Anton Shipulin, the Industrial Cibersecurity Center Coordinator in Russia (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.
He describes the level of sensitivity of industrial organizations in his country according to the following percentages:
He also affirms that the trend of recent years has been an exponentially grown in awareness.
Russia counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:
- Federal Service for Technical and Export Control (FSTEC)
- Federal Security Service of the Russian Federation (FSB)
- Ministry of Energy of the Russian Federation
- Ministry of Digital Development, Communications and Mass Media of the Russian Federation
- Ministry of Transport of the Russian Federation
Among the main national laws and regulations affecting in this context in Russia, Anton Shipulin mentions:
- Federal Law No. 187-FZ of 26 July 2017 "On Security of Critical Information Infrastructure of the Russian Federation"
- Decree of the President of the Russian Federation No. 803 of 03 July, 2012 "Main directions of state policy on Security of industrial automation and control systems of Critical Information
- nfrastructure of the Russian Federation
- Decree of the President of the Russian Federation No. 646 of December 5, 2016 "Doctrine of Information Security of the Russian Federation"
- Decree of the President of the Russian Federation No. 683 of 31 December 2015 "The Russian Federation's National Security Strategy"
Analysing the most widely adopted industrial cybersecurity measures by Russian organizations to protect industrial automation systems, Anton Shipulin highlights the application of:
- Industrial cybersecurity consulting / advisory
- Internal security audits
- External security audits
- Network design and architectures
- Conventional firewalls
- IDS / IPS
- Encrypted communications
The CCI Coordinator in Russia characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:
- Lack of operational technologies certifications, processes and professionals
- Lack of specific CERTs
- Lack of financial resources
- Awareness, especially regarding industrial critical infrastructures
- Frequent events and forums on industrial cybersecurity
- Increase of Industrial cyber security trained professionals
- Application of IT security measures without discretion
- High development of industrial applications without cybersecurity requirements
- Shortage of local industrial cybersecurity professionals working for manufacturers
- High dependency on foreign high technologies
- Growing control from national agencies