Typical
Russia is once again re-arranging deck chairs on the Titanic. Who decides what is sufficient protection? By what process? And if there is a flaw in said process, how is it addressed? What counts as an attack? Most security problems, and indeed most infrastructure problems, are not caused by deliberate, malicious acts. Servers don't crash to the scream of "Jihad!" ... They most always die to the quieter utterance of "Oops." So what, Russia plans on imprisoning anyone in IT who makes a typo and craps out a router? I mean, how do you prove it wasn't malicious (other than, you know, common sense)? And round and round we go.
Here's the big problem: We're not *allowed* to engineer secure systems. Everything is a black box due to "trade secrets" or "copyright" or "patents", and so nobody has a damn clue how anything works, and when it breaks, we can't even open it up and try to suss out the problem. The code that runs the overwhelming majority of our infrastructure is under lock and key, in a disused lavatory, in the basement, with a sign outside that says "Beware of the Leopard." And we did it all because businesses asked our idiot lawmakers to do it, and not being engineers, they were only too happy to eviscerate any hope we might have had at using the hard-won lessons of every other branch of engineering.
And now that everything is on fire, their solution is to yell at the fire fighters who are hopelessly ham strung by the idiotic machinations of the government (generically: As in, every government has contributed to this)? Sure. Yeah, okay. You know what, Russia? Here's my bucket. You deal with it. I'm going home.