How IT Infrastructure Can Be Secured from Cyber Attacks in Times of Transformation

KEY CONCLUSIONS

Russia’s fuel and energy industry has a high level of protection against cyber attacks

“During the 29th Winter Universiade in Krasnoyarsk [in 2019], the corporate cybersecurity centre recorded about 10,000 attempted computer attacks on the facilities of [Interregional Distribution Grid Company] in Siberia each day. Since the system was built correctly, all blocks of the programme are certified and not a single attack reached its logical conclusion [...] In the entire history of the Russian Federation and the existence of the electrical system, our control system has been brought down twice [...] But these were man-made manifestations, not computer attacks,” FGC UES Deputy General Director for Security Viktor Palagin said.

“State policy is not sitting on the sidelines [...] Our regulatory framework consists of the Economic Security Strategy until 2030, the Doctrine of Information and Energy Security […] The challenges and threats have been designated. Moreover, the Energy Security Doctrine classifies the illegal use of information and telecommunication networks and software as well as computer attacks as cross-border threats,” Russian State Secretary and Deputy Minister of Energy Anastasia Bondarenko said.

The import substitution in Russian IT that is needed for cybersecurity has great potential

“The issue of import substitution is an important one [...] On the one hand, companies that already operate a large volume of imported equipment are at a fork in the road: do they need to change equipment for Russian analogues and developments? It’s difficult to do this without any external pressure. Import substitution [...] from the standpoint of cyber security and national security is an important, integral component,” Rostelecom Vice President for Information Security Igor Lyapunov said.

“All our [Russian] companies have adopted import substitution plans [...] It’s obvious that the pace that our industry was on in terms of import substitution has slowed down due to the difficult year of 2020 [as a result of COVID-19]. But the pace is now slowly being restored and gaining steam, and the remote work has apparently enabled allowed someone to get creative somewhere, and new solutions, as we are seeing, are also appearing in this area,” Russian State Secretary and Deputy Minister of Energy Anastasia Bondarenko said.

PROBLEMS

The growing number of cyberattacks, which aim in part to gain control over fuel and energy industry infrastructure

“As for the trends that were [seen] in 2020 and 2021, there has been an increase in the number of threats above all. In 2020, the number of attacks increased compared with 2019, while the quality of these attacks has changed significantly. Whereas in the past the attacks were increasing, but most of them were aimed at commercialization and the theft of funds for the commercial benefit of the attackers, last and this year we have begun seeing attacks that target the facilities of the fuel and energy industry with other motives, such as gaining control over infrastructure,” Rostelecom Vice President for Information Security Igor Lyapunov said.

“[There has been an] increase in the number of incidents. For example, [there has been an increase in] the percentage of computers in automated control systems on which malicious objects have been blocked. We are seeing the numbers increase and that the energy sector is not yet at the forefront, but the numbers are high, and they make you think [...] Each year, the volume of interferences is growing exponentially,” System Operator of the Unified Energy System Chairman of the Board Fyodor Opadchy said.

“The main problem is that for 20 or even 30 years we have been trying to instal imported equipment. We have been trying to instal imported software. We have been oriented towards the West. Now we see that we shouldn’t be doing this, but it’s costly,” FGC UES Deputy General Director for Security Viktor Palagin said.

Insufficient level of computer literacy among company workers and the public

“The low level of computer literacy among the public and personnel plays an important role in this. Infected flash drives, media, telephones, and their chargers often account for the lion’s share of all incidents and causes of problems,” FGC UES Deputy General Director for Security Viktor Palagin said.

“It’s not enough to appoint a person responsible for security either in the security department or in the IT department […] [There needs to be] responsibility for risks,” Inter RAO Member of the Management Board and Head of the Financial and Economic Centre Yevgeny Miroshnichenko said.

SOLUTIONS

Enhance cybersecurity culture among employees in the energy sector and switch to domestic IT systems

“The issue of culture needs to be introduced in all sectors, and energy is no exception. Data theft, everything associated with ransomware, and essential business data – energy isn’t very different from other industries in this sense. It’s not about purchasing equipment, but about working with employees. […] If we’re talking about the protection of technological systems, everything related to the processes of developing secure software should become the norm for energy companies. There are standards for this. They just need to be adopted and started being used in their activities,” System Operator of the Unified Energy System Chairman of the Board Fyodor Opadchy said.

“We have taken measures. We have installed firewalls. If there is penetration at the first stage, then the attack doesn’t go any further, and the whole thing works properly. The computer is disabled, then it is examined, observed, and investigated [in terms of] where [the attack came from], what the goals are, and so on,” FGC UES Deputy General Director for Security Viktor Palagin said.

For more, see the Roscongress Foundation’s Information and Analytical System roscongress.org.