The industrial holding ROTEC JSC and Group-IB, one of the leading developers of solutions for detecting and preventing cyberattacks have entered into a cooperation agreement to ensure technological and cybersecurity of critical infrastructure facilities. The agreement was signed at the International Industrial Trade Fair Innoprom 2021 and will allow ACS and IS specialists of enterprises to observe and take proactive measures to prevent incidents caused both by service wear of equipment and as a result of cyberattacks.
The recent cyberattacks on the operator of the largest American pipeline, Colonial Pipeline Co., on water treatment plants in Israel and the United States, or nuclear power sector in India, clearly demonstrate not only the increased interest of the attackers in critical infrastructure, but also the relatively low level of readiness of most enterprises to confront the current cyber threats.
In the first half of 2021, the number of attacks on critical infrastructure facilities recorded in Russia was almost 3 times more than throughout 2019. Moreover, 40% of attacks on CII facilities in Russia were committed by cybercriminals, 60% — by pro-government attackers.
The motives of criminals attacking APCS may be different: equipment failure and production shutdown, industrial espionage or military intelligence. In most cases, attackers use the following three basic scenarios:
Targeted attacks typically involve socially engineered malware mailings to working machines on the corporate network. Targeted attacks on technological networks sometimes take years.
Entry from the outside perimeter involves penetration into the corporate network via web services, “hanging out on” for example, a corporate portal or mail service.
Air-gap attacks on businesses, i.e., search for “an air gap” to penetrate into physically isolated critical network segments. In this case, malware can enter the technological network, for instance, via flash drives.
Group-IB experts say that in 90% of cases, the technology segment is attacked via corporate networks, i.e., according to the first two scenarios. Therefore, solutions to ensure the security of the infrastructure of industry and production facilities should be comprehensive and capable of detecting cyberattacks at any stage. Their task is to fully control the network, monitor abnormalities and irregular network activity in APCS, record undocumented capabilities of industrial protocols, and track all activities on the network.
Besides, man-made threats cannot be ignored since up to 3,000 accidents are registered annually at generation facilities of the unified energy system, while over 45% of these take place at turbine and boiler equipment. A few hours of forced downtime due to an accident can result in losses of tens of millions of rubles for a company.
Thus, the cooperation between ROTEC and Group-IB is aimed at confronting these risks and ensuring the technological and cybersecurity of critical infrastructure facilities.
According to Alexandr Kukanov, Director for Digital Solutions and Projects of ROTEC JSC, the core product of cooperation under the agreement is represented by PRANA hardware-software package. This Russian solution developed for industrial enterprises is a predictive analytics and remote monitoring system to control the status of technological facilities. The system drastically reduces customers’ technological risks by predicting the status of machines long before an accident occurs. In addition, Threat Hunting Framework Industrial developed by Group-IB will ensure comprehensive protection for all segments of enterprises from complex cyberattacks belonging to various ranges: from both pro-government hacking groups and financially motivated cybercriminals.
As a result, productions and companies that conduct their activities in the fuel and energy sector, as well as other important infrastructure facilities, will be provided with a unique tool that combines methods of protection from various types of risks to prevent man-made accidents and financial losses associated with production shutdown caused by deliberate attacks.
The joint solution will allow specialists to take control of the entire network of the enterprise, monitor the slightest changes in the operating modes of equipment, record actions (or failures to act) taken to normalize the operation of machines, as well as any attempts to penetrate into the information infrastructure.
Any technical device may somehow fail in the course of operation. However, it can be provided with a digital model that enables the System to monitor the status of this unit during its operation and predict the likelihood of any defects by analyzing thousands of different parameters and the degree of their deviation from standard values. This particular technique forms the basis of PRANA predictive analytics hardware-software package.
PRANA analyzes the data received from equipment (3,000 signals per second from each power unit) in real time and automatically detects any deviations, ranking them depending on their significance. In contrast to the widespread APCS systems that signal malfunctions “after the fact”, PRANA makes it possible to predict accidents 2-3 months before the incident. Within a unified interface, the status of each machine (regardless of its manufacturer) and the entire enterprise as a whole can be monitored remotely using any modern tablet or PC.
Being commercially operated since 2015, PRANA hardware-software package has come into widespread use in the fuel and energy sector. Dozens of power units throughout our country, as well as at a generation facility in Kazakhstan, are being operated under its protection. Given the scale of spread of this system in Russia, it is actually recognized as an industry standard. This was largely facilitated by its versatility since PRANA supports equipment by all internationally known manufacturers without modification or additional configuration (Siemens, General Electric, Ansaldo, Power Machines, UTW, etc.). Currently, this system monitors the technical status of machines worth almost $5 billion.
“It is obvious that systems related to the intelligent management of any infrastructure, including those related to its operation and maintenance, will develop even more,” predicts Alexandr Kukanov. “Technologies are developing, the role of IT in infrastructure management is increasing year after year. And this is where the risks of cyber threats arise. Hacking of the internal information infrastructure at an energy sector facility and applying control activities to it may cause substantial losses, damage and even human casualties. Therefore, a combination of solutions to ensure technological and information security is becoming increasingly more in demand.”
According to Mikhail Lifshitz, Chairman of the Board of Directors of ROTEC JSC:
“Interdisciplinarity is becoming a characteristic feature of the era in which we live. We are no longer surprised when mathematics is used in biology, and bionics in - mechanical engineering. What we do with Group-IB is at an interdisciplinary junction, at the junction of the human and the virtual world, Internet of Things... At the same time, with the PRANA System, we also ensure protection against unintentional human errors and potential errors of machines and electronics, and Group-IB protects the world of machines and electronics from malicious human actions, so together we provide a completely unique set of products that makes driving on this bi-directional road safe.”
On the part of Group-IB, protection against current cyber threats will be provided by an integrated solution of a new class – Threat Hunting Framework (THF), and its innovative solution aimed at protecting critical infrastructure facilities - Threat Hunting Framework Industrial that makes it possible to automatically investigate incidents, identify the causes of their occurrence, link attacks with the attackers, and find out their motives.
THF Industrial creates a unified environment for specialists involved in ensuring the information security of corporate IT networks and for engineers responsible for the operation of the automated process control system (APCS) and production lines in OT (Operational Technology). The development of Group-IB is an effective technological response to both cyber threat No. 1 — ransomware programs that can instantly paralyze work and leave a company without money, as targeted attacks on technological networks by pro-government hackers.
According to Ilya Sachkov, CEO of Group-IB:
“In 90% of cases, attacks on the technology domain are carried out through corporate networks, therefore solutions that ensure the security of the infrastructure of industrial and production facilities must be comprehensive and capable of detecting cyberattacks at any stage. Their task is to fully control the network, monitor abnormalities and irregular network activity, record undocumented capabilities of industrial protocols, and track all activities on the network.”
Unlike other solutions for protecting critical infrastructure, THF Industrial provides the possibility of proactive threat hunting both within the organization perimeter and beyond it through integration with the Group-IB Threat Intelligence & Attribution cyber intelligence system. This allows automatic correlation of events and alerts associated with one attack and attributing it to the hacker group and even specific people, which is an integral part of the new paradigm of cybersecurity — proactive hunting. Using the detailed analysis of industrial protocols (Siemens, Schneider Electric, ABB, Honeywell, Emerson, etc.), engineers can create their own rules to identify abnormalities and attacks specific to their production.
Source: Energy and industry of Russia
The PRANA Predictive Analytics and Remote Monitoring System has received another update of the operating system.
The industrial holding ROTEC JSC and Group-IB, one of the leading developers of solutions for detecting and preventing cyberattacks have entered into a cooperation agreement to ensure technological and cybersecurity of critical infrastructure facilities. The agreement was signed at the International Industrial Trade Fair Innoprom 2021 and will allow ACS and IS specialists of enterprises to observe and take proactive measures to prevent incidents caused both by service wear of equipment and as a result of cyberattacks.
The industrial Internet begins with the introduction of systems based on mutual penetration of information technologies and automation devices of manufacturing equipment, such as the systems of remote monitoring and diagnostics. One of the inspection methods of the equipment’s condition is its continuous monitoring, which is a necessary condition for the transition to a service system on the operating condition
According to Mikhail Lifshitz, Chairman of the Board of Directors of ROTEC, Russian power engineering company, the venture capital market in its present state is currently raising people whose aim is not to create a winning product, but just to raise funds. With regard to his business, Mr. Lifshitz abandoned the speculative component and headed for the long-term integration of ideas into production.
Despite the hazy weather and pouring rain, the yachtsmen were in a terrific mood! Three crews of racing yachts in Olympic Class SB20, mainly represented by employees of ROTEC, PRANA and TEEMP, took the whole winners podium in the amateur competition. For most of the participants, it was their first-ever experience of this kind – and they claimed victory straight away!
The trend towards digitalization and flourishing of the service economy have led to the emergence of a new model – Maintenance-as-a-Service. Let’s explore how it’s organized and the benefits that it offers to business.
The Internet of Things (IoT) integrates devices into a computer network and allows them to collect, analyze, process and transmit data to other facilities via software, applications or technical devices