A socially oriented non-financial development institution and a major organizer of international conventions, congress, exhibitions, business, social and sporting, public, and cultural events.

The Roscongress Foundation is a socially oriented non-financial development institution and a major organizer of international conventions; exhibitions; and business, public, sporting, and cultural events. It was established in pursuance of a decision by the President of the Russian Federation.

The Foundation was established in 2007 with the aim of facilitating the development of Russia’s economic potential, promoting its national interests, and strengthening the country’s image. One of the roles of the Foundation is to comprehensively evaluate, analyse, and cover issues on the Russian and global economic agendas. It also offers administrative services, provides promotional support for business projects and attracting investment, and helps foster social entrepreneurship and charitable initiatives.

Each year, the Foundation’s events draw participants from 208 countries and territories, with more than 15,000 media representatives working on-site at Roscongress’ various venues. The Foundation benefits from analytical and professional expertise provided by 5000 people working in Russia and abroad. In addition, it works in close cooperation with 155 economic partners; industrialists’ and entrepreneurs’ unions; and financial, trade, and business associations from 75 countries worldwide.

The Roscongress Foundation has Telegram channels in Russian (t.me/Roscongress), English (t.me/RoscongressDirect), and Spanish (t.me/RoscongressEsp). Official website and Information and Analytical System of the Roscongress Foundation: roscongress.org.

RC personal account
Восстановление пароля
Введите адрес электронной почты или телефон, указанные при регистрации. Вам будет отправлена инструкция по восстановлению пароля.
Некорректный формат электронной почты или телефона
Creating a Trustworthy Environment in Critical Information Infrastructure
4 June 2021
10:00—11:15
KEY CONCLUSIONS
The process of protecting critical infrastructure must be done in tandem with creating it

In terms of regulation, and government requirements, I can say that requirements related to the protection of critical infrastructure are becoming stricter. <...> This is quite a substantial trend – this transition to obligatory solutions to protect infrastructure is happening very quickly. In this regard, the problem is that solutions designed to protect such a complex infrastructure are in short supply on the market. <...> The development of a system which could appear quickly on the market and provide the requisite quality, and be delivered in the necessary quantities, is, in my opinion, a problem and a challenge, — Andrey Butko, General Director, Rusatom Automated Control Systems.

ISSUES
The existence of many different cyber threats, and the difficulty in preventing them

What makes responding to these attacks difficult? In our case, when we have investigated the situation thoroughly, in a group, for example, we find that more than 10 back doors exist in the infrastructure. And if a particular area gets hit by malicious software, then you can be sure that the attacker will have left 10 entry points for themselves, — Igor Lyapunov, Vice President for Information Security, Rostelecom.

When it comes to critical information infrastructure, one of the main entry points is via IT contractors, IT companies, which develop and maintain the IT infrastructure in question, — Igor Lyapunov, Vice President for Information Security, Rostelecom.

If we talk about professional, targeted, slow [attacks, Ed.] <...> we may not stop one from happening, but we will notice it. <...> There are technologies and methods in place to catch it. Unfortunately, in order to make a company safe from these kinds of attacks, you not only need technologies and products, you also need to integrate them, train personnel, and conduct periodical audits. Today, if we speak about Russia, there is neither a single company nor a single integrator that offers this, — Eugene Kaspersky, Chief Executive Officer, Kaspersky Lab.

SOLUTIONS
Improving cybersecurity regulation at the state level

Regulation – in terms of creating an environment for funding, putting technical requirements in place, and fully implementing technical policy at a state and corporate level – is on the one hand an area of focus, and on the other, a solution which will [together, Ed.] bring results, — Andrey Butko, General Director, Rusatom Automated Control Systems.

Today, in order to exercise control over any critical information infrastructure <...> you primarily need to deploy human resources. Without human input, you cannot do anything. <...> Today, in my opinion, we should be looking at amending the legislation here in the Russian Federation with regards NDAs and non-disclosure, because not everybody has a clear idea of what is allowed, and what is not, — Denis Zavarzin, General Director, Centre for the Study and Network Monitoring of the Youth Environment; Member of the Civic Chamber of the Russian Federation.

For each end-to-end project, we will instil obligatory requirements with regards information security. This needs to be done right now, from the off. If we create a solution, it must be one that provides cyber-immunity and is secure by design from the very beginning – this is the first thing. The second thing is that clearly we will exert more pressure via regulation with regards import substitution and requirements, — Vasiliy Shpak, Deputy Minister of Industry and Trade of the Russian Federation.

Improving reaction to incidents

Serious attention should be directed to developing the skills needed to react to incidents, — Andrey Butko, General Director, Rusatom Automated Control Systems.

We are currently endeavouring to teach cybersecurity software at schools more, so that young people know about it, — Danny Danon, Independent Expert; Permanent Representative of the State of Israel, United Nations (2015–2020).