable in protecting their networks and computer systems with antivirus software from the Russian Federation. Thus, this amendment is intended to ensure full and fair protection of classified information, including that shared by private law entities through INFOSEC.” this is shown in the justification for this amendment.
As Minister Burduja explained, why DSI or DPS will be exempted from the application of this law
The reason SRI, SIE, or STS would be exempt from the law banning the use of Kaspersky antivirus and other Russian IT solutions in government agencies would be to allow those agencies to test and exploit vulnerabilities in those programs in the interest of national security, he said in late September. Minister of Digitalization Sebastian Burduja.
- “The project went through a long process of interdepartmental approval, including in the national security agencies, and this was one of the comments received. The details I can provide you are related to the fact that these decisions can be verified by these institutions and used to protect Romania’s national security interests.
- It’s not about actually using them at the average user level, it’s just about having access to them to be able to test and use them.” This was announced by the Minister of Digitalization, Sebastian Burduja.
Asked by HotNews.ro whether these institutions, which have a large number of employees, computers and IT systems, will still be able to use these IT solutions from Russia, the minister said:
“I repeat, only for the purpose of testing these applications and exploiting certain vulnerabilities of these applications. So I think you would also like national security organizations to be able to identify vulnerabilities in certain decisions in the Russian Federation and act accordingly,” Sebastian Bourduya said.
In September, the government passed a bill to ban government agencies from using or buying Kaspersky antivirus and other IT solutions in Russia. Institutions will also be required to remove Russian software from computers within a certain period. Otherwise, they face a fine of 50,000 to 200,000 lei.
Photo source: Dreamstime.com
Mary Robinson is a renowned journalist in the field of Automobile. She currently works as a writer at 247 news reel. With a keen eye for detail and a passion for all things Automotive, Mary’s writing provides readers with in-depth analysis and unique perspectives on the latest developments in the field.