I could have clicked through this epoch-making event, but the Mincifra cackled : fifth place, fifth place, climbed 21 positions in a year, one line with the UAE and Malaysia! It became interesting, especially since I myself have recently compiled a similar index and if it smells in fifth place in Russia, it is more likely from the end.
I looked at this "international cybersecurity index" and some considerations appeared, which explains the unprecedented success of the homeland. Firstly, the place is not 5, but 8-10. In 7 countries, this same index is longer than in Russia, and if the guys from the ITU do not know how to draw up ratings, it would be unacceptable to correct them: even the 10th place is very worthy.
Secondly, I looked into the "Methodology" section and saw the expected picture: the index is compiled on the basis of questionnaires that are filled in (guess who?) By the officials of the ranked countries. Those. The officials of the Ministry of Digital Affairs of Russia were asked to tell how things are with cybersecurity in Russia, and they started to cut the truth: both are good here, and this is wonderful ...
To be fair, the methodology has a caveat that the questionnaire is also sent to "independent experts" who can put their fly in the lacquered officialdom. In the report, I found mention of only two persons from Russia, who are grateful for their help in compiling the index: Alan Olegovich Khubaev from a certain department of information security and Andrei Sergeevich Zhivov from a certain department of international cooperation.
A couple of minutes of googling in Yandex allowed us to establish their species: the assistant of the data processing regulation department of the Information Security Department of the Ministry of Digital Science of the Russian Federation and the Deputy Director of the Department for the Development of Mass Communications and International Cooperation, again of the Ministry of Digital Science of Russia.
Third, let's finally take a look at the questionnaire - what are the criteria for assessing the level of information security of countries? The first section is "Legal Measures": do you have such and such a law in your country? And what about the law? And the law is against that? Is there a responsibility for this?
If it seemed to you that above I was casting a shadow over the fence and hinting at some insincerity of the officials who filled out the questionnaire, then excuse me. I have no doubt that Messrs. Khubaev and Zhivov honestly and honestly answered all the questions: yes, Russian legislation provides for liability for cybercrimes. Yes, βpiracyβ is prohibited in Russia, yes, there is responsibility for racism, xenophobia and other excesses on the Internet (there, Roskomnadzor has a whole list of extremist materials), but we do our best to prohibit child porn and other child abuse in cyberspace, yes -Yes Yes!
Now let me mention my index again. (as an advertisement) and a report dedicated to him, in which the following is written in black and white: 96% of Russian state sites do not comply with the requirements of the RLA on information security. Those. There is legislation in Russia, here the gentlemen from the Ministry of Digital Science did not lie, only no one is executing it. But for some reason, the gentlemen from ITU were not interested in such questions ...
With the