The Industrial Cybersecurity Center in Russia

Team

Maite Carli García

Maite Carli is Communication Manager and European Coordinator at the Industrial Cybersecurity Center. Specialized in administration of networks and communications, industrial critical infrastructures, industry 4.0, data analysis technologies in the Health sector and industrial cybersecurity, having done several courses and a master. She has developed his professional career during the last 9 years in the […]

Anton Shipulin

Industrial Cybersecurity Center Coordinator for Russia Member of Industrial Cyber Security / Critical Infrastructure Protection Business Development team at Kaspersky Lab HQ Specialist Degrees in Cyber Security and Project Management, IT Management MBA Information Security Specialist since 2005 with experience in area of: Cyber Security system architecture, integration and operation Cyber Security audit, consulting and […]

Anton Shipulin, the Industrial Cibersecurity Center Coordinator in Russia (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has been an exponentially grown in awareness.

Russia counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • Federal Service for Technical and Export Control (FSTEC)
  • Federal Security Service of the Russian Federation (FSB)
  • Ministry of Energy of the Russian Federation
  • Ministry of Digital Development, Communications and Mass Media of the Russian Federation
  • Ministry of Transport of the Russian Federation

Among the main national laws and regulations affecting in this context in Russia, Anton Shipulin mentions:

  • Federal Law No. 187-FZ of 26 July 2017 "On Security of Critical Information Infrastructure of the Russian Federation"
  • Decree of the President of the Russian Federation No. 803 of 03 July, 2012 "Main directions of state policy on Security of industrial automation and control systems of Critical Information
  • nfrastructure of the Russian Federation
  • Decree of the President of the Russian Federation No. 646 of December 5, 2016 "Doctrine of Information Security of the Russian Federation"
  • Decree of the President of the Russian Federation No. 683 of 31 December 2015 "The Russian Federation's National Security Strategy"

Analysing the most widely adopted industrial cybersecurity measures by Russian organizations to protect industrial automation systems, Anton Shipulin highlights the application of:

  • Industrial cybersecurity consulting / advisory
  • Internal security audits
  • External security audits
  • Network design and architectures
  • Conventional firewalls
  • IDS / IPS
  • Encrypted communications
  • Antivirus

The CCI Coordinator in Russia characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific CERTs

  • Lack of financial resources

Strengths

  • Awareness, especially regarding industrial critical infrastructures

  • Frequent events and forums on industrial cybersecurity

  • Increase of Industrial cyber security trained professionals

Threats

  • Application of IT security measures without discretion

  • High development of industrial applications without cybersecurity requirements

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • High dependency on foreign high technologies

Opportunities

  • Growing control from national agencies

Activities