A socially oriented non-financial development institution and a major organizer of international conventions, congress, exhibitions, business, social and sporting, public, and cultural events.

The Roscongress Foundation is a socially oriented non-financial development institution and a major organizer of international conventions; exhibitions; and business, public, sporting, and cultural events. It was established in pursuance of a decision by the President of the Russian Federation.

The Foundation was established in 2007 with the aim of facilitating the development of Russia’s economic potential, promoting its national interests, and strengthening the country’s image. One of the roles of the Foundation is to comprehensively evaluate, analyse, and cover issues on the Russian and global economic agendas. It also offers administrative services, provides promotional support for business projects and attracting investment, and helps foster social entrepreneurship and charitable initiatives.

Each year, the Foundation’s events draw participants from 208 countries and territories, with more than 15,000 media representatives working on-site at Roscongress’ various venues. The Foundation benefits from analytical and professional expertise provided by 5000 people working in Russia and abroad. In addition, it works in close cooperation with 155 economic partners; industrialists’ and entrepreneurs’ unions; and financial, trade, and business associations from 75 countries worldwide.

The Roscongress Foundation has Telegram channels in Russian (t.me/Roscongress), English (t.me/RoscongressDirect), and Spanish (t.me/RoscongressEsp). Official website and Information and Analytical System of the Roscongress Foundation: roscongress.org.

RC personal account
Восстановление пароля
Введите адрес электронной почты или телефон, указанные при регистрации. Вам будет отправлена инструкция по восстановлению пароля.
Некорректный формат электронной почты или телефона
Secure Ecosystem Development — What Are the Essentials?
3 June 2021
11:00—12:15
KEY CONCLUSIONS
Ecosystems are actively developing

Ecosystems and the state, all state IT systems are not unrelated, separate elements. They form a large, unified ecosystem. <…> And this is also a big challenge <…> they have not yet fully realized that they are an ecosystem. In this sense, attack on one element can affect the whole system — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Due to the development of ecosystems, the overall level of security in the country will grow, because the ecosystem is formed by market leaders, and their security level is much higher than the average, so the practices and approaches they use will apply to all chains, and business will be much more sustainable in general — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

There are many risks to ecosystem development, including cyber attacks

We need to understand that any IT development is happening very fast: daily and weekly dozens of new types of attacks appear, and such speed requires adequate protection that in most cases cannot be achieved in state institutions — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Companies and the state are not the only ones to digitalize: it is also cybercrime, which means that technologies are becoming available — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

It is not only about technologies and technological risks, there is also a substantial political component, and we as a company are dealing with this in a comprehensive manner — Wing Kin Leung, Chief Technical Officer, Huawei Enterprise BG.

If we have [sensitive, Ed.] data, of course, we need to protect them. These data are related to people, we get them by observing, and we do not want them to be used for malicious purposes — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

There is a sufficient regulatory framework that needs to be implemented and improved if necessary

Cybersecurity is an overregulated area. There are so many documents outlining protection rules and when another incident happens, regulator takes a simple and clear position: ‘Are the rules that bad?’ No, they are excellent, all recommendations are great, but we need to implement them with our own hands — Igor Lyapunov, Vice President for Information Security, Rostelecom.

If the Geneva Conventions prohibit a kinetic attack on, say, a hospital, it would be logical to add there prohibition on a cyberattack that could cause serious damage to that hospital preventing people from receiving medical care — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

ISSUES
The larger the ecosystem, the higher the risk of data leaks and cyber attacks

For me, as a security person, the ecosystem is dangerous in two aspects: the first is the accumulation of large amounts of data in one point, and this is often <...> aggravated by all kinds of partner ecosystem programmes. <...> And the second is dependence and all possible hidden dependencies on these ecosystems — Igor Lyapunov, Vice President for Information Security, Rostelecom.

An ecosystem consists not only of companies, but also of clients, citizens, various participants. <…> The problem of the telephone fraud <...> in many ways derives from the fact that we failed to come to an agreement with each other, as well as banks, telecoms, the state failed to come to an agreement and respond quickly — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

Lack of cybersecurity literacy among people and businesses

Business has absolutely no motivation to ensure the security of critical infrastructure or user data — Igor Lyapunov, Vice President for Information Security, Rostelecom.

What are these threats and social engineering really all about? The fact is that clients and users do not have a clear understanding of what is actually happening — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

Soon people will become more informed about that, and they will demand from institutions, organizations, banks, and businesses to expand their data protection toolkits — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

SOLUTIONS
Creation of a unified security ecosystem

When we talk about protection, the principle is quite simple: ecosystems must be protected by ecosystems. It is impossible to protect them separately. <...> We are now putting forward an initiative to create a single centre, a unified infrastructure, a kind of a security operation centre that will protect the state ecosystem and state IT infrastructure. In my opinion, this is the only real way to protect an ecosystem of this size — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Now we are facing a huge dilemma of how to ensure the security of state systems, and we believe that it is extremely important to centralize this function at the state level. Centralize it in the hands of special services or do it on a commercial basis; now we are looking at international experience, and there are different ways of doing it. <...> But now it is a big dilemma; we need to make this decision to ensure the security of the state ecosystem — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Ensuring confidentiality and maintaining customer trust

We have a key basic principle that all personal data of our users are kept strictly within the Yandex system — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

We adhere to the principle of least privilege, which means to use data only where they are really needed. <…> In most cases, data are not needed at all [user data, Ed.]. They can be replaced with anonymized or aggregated data — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

Data are the foundation of trust. If a company does not pay enough attention to data protection, it will inevitably inhibit its development in the future — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

It is not only about legislative requirements, but the market itself, the contract that is called user confidence in the ecosystem is the best regulator — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

As far as ecosystems are concerned, we need to think how to organize cyberspace. <…> Trust is crucial; it means that we need a dialogue, we need to understand technologies, we need to try to find a solution. And the driver for all this is our desire to protect people and help them — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.