The operator of the trunk oil pipelines Transneft recorded an increase in the number of cyber attacks on information systems (IS), technological communication networks and other information and technological resources of the company for nine months of 2017 compared to the same period last year. To protect the infrastructure from attacks, the company forms a computer security center and also offers timely development of by-laws stipulated by the law on critical information infrastructure, which comes into force on January 1, 2018.
As Nikolai Tokarev, the president of PJSC "Transneft" told the expert council on cybersecurity, the company forms a computer security center. It will work in cooperation with the State system for detection, prevention, and elimination of the consequences of computer attacks (GOSOPKA).
According to Vladimir Rushailo, vice president of Transneft, the cyber threat is growing. "Cybercrime is one of the most significant risks in the next 10 years.In the first half of 2017, about one-third of all attacks in the world occurred in automated process control systems (APCS).In 2017, a new type of malware appeared - extortionists for programmable logic controllers capable of infecting a number of models and devices of the largest manufacturers of process control systems For Transneft organizations operating such equipment these harmful systems are especially dangerous. internal processes, "he said.
Must Read: The version of the attack invented back in 1998, is still suitable for hacking the traffic of Facebook, PayPal, and other large sites.
According to Vladimir Rushailo, information carriers, IS, technological communication networks are subjected to cyber attacks. "Over the first three quarters of 2017, compared to the same period last year, the number of e-mails with unwanted content - viruses, etc. - increased by 60%, to 10 million. The number of unauthorized connections with the data center of Transneft has also grown. , managers and employees receive anonymous electronic messages with threats, scammers extort money, "- warned the vice-president of Transneft. He also talked about the cases of mining crypto-currency on the official equipment of Transneft. "Mining could interfere with technological processes in the company," said Vladimir Rushailo.
"All this causes serious concern.It is not enough to imagine that such influence or interference in the activities of Transneft and its work schedule is because our activities affect all refineries, the export of oil and oil products.If we consider that Transneft is a" this is the monopoly that transports oil from Nakhodka to the Baltic, the importance of this issue is obvious, "Nikolay Tokarev emphasized.
Must Read: Uber paid hackers $ 100 thousand to hide the hacking of its database .
According to Transneft, in 2016 more than 50 million attacks were committed on Russian information resources, which is three times more than in 2015. Over 60% of all attacks are carried out from abroad. And in 2017 the number of attacks again increased significantly. The main objects of cyber attacks in the fuel and energy complex are ACS TP, IT resources and data transmission networks. By the way, Transneft employs over 100 corporate information systems and databases, more than 5000 automated process control systems, and created over 60,000 automated workstations. That's why the company needs cyber defense.
In July 2017, Transneft updated the IS policy and approved a program to counter threats. The policy envisages the introduction of modern means of protection against targeted attacks, the creation of a centralized system for monitoring and managing IS events. It will collect information from various sources and recognize complex and targeted attacks. In July 2017, a working group on countering cyber attacks appeared in Transneft. In addition, the company has already established information security units. At the test and operation center testing site, the systems being developed are tested for their compliance with the company's requirements, and their level of cybersecurity is checked.
Vladimir Rushailo also pointed to another problem from the point of view of information security and protection from cyber threats. Almost all IS and APCS software is used for foreign production. "We do not have full confidence in the absence of undeclared capabilities in this software," he said.
Must Read: The Danish company disclosed a fraudulent scheme for creating fake traffic.
First Vice-President of Transneft Maxim Grishanin drew attention to the fact that often foreign equipment is not compatible with domestic means of information protection. In addition, he gave an example of how the company had to abandon the equipment of the European vendor Schneider Electric because of its vulnerability to external cyber attacks. In 2016-2017 years. Transneft carried out a risk analysis with regard to information security of the automated process control system and found numerous critical vulnerabilities, including in the built-in mechanisms of ACS TP protection. This information the company brought to the manufacturer, but the response from him waited a very long time. "We tried to call them to order for half a year, after numerous reminders, the matter shifted: we have temporarily prohibited the equipment of this manufacturer from being used in the Transneft system until technical remarks are removed," Maxim Grishanin said.
According to him, while Transneft is forced to combine domestic and foreign software and hardware solutions since there is no completely complete integrated solution for cybersecurity from the Russian manufacturer.
Vladimir Rushailo recalled the law on critical information infrastructure (effective January 1, 2018). He proposed the timely development of by-laws envisioned by the law. One of these subordinate acts (government decree) is to approve the Criteria for the Critical Information Infrastructure Criticality Criteria (CRI), their significance, and the order and timing of their categorization.
Must Read: Trojans downloaded millions of users from Google Play .
"However, the analysis of this project has shown that its direct application is difficult.There is no methodology by which the values of indicators for assigning objects of the CII to the corresponding categories are calculated.This creates the risks of incorrect determination of the significance of such objects," says Vladimir Rushailo. According to him, it is necessary to assess the technical and legal consequences of the implementation of the norms of this federal law.
As previously reported by ComNews, on the protection of corporate networks, Russian companies allocate an average of 11% of the IT budget, as evidenced by the data of the Security Code. The largest share of enterprises with a dedicated network security unit is observed in the financial and industrial sectors (see the news of ComNews on November 28, 2017).