The State Duma Committee on Inform Policy, IT and communications is currently working on a new bill to legalize the work of “White Hackers”, as reported by a newspaper. This initiative is an extension of a previous bill proposed in December 2023, which aimed to allow companies to hire such specialists without specifying how their work would be organized.
The new bill seeks to amend Article 16 of the Federal Law No. 149-ФЗ “On Information, Information Technologies and the Protection of Information”. These amendments are intended to clarify under what conditions companies, particularly those classified as critical information infrastructure (CII), as well as various government bodies, can engage “white hackers” for cooperation and utilize platforms like BUG BUUNTY for penetration testing.
Under the proposed changes, organizations will have the option to engage “white hackers” either through direct agreements or through public offers to attract specialists. The government will be authorized to establish requirements for the process and conditions of conducting tests by “white hackers”, which will be applicable to government agencies, constituent entities of the Russian Federation, local authorities, and CII subjects.
All testing procedures will be required to be in compliance with federal security regulations, likely overseen by the FSB of Russia. The discussion surrounding the legalization of “white hackers” began in 2022 in response to a surge in cyber attacks on Russian IT systems.
Initially met with concerns from law enforcement agencies, the first bill was introduced to the State Duma in December 2023, amending Article 1280 of the Fourth of the Civil Code of the Russian Federation. As reported by Anton Nemkin, a member of the State Duma Committee on Inform Policy, IT and communication, the first bill addressed legal barriers preventing “white hackers” from testing information systems without permission from the program copyright holder.
Nemkin mentioned that the second project is nearly complete, pending final approvals. Stressing the importance of legalizing the work of “white hackers” due to the current demand for their services, Nemkin acknowledged that the Bug Bounty market in Russia is still developing, with a 2023 volume of less than 200 million rubles.
The Ministry of Digital Development, Communications and Mass Communications of the Russian Federation stated that they were not informed about the new bill on this topic, as reported by the publication.