A socially oriented non-financial development institution and a major organizer of international conventions, congress, exhibitions, business, social and sporting, public, and cultural events.

The Roscongress Foundation is a socially oriented non-financial development institution and a major organizer of international conventions; exhibitions; and business, public, sporting, and cultural events. It was established in pursuance of a decision by the President of the Russian Federation.

The Foundation was established in 2007 with the aim of facilitating the development of Russia’s economic potential, promoting its national interests, and strengthening the country’s image. One of the roles of the Foundation is to comprehensively evaluate, analyse, and cover issues on the Russian and global economic agendas. It also offers administrative services, provides promotional support for business projects and attracting investment, and helps foster social entrepreneurship and charitable initiatives.

Each year, the Foundation’s events draw participants from 208 countries and territories, with more than 15,000 media representatives working on-site at Roscongress’ various venues. The Foundation benefits from analytical and professional expertise provided by 5000 people working in Russia and abroad. In addition, it works in close cooperation with 160 economic partners; industrialists’ and entrepreneurs’ unions; and financial, trade, and business associations from 75 countries worldwide.

The Roscongress Foundation has Telegram channels in Russian (t.me/Roscongress), English (t.me/RoscongressDirect), and Spanish (t.me/RoscongressEsp). Official website and Information and Analytical System of the Roscongress Foundation: roscongress.org.

RC personal account
Восстановление пароля
Введите адрес электронной почты или телефон, указанные при регистрации. Вам будет отправлена инструкция по восстановлению пароля.
Некорректный формат электронной почты или телефона
How IT Infrastructure Can Be Secured from Cyber Attacks in Times of Transformation
14 October 2021
12:15—13:30
KEY CONCLUSIONS
Russia’s fuel and energy industry has a high level of protection against cyber attacks

During the 29th Winter Universiade in Krasnoyarsk [in 2019], the corporate cybersecurity centre recorded about 10,000 attempted computer attacks on the facilities of [Interregional Distribution Grid Company] in Siberia each day. Since the system was built correctly, all blocks of the programme are certified and not a single attack reached its logical conclusion [...] In the entire history of the Russian Federation and the existence of the electrical system, our control system has been brought down twice [...] But these were man-made manifestations, not computer attacks, — Viktor Palagin, Deputy General Director for Security, Rosseti.

State policy is not sitting on the sidelines [...] Our regulatory framework consists of the Economic Security Strategy until 2030, the Doctrine of Information and Energy Security […] The challenges and threats have been designated. Moreover, the Energy Security Doctrine classifies the illegal use of information and telecommunication networks and software as well as computer attacks as cross-border threats — Anastasiya Bondarenko, State Secretary, Deputy Minister of Energy of the Russian Federation.

The import substitution in Russian IT that is needed for cybersecurity has great potential

The issue of import substitution is an important one [...] On the one hand, companies that already operate a large volume of imported equipment are at a fork in the road: do they need to change equipment for Russian analogues and developments? It’s difficult to do this without any external pressure. Import substitution [...] from the standpoint of cyber security and national security is an important, integral component — Igor Lyapunov, Vice President for Information Security, Rostelecom.

All our [Russian] companies have adopted import substitution plans [...] It’s obvious that the pace that our industry was on in terms of import substitution has slowed down due to the difficult year of 2020 [as a result of COVID-19]. But the pace is now slowly being restored and gaining steam, and the remote work has apparently enabled allowed someone to get creative somewhere, and new solutions, as we are seeing, are also appearing in this area — Anastasiya Bondarenko, State Secretary, Deputy Minister of Energy of the Russian Federation.

ISSUES
The growing number of cyberattacks, which aim in part to gain control over fuel and energy industry infrastructure

As for the trends that were [seen] in 2020 and 2021, there has been an increase in the number of threats above all. In 2020, the number of attacks increased compared with 2019, while the quality of these attacks has changed significantly. Whereas in the past the attacks were increasing, but most of them were aimed at commercialization and the theft of funds for the commercial benefit of the attackers, last and this year we have begun seeing attacks that target the facilities of the fuel and energy industry with other motives, such as gaining control over infrastructure — Igor Lyapunov, Vice President for Information Security, Rostelecom.

[There has been an] increase in the number of incidents. For example, [there has been an increase in] the percentage of computers in automated control systems on which malicious objects have been blocked. We are seeing the numbers increase and that the energy sector is not yet at the forefront, but the numbers are high, and they make you think [...] Each year, the volume of interferences is growing exponentially — Fedor Opadchiy, Chairman of the Board, System Operator of the United Power System.

The main problem is that for 20 or even 30 years we have been trying to instal imported equipment. We have been trying to instal imported software. We have been oriented towards the West. Now we see that we shouldn’t be doing this, but it’s costly — Viktor Palagin, Deputy General Director for Security, Rosseti.

Insufficient level of computer literacy among company workers and the public

The low level of computer literacy among the public and personnel plays an important role in this. Infected flash drives, media, telephones, and their chargers often account for the lion’s share of all incidents and causes of problems — Viktor Palagin, Deputy General Director for Security, Rosseti.

It’s not enough to appoint a person responsible for security either in the security department or in the IT department […] [There needs to be] responsibility for risks — Yevgeny Miroshnichenko, Member of the Management Board, Director of the Financial and Economic Centre, Inter RAO.

SOLUTIONS
Enhance cybersecurity culture among employees in the energy sector and switch to domestic IT systems

The issue of culture needs to be introduced in all sectors, and energy is no exception. Data theft, everything associated with ransomware, and essential business data – energy isn’t very different from other industries in this sense. It’s not about purchasing equipment, but about working with employees. […] If we’re talking about the protection of technological systems, everything related to the processes of developing secure software should become the norm for energy companies. There are standards for this. They just need to be adopted and started being used in their activities — Fedor Opadchiy, Chairman of the Board, System Operator of the United Power System.

We have taken measures. We have installed firewalls. If there is penetration at the first stage, then the attack doesn’t go any further, and the whole thing works properly. The computer is disabled, then it is examined, observed, and investigated [in terms of] where [the attack came from], what the goals are, and so on — Viktor Palagin, Deputy General Director for Security, Rosseti.

The material was prepared by the Russian news agency TASS