Journal of Applied Informatics

Editorial Board

Journal archive

For authors

For advertisers

Useful links

Contacts

Authors

< Back to the list of authors

Smirnov M.

Degree	PhD in Technique, Leader of the Divison «Cyber Security of Industrial Automation”, JSC “InfoWatch”,
E-mail	ms@infowatch.com
Location	Moscow
Articles	Methods and results of testing the compatibility of information security tools and SCADA The relevance of the work lies in the need to create security systems for critical information infrastructure of the Russian Federation, first of all — the process control system of critical and potentially dangerous objects, computer incidents in which can lead to catastrophic consequences, including the death of people. At the same time, such a security system should not have a negative impact on the APCS, and both systems should be functional at the same time. The problem lies in the lack of methods for integrated assessment of compatibility of means of information protection and control systems for engineering systems of safety of objects of critical information infrastructure. A method of assessing the compatibility of information security and APCS by cross-testing using programs and test methods used in the acceptance of such systems. The practical results on the evaluation of compatibility of information security tools with process control systems of different vendors in the course of testing on the stands of process control systems manufacturers and industrial enterprises. Information security equipment manufactured by JSC InfoWatch: InfoWatch ASAP, InfoWatch Traffic Monitor, InfoWatch EndPoint Security on the equipment / software of the following vendors were tested: Schneider Electric, Klinkmann, Siemens, «modular Tornado systems», AMT-Group. The methodology used for the compatibility testing of information security tools and control systems understandable to the producers, and they have taken. The compatibility statements published by the manufacturers of the APCS hardware and software confirm this. Potential customers and engineering companies that produce, implement and provide technical support for APCS are also actively involved in the tests. Read more... The procedure and methodology of the cybersecurity pilot projects The article presents analysis of various applications of the “pilot project” as a concept, describes the procedure for the pilot projects implementation regarding ICS information security scope (critical information infrastructure facilities). The article defines a term “pilot project” for the cybersecurity field. The relevance of this study lies in the need to create security systems for the critical information infrastructure of the Russian Federation, the key element of which is information protection tools that have passed conformity assessment for use at specific facilities, taking into account the specifics of their implementation, operation and threat model. The problem is that there is no unified understanding of the targets and objectives of the pilot projects, in IT&OT industry. As the result of this there is an overestimation of time spent on coordination and implementation of projects, including their targets, objectives, a list of expected results and criteria for their evaluation. It also affects the selection of specialists with the necessary qualifications. The article is based on the successfully experience in pilot projects in accordance with the developed original methodology in 2017-19. Read more... Main drivers and trends of DLP systems development in the Russian Federation The rapid development of information technologies, the introduction of new cloud services, and the transfer of employees to remote work necessitate the adequate development of data leak Prevention (DLP) systems. The purpose of this article is to determine factors that affect this process and identify main trends in the development of DLP systems in the Russian Federation. To do this, we analyze statistics on information leaks, explore the prospects for implementing new features of DLP systems based on modern information technologies (BigData, IOT, artificial intelligence and machine learning), and consider ways and means of integrating DLP within complex information security systems (SSI) in accordance with the requirements of the main regulatory and methodological documents of the Russian Federation in the fi of information security. To solve these problems, methods of analysis, synthesis, system analysis, formalization, comparison and analogy are used. Import substitution, digitalization of the economy, ensuring the security of critical information infrastructure, as well as the need to control automated systems, communications and users in distributed work in the context of a pandemic that has caused requirements to restrict personal contacts are considered as the main drivers of development for both information security and information technologies. As a result of the analysis, the most priority areas for the development of automated systems for monitoring information flows were identified: analytics, data visualization, system integration, behavioral analysis of threats to information security. Read more...