October 19, 2016
One Small Step into Giant Industrial Security.
The other day, Innopolis – the hi-tech town just outside the city of Kazan, Tatartstan, 800 kilometers directly to the east of Moscow – became a “world center of industrial systems’ cybersecurity”.
I was here early this year marveling at the speed of its development and ambitiousness of its plans, all the while turning over its future prospects in my mind.
First of all, let me get all gushing in singing praises: I take my hat off to the determination and persistence of the local authorities, the assuredness of the partners and sponsors, and also the professionalism of the contractors and everyone else who played a part in making Innopolis a reality.
Innopolis was built from nothing in just three years according to a hi-tech concept for hi-tech companies: here there’s excellent infrastructure for both living and doing business, a special economic zone, university, and an international airport not far away.
The year-round conveniences and also the prices here are so attractive it could make you think about dropping everything and moving to Tatarstan at once! In the winter there’s downhill skiing, in summer there’s the golf course, in fall there’s mushroom picking in the surrounding forest, and all year round there’s fishing on the Volga. A 50m2 one-bedroom apartment costs a mere 7000 rubles (~$110) to rent and a two-bedroom apartment costs just 10,000 rubles (~$160), which has a lift going down to the underground parking, which incidentally also costs next to nothing – 1000 rubles per month (~$16). Also: the gym + swimming pool costs just 15,000 rubles a year (~$240)!
Moreover, everything is brand spanking new, shiny, modern, stylish and hi-tech – a far cry from its humble, rural/provincial surroundings.
There’s only one thing that spoils things: Innopolis is surrounded by ugly vacant lots and construction sites. Still – no omelet without the proverbial eggs – and it’s obvious that it’s not going to stay that way forever. It looks like it’ll soon either be built up with more swish residential buildings or just made pretty with landscaping, lawns or something else pleasing to the eye.
So, as you can see, it’s no wonder there’s a long line to get here to live/study/work.
We had the foresight to get in line early on, so now we’re thankfully at the front of the line: We’ve been cooperating with the local university for six months already. In summer we opened our Industrial Security Center; here we run regular training sessions on protection of industrial objects from cyberthreats, develop new solutions, conduct thematic conferences and exchange all sorts of know-how.
And just the other day we were at Innopolis to announce the creation of the first commercial ICS-CERT in Russia for industrial security!
So what’s a CERT, and why’s it needed?
A computer incident – be it a malware outbreak, hacker attack or just a system being down – can provoke inappropriate actions and turn a small dose of bother into an unreal nightmare of colossal scale. And that goes for industrial installations too. And, being industrial installations, unreal nightmares of colossal scale can easily mean catastrophe.
A CERT – a computer emergency response team – is a group of specialists from different companies that collects and classifies information about high-profile incidents, develops countermeasures, and coordinates actions of equipment manufacturers and operators. An ICS-CERT (Industrial Control System CERT) is a higher, independent, sector-specific body, which is able to competently answer the questions ‘what happened?’,
‘who’s to blame?’, and/or ‘what needs doing?’, if something unpleasant happens in the field of industrial security.
But wait – there’s more. At the start of this post I began by saying that Innopolis had become a world center. Indeed it has – no really – no hyperbole: reality. I mean, I’ve never seen anything quite as specialized, thorough and correct as this in Russia for this kind of activity.
There also took place here the fourth annual conference on industrial cyber-protection, plus a small exhibition of protective solutions for technological processes.
This year the conference became a touch ‘international’ too: Italians, Germans, and even a Texas oilman took part.
We also ran a training session for specialists, played some industrial security games, and launched the new version of our cybermap showing incidents involving industrial systems.
And for dessert, there was also the final of our international industrial-equipment-vulnerability- detection-CTF competition: I can’t think of a better way to finding the imperfections in our industrial protection to make it nearer and nearer to perfect for the benefit of saving the world!
Woooweee. That sure was lots going on in Innopolis – all of it good. Of course, it’s all only a small step, but it does still bring us nearer greater security for mankind :).