Russian Civil Servants to Be Trained in Cybersecurity

Training for the Public Good

Russia’s Ministry of Digital Development has backed a proposal from the New People party to introduce mandatory cybersecurity courses for civil servants and municipal employees, culminating in official certification. The initiative aims to curb social engineering attacks on government IT systems and critical infrastructure.

Several leading domestic technology companies are involved in the project, including Rostelecom, Kaspersky Lab, Yandex, Avito, and Sberbank. The program relies on two core tools: the educational project “Digital Literacy for Civil Servants” (covering phishing, social networks, data protection, and AI-driven threats through video lectures) and a new testing and certification platform called “TsifrAtest.”

The rollout of the project is expected to deliver broad benefits for Russian citizens. With fewer incidents of fraud and stronger protection of personal data, government institutions will operate more reliably, reducing the financial and operational damage caused by cyberattacks. Internationally, the initiative may be seen as a large-scale example of effective state-driven digital hygiene.

National Program and Export Potential

Over time, the new initiative may be incorporated into Russia’s national Digital Economy program. Plans include mandatory cybersecurity training across all levels of government, with civil servants required to periodically renew their certification through TsifrAtest.

Government organizations are consistently among the most frequent targets of cyberattacks. According to our Solar JSOC monitoring service, more than half of recorded incidents in 2024 involved the public sector. Against this backdrop, monitoring security, promptly identifying weaknesses, and eliminating vulnerabilities are becoming critical elements of effective cybersecurity

Alexander Kolesov

Head of Vulnerability Analysis at Solar JSOC, Solar Group

The methodologies and platforms developed could also be shared with CIS and Eurasian Economic Union partners. Russia already has a strong global presence in corporate cybersecurity solutions, such as the Kaspersky Security Awareness program. However, exports to Western countries may be limited—since September 2024, for instance, the U.S. has banned sales of Kaspersky products.

Security as a Priority

Cybersecurity has become a core theme in the digital era, especially as technology adoption accelerates. Back in December 2024, with support from the Ministry of Digital Development and the nonprofit Digital Economy, an Expert Council on Digital Literacy and Cyber Hygiene was created. In May this year, the ministry announced a mobile app to protect citizens from online fraud, and by August, telecom provider Beeline had launched a child-focused cybersecurity mini-course on the digital literacy platform.

Similar programs are being implemented abroad. For example, the European Union’s ENISA agency regularly conducts awareness campaigns and training for government employees on digital hygiene.

Toward a Universal Ecosystem

Mandatory cybersecurity certification for Russian civil servants could become a reality by 2026–27. The measure is expected to reduce the success rate of phishing and social engineering attacks on government systems, while also lowering the public funds spent on remediation. Over time, the courses and TsifrAtest may evolve into a universal educational ecosystem, scalable to different regions and industries.

The initiative carries strong export potential, though its success in Western markets will largely depend on the direction of international sanctions policies.