The operator of Transneft oil trunk pipelines recorded the increase in cyber attacks to the Company’s information systems (IS), process communication networks and other information and technological resources over 9M 2017 y-o-y. To protect the infrastructure from attacks, the Company is setting up the cyber security center and suggests that the by-laws should envisage in the Critical Information Infrastructure Law that will take effect on January 1, 2018, should be timely developed.
Transneft is setting up a cyber security center, told Nikolay Tokarev, Transneft President, at the Expert Council for Cyber Security. The center will interact with the National System for Detection, Prevention and Elimination of Consequences of Cyber Attacks (NSDPE CCA).
According to Vladimir Rushailo, Transneft Vice President, cyber threats are on the rise. “Cyber crime is one of the most significant risks in the next 10 years. In 1H 2017, nearly a third of all attacks worldwide accounted for PCS & SW/HW Control Systems. A new malware emerged in 2017 – ransomware for programmable login controllers that are capable of contaminating a whole range of models and devices from the major manufacturers of PCS & SW/HW Control System. For Transneft companies operating such equipment, this malware is very dangerous and may damage inner processes”, he noted.
According to Vladimir Rushailo, information media, IS, and process communications means are subjected to cyber attacks. “Over the first 3Q 2017, the quantity of e-letters with unsolicited content, viruses etc., rose 60%, to 10 million, y-o-y. The attempts at unauthorized connections with Transneft’s data processing center increased, too. In addition, management and employees receive anonymous e-messages with threats - swindlers ransom money”, Transneft’s Vice President warned. He also told about several instances of crypto currency mining in Transneft’s service equipment. “Mining could interfere with the Company’s processes”, Rushailo noted.
“All this gives rise to much concern. It is impossible to imagine that such instances could influence or interfere with Transneft’s business, its working schedule because our activities cover all refineries, export of oil and petroleum products. And if we take into account that Transneft is a monopoly that transports oil from Nakhodka to Baltics, the criticality of this issue becomes obvious,” noted Nikolay Tokarev.
According to Transneft, over 50 million cyber attacks were made at Russian information resources in 2016, a three times increase y-o-y. More than 60% of all attacks are from abroad. The attacks were on the rise in 2017. The key cyber-attacks objects in the fuel and energy sector are: PCS & SW/HW Control Systems, IT resources, and data transmission networks. By the way, more than 100 corporate information systems and databases operate in Transneft, over PCS & SW/HW Control Systems, and over 60,000 automated workstations were created. That’s why, the Company needs cyber protection.
In July 2017, Transneft updated its information security polity and approved the anti-threat program. The policy envisages the introduction of modern devices for cyber protection against targeted attacks, creation of the centralized monitoring and control system for information security events. The system will collect information from different sources and identify complex and target attacks. In July 2017, Transneft introduced the anti-cyber attack working group. Moreover, the Company has already set up information security business units. The created system are tested for compliance with the Company’s requirements and for cyber security level at the testing ground of the Testing and Operating Center.
Vladimir Rushailo pointed to another problem in terms of internet security and protection against cyber threats. Almost all information systems in PCS & SW/HW Control System apply foreign-made software. “We are not fully sure that this software does not contain any unreported options”, he said.
Mr. Maxim Grishanin, Senior Vice President, noted that foreign hardware is often not compatible with domestic information protection devices. In addition, he gave an example when the Company had to reject the hardware from European vendor, Schneider Electric, due to its susceptibility to external cyber-attacks. In 2016/2017, Trasneft reviewed the information security risks to PCS & SW/HW Control System and identified numerous critical susceptibilities, in particular, in built-in protections of PCS & SW/HW Control System. The Company communicated this information to the manufacturer but has been waiting for a response for a long time. “We have tried to call them to order for 6 months, and after numerous reminders there was some progress. Now we prohibited this manufacturer’s equipment in Transneft system on a temporary basis, until the technical errors have been eliminated”, told Maxim Grishanin.
According to him, Transneft still has to combine domestic hardware/software solutions with foreign ones, because there is no comprehensive cyber security solution offered by the Russian manufacturers.
Vladimir Rushailo reminded of the Critical Information Infrastructure Law (to take effect on January 1, 2018) and suggested that the by-laws envisaged in the Law be timely developed. One of these by-laws (governmental resolution) is intended to establish the criticality criteria for facilities in the critical information infrastructure (CII), their values, as well as the procedure for and timing of their categorization.
"However, the project analysis suggested its direct application is rather difficult. There is no method to calculate values for assigning the respective categories to CII facilities, which creates the risks of wrong determination of criticality of such facilities”, says Vladimir Rushailo. According to him, the technical and legal consequences of implementing provisions of this Federal Law will have to be assessed.
As ComNews noted, Russian companies earmark approx. 11% of the IT budget for corporate network protection, according to Security Code’s data. Financial and manufacturing industries account for the greatest share of enterprises with a separate business unit in charge of network security.