Who will protect 50 thousand critical information infrastructure facilities?

[tanjimajuha20]

Vladimir Dashchenko, an expert in cybersecurity of industrial automation systems and smart devices at Kaspersky ICS CERT, speaking at the 12th Russian Internet Governance Forum, gave several examples of how products that seem to meet all the criteria of Russian software have foreign components "under the hood". At the same time, Russian vendors have not eliminated vulnerabilities, including critical ones. When researchers pointed out unpatched switzerland cell phone number list vulnerabilities to the vendor, they failed to establish communication. So in this case, import substitution does not increase, but reduces the security of objects.

Read also


More than 70% of critical information infrastructure (CII) facilities in Russia are located at fuel and energy complex enterprises. In second place is healthcare with 12% and communications with 9%. The total number of CII facilities in Russia is more than 50 thousand. These results were obtained during a study by ANO "Digital Economy".

Eduard Sheremetsev supported the proposal to use foreign PAK and PTK. The task of ensuring their security can be solved with the help of imposed means and isolation from public networks.

Anton Elizarov, head of the APCS protection group at the information security center of JSC Infosystems Jet, warns: "It is difficult to make all such systems isolated, since APCS data can be used in corporate systems. In this case, competent network segmentation, allocation of demilitarized zones, protection of end devices and monitoring of anomalies in the network will help. As compensating measures, it is possible to limit physical access to the equipment by placing it in a closed circuit equipped with physical security systems, and monitor all actions on equipment maintenance or modernization."

According to Vitaly Siyanov, the proposals to use foreign industrial equipment available at critical information infrastructure facilities using compensating measures and in an isolated mode seem adequate: "Order of the FSTEC of Russia No. 239 for significant critical information infrastructure facilities requires organizations to first think about how to use APCS components in a safe mode using compensating measures, and only then install the imposed protection measures. To ensure the security of the hardware and software systems or hardware and software systems that are part of significant critical information infrastructure facilities, one should rely on the requirements of the legislation. The current regulatory framework already contains all the necessary algorithms for protecting such systems. In other cases, we recommend starting with developing a threat and intruder model and thinking about protection measures based on it. In the context of the termination of support and receiving security updates from manufacturers, it is also extremely important to ensure proactive monitoring of information security events. This will help detect malicious activity at early stages, even before intruders penetrate the technological segment of the network. In addition, regular information security audits should be conducted to keep the security system up to date."