Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.
It is planned that the new database will include all the personal data of Russian citizens, including their names, place of birth, passport numbers, the number of their driver's licence and other details.
As an official spokesman of Anton Silyanov, Russia's Minister of Finance, (one of the main supporters of the initiative), told SC the database will include information on both living and dead Russians, as well as on foreigners permanently residing in the country.
It will contain their tax number, personal pension account number, place of residence and work, criminal records and other information. Moreover, each person on the database will receive their own, unique unalterable 12-bit code.
According to plans being drawn up by the Russian Ministry of Justice, the formation of the database is expected to be finally completed by the middle of next year following Russian government approval of all legislative requirements.
Meantime, the new state initiative has already drawn criticism from some leading Russian cyber-security analysts who fear that the new database may become a target for hacker attacks, with any leakage of personal data potentially having catastrophic consequences for those whose data is stolen.
Sergey Stepanichev, a senior cyber-security expert at NPO Energia, one of Russia's leading cyber-security research institutions, told SC that hackers will try to access the newly established database, as the information it contains could be very valuable for them, as it could allow them to blackmail people and to use for other criminal purposes.
This view is repeated by Ivan Vavilov, a cyber-security expert at the Russian Safer Internet Centre, one of Russia's leading cyber-security analyst agencies.
As Vavilov told SC, the only way to reduce the threat of hacker attacks on such networks is to restrict its access public networks and the Internet.
Vavilov comments: “Such systems should be operated on the basis of their own closed internal networks. If it becomes necessary to work with the Internet, it will need to use special machines and computers, which should be located in separate subnets. This will help to minimise a threat of information leakage."
