CC BY
14
BAURINA Svetlana Borisovna and others Azimuth of Scientific Research: Economics and Administration.
CYBERSECURITY REALITIES AND RESOURCES ... 2023. T. 12. № 1(42) e-ISSN: 2712-8482; p-ISSN: 2309-1762
зии CC BY-NC 4.0
V 71К л лО 4-7 (T^f^S I ( г 2023 Контент доступен по лиценз
J r-M / | (ccj чу чх/ [This is an open access article under the
. ____________open access'article under the CC BY-ÑC 4.0 license
J^QJ. 2Q 57145/27128482 2023 12 01 02 lfcáeSM!^B(https://creaiivecommons.org/licenses/by-nc/4.0/)
CYBERSECURITY REALITIES AND RESOURCES OF THE INDUSTRIAL MARKET © The Author(s) 2023
BАURINA Svetlana Borisovna, candidate of economic sciences, associate Professor of the industrial Economics Department Plekhanov Russian Economic University 117997, Russia, Moscow, [email protected]
SPIN: 2977-4475 AuthorlD: 748338 ResearcherID: F-9106-2018 ORCID: 0000-0002-8502-6060 ScopusID: 57195975888
ELINA Olga Alexandrovna, candidate of economic sciences, associate Professor of the Department CAPTAINS Charitable Foundation for Support of Educational Programs "Innovative Management and Social Entrepreneurship"
Plekhanov Russian Economic University 117997, Russia, Moscow, [email protected]
SPIN: 5213-9113 AuthorID: 317955 ResearcherID: L-3139-2018 ORCID: 0000-0001-5003-2471 ScopusID: 6507896849
Abstract. This article is devoted to the study of modern cybersecurity capabilities of industrial enterprises in Russia. The reaction of Russian vendors to the departure of foreign players from the market is presented. Significant cyber attacks on automated process control systems (APCS) have been identified. A description of the protection of Russian industrial enterprises, including those operating on foreign APCS, is given. The specifics of de-digitalization of industrial enterprises have been studied. Threats of partial loss of security during the transition to Russian solutions have been identified. Presented methods of risk management for cybersecurity in enterprises. Described industry regulation of cybersecurity in the Russian Federation. The minimum set of information security hardware and software for APCS protection is defined. Certificates for work on the Russian market have been specified. Scientific conclusions and research results can be useful both to representatives of the scientific and professional communities, and to the industrial management of Russian companies in the formation of a cybersecurity strategy.
Keywords: capability, assurance, cybersecurity, automated process management systems, hardware and software, information security, security, industrial enterprises, digitalization, vendor, market players, threats, methodology, risk management, landscape, business process, artificial intelligence, intruder, information infrastructure, industrial system, supply chains, counterparty.
РЕАЛИИ И РЕСУРСЫ КИБЕРБЕЗОПАСНОСТИ ПРОМЫШЛЕННОГО РЫНКА
© Автор(ы) 2023
БАУРИНА Светлана Борисовна, кандидат экономических наук, доцент кафедры экономики промышленности Российский экономический университет им. Г.В. Плеханова 117997, Россия, Москва, [email protected] ЕЛИНА Ольга Александровна, кандидат экономических наук, доцент кафедры Благотворительного фонда поддержки образовательных программ «КАПИТАНЫ» «Инновационный менеджмент и социальное предпринимательство» Российский экономический университет им. Г.В. Плеханова 117997, Россия, Москва, [email protected] Аннотация. Данная статья посвящена исследованию современных возможностей обеспечения кибербезопас-ности промышленных предприятий России. Представлена реакция российских вендоров на уход зарубежных игроков с рынка. Определены значимые кибератаки на автоматизированные системы управления технологическими процессами (АСУ ТП). Дана характеристика защиты российских промышленных предприятий, в т.ч. работающих на иностранных АСУ ТП. Изучена специфика децифровизации предприятий промышленности. Выявлены угрозы частичной потери безопасности при переходе на российские решения. Представлены методики управления рисками для кибербезопасности на предприятиях. Описано отраслевое регулирование кибербезопасности в РФ. Определен минимальный набор аппаратных и программных средств информационной безопасности для защиты АСУ ТП. Конкретизированы сертификаты для работы на российском рынке. Научные выводы и результаты исследования могут быть полезны как представителям научного и профессионального сообществ, так и индустриальному менеджменту российских компаний при формировании стратегии кибербезопасности.
Ключевые слова: возможность, обеспечение, кибербезопасность, автоматизированные системы управления технологическими процессами, аппаратные и программные средства, информационная безопасность, защита, промышленные предприятия, цифровизация, вендор, игроки рынка, угрозы, методика, управление рисками, ландшафт, бизнес-процесс, искусственный интеллект, злоумышленник, информационная инфраструктура, промышленная система, цепочки поставок, контрагент
INTRODUCTION methodological structure of cybersecurity of business pro-
getting the problem in general form and its connection cesses, automated technological process control systems has
with important scientific and practical tasks. been intensively developed, including the digitalization of
Despite the clear shifts in the landscape of the Russian personnel training to ensure the development of methodol-
security market for industrial enterprises, from which lead- ogy and artificial intelligence (AI) tools, largely due to the
ing Western players left, the threat model did not undergo spread of measures to counter COVID-19. major changes in 2022. It is not the landscape itself that has Analysis ofrecent studies and publications that examined
changed, but the intensity of threats. In recent years, the aspects of this problem and on which the author is based;
Азимут научных исследований: экономика и управление.
2023. Т. 12. № 1(42) e-ISSN: 2712-8482; p-ISSN: 2309-1762
identifying previously unresolved parts of a common problem. In domestic and foreign literature, scientific interest in research issues is actively manifested.
These are the works of recognized specialists in the field of IT infrastructure management of an industrial enterprise - N.V. Anikina, T.V. Glukhova, L.I. Utkina [7], T.A. Golovina, D.A. Sukhanova [10], O.V. Ksenofontova, A.I. Kozlovskaya [15], Okhotina P.A. [19]; research on the information security market in the Russian Federation and the possibilities of using digital tools to ensure cybersecuri-ty of automated process control systems A.V. Volkodaeva, A.V. Balanovskaya [9], V.V. Dudikhin, I.V. Shevtsova [12], O.A. Grishin, S.A. Kurushin [11], V.G. Merzlikina [16], etc. The work of foreign cybersecurity researchers such as N. Martincic [26], E. Haasnoot, Luuk J. Spreeuwers and N.J. Raymond [25], P. Muth, M. Geihs, T. Arul, J. Buchmann, S. Katzenbeisser [27], S. Raja [28], S. Whitburn [29], etc. When writing the work, regulatory materials [1-5] and materials of Internet portals [21; 22] on the declared problems were involved.
METHODOLOGY
Formation of article objectives.
The purpose of the article: to study the modern possibilities of ensuring cybersecurity of industrial enterprises in Russia in the context of the global transformation of world economic relations.
Setting the task. To achieve the intended goal, the following study objectives are defined:
- systematization of significant threats for APCS of industrial enterprises in the context of a change in the structure of the cybersecurity market,
- identification and specification of risk management methods for cybersecurity and peculiarities of industry regulation of cybersecurity,
- determination of the minimum set of information security hardware and software for the protection of APCS of industrial enterprises.
Methods, techniques and technologies used in the study.
The scientific and methodological tools of the study are presented by general scientific, special methods and techniques: comparative and systematic analysis, qualitative and quantitative approaches..
RESULTS
Presentation of the main research material with full justification of the scientific results obtained.
The departure of Western vendors had serious consequences for the Russian market. The current situation turned out to be really difficult. Previously, there were many vendors on the market and healthy competition was created when Russian vendors were under harsh pressure. With the departure of Western vendors, a lot of experienced developers appeared on the market who used to work in the teams of departed vendors. The process of their adaptation to the new realities of the market has not yet been completed. With the departure of Western vendors, an ambiguous situation has developed on the market. Indeed, a "window of opportunity" has emerged in the market. But it should be noted that building protection systems requires investment and time. Replacing the departed vendors will not work quickly. To replace the previous solutions, customers will need to choose a new solution that will fit into the budget allocated for this year for technical support. If this money is not enough, then even the acquisition of Russian systems may be impossible for companies, and they may be without protection [22].
The most painful for the information security of enterprises was the departure of vendors of industrial firewalls (NGFW). Russian vendors are trying to compensate for the current situation, but the situation remains quite difficult.
The revival among the so-called hacktivists was noted by Kaspersky Lab. The difference from previous attacks is that now a well-trained hacker is not required to carry out a cyber attack. It is enough to have basic skills at the level of a student, and using a suitable tool available via the Internet,
you can harm even the enterprise, and not just other users. There are two types of attackers. These are lone hackers and computer hacking enthusiasts, as well as organized groups. A feature of 2022 was a significant increase in the intensity of attacks from both groups of attackers. The first group intensified on the basis of a sense of national duty, and organized hacker groups supported them. There has been a serious surge in attacks, including against critical information infrastructure (CII) facilities, but mainly at the entry level of complexity. At the same time, no significant changes were observed in terms of cyber attack techniques or industrial systems hacking approaches [13]. There were also no high-profile incidents where activists managed to stop the production process. It is impossible to single out the most affected sectors of the economy or the types of enterprises under attack. As a rule, attacks occur without any financial motivation. Attackers are trying to implement direct destructive actions, launch destruction, while the monetization of their activity has faded into the background.
Thanks to the security of enterprises, hacktivists cannot directly harm them. Therefore, they actively conduct attacks through supply chains, through counterparties that are connected by a single production process.
Significant cyber attacks to industrial control system. Usually information on cyber attacks to the Russian enterprises doesn't appear further internal investigations. Information on hackings of automated process control systems (Industrial control system) is closed - unlike the western countries for the Russian community. It is big minus of our professional community because we don't share information. It is possible to call three indicative cases characteristic of all industries.
The first is connected with a wave of the attacks against the enterprises of military industrial complex in the countries of the Middle East. The mailing group and a purposeful phishing were applied to their realization. Letters contained an investment about Word the file through which opening the malefactors got access to infrastructure, applying vulnerability in Word. More than ten companies underwent the attack. In some cases malefactors really got access to infrastructure and could establish the control.
The second case occurred at the beginning of 2022 and influenced work of most the enterprises of Toyota corporation. As a result of an incident it was necessary to stop work on a number of production chains. The attack was carried out through the contractor of holding which delivered spare parts.
The third case belongs to Russia. At the beginning of a year the attack against the Leningrad regional managing director of the electric grid company (LOESK) was carried out. Attack was quickly neutralized and nobody suffered, but the fact of cyber attack indicates that the Russian enterprises are also exposed to the purposeful attacks.
In most cases malefactors don't attack the system of industrial automation directly. The business systems of the company or its corporate IT infrastructure are exposed to the attack first of all [13]. But influence is resulted by the incident demanding a production stop.
In 2022 the attention of cybercriminals was drawn by all key industries of economy of Russia. So, public sector was a main goal. The number of the attacks directed to state institutions continued to grow during the whole year, and actually increased almost twice in comparison with previous year. In total in a year 403 attacks are recorded. Encoders (56 % among the attacks with application of VPO) and malicious applications for remote management (29 %) were the most popular types of malwares. Hackers seek to stop and technological processes in the industry. In a year 223 attacks to the industrial companies are recorded that is 7 % more in comparison with 2021 [13]. Almost in half of the attacks the social engineering was used, in 41 % of cases the malefactors operated vulnerabilities in ON. The share of the attacks to medical institutions of the Russian Federation makes 9 % of total amount. As a rule, it is leak of personal data and
BAURINA Svetlana Borisovna and others CYBERSECURITY REALITIES AND RESOURCES
Azimuth of Scientific Research: Economics and Administration. 2023. T. 12. № 1(42) e-ISSN: 2712-8482; p-ISSN: 2309-1762
medical information on clients. Financial and IT - the sector are best of all prepared for cyber attacks. Concerning them methods of social engineering, a compromise of credentials and operation of vulnerabilities on perimeter are used. More than in half of cases the malefactors concerning institutions of science and education could steal confidential information. The number of the attacks on individuals increased by 44 %; these are the phishing websites (56 %), harmful e-mails (39 %), the victims of social networks (21 %) and messengers (18 %) [13].
Recently threats which were considered as mythical earlier were shown. For example, threats of existence of "bookmarks" in applications or shutdowns of systems because of the sudden termination of support from vendors. Incidents which occurred force to go for replacement of foreign products and to pass to the Russian analogs. Not very long ago safety of industrial control system was often connected with existence of a so-called "air gap", i.e. physical isolation of industrial systems from the outside world. It seemed that it is impossible to influence directly such systems without existence of a physical communication channel.
The belief in absolute reliability of systems in the absence of direct access to them remains prior to the first incident. But now it is necessary to argue differently. If for industrial control system the computer system is used, then the same risks which exist for usual IT-systems are characteristic of it. In terms of safety has no essential value whether there is direct contact with a system or not. To realize "connection", there are many ways. For example, it is possible "to throw the USB stick" or to send the phishing letter.
Protection of the Russian industrial enterprises. The legend of absolute security of industrial control system thanks to "an air gap" long time allowed not to be engaged in the actual protection of industrial control system, and to be limited to "paper" safety. But the situation changed. The most part of the companies which reached the necessary level of the technological development are engaged in information security now.
The driver for launching the process was the adoption of Federal Law No. 187 of the Russian Federation dated 26.07.2017 "On the Security of the Critical Information Infrastructure of the Russian Federation" [1]. Thanks to him, the approach to information security (information security) at industrial enterprises has changed. If earlier practice was limited to the "paper" version of protection, when safety was reduced to periodic checks with bypassing equipment and filling out safety logs, then after the adoption of the law, the attitude towards information security changed. Now the maturity and comprehensive approach to security is evidenced primarily by the use of protection tools throughout the entire life cycle of installed units (Secure Development Lifecycle, SDL).
Russian companies Kaspersky Lab and Positive Technologies are on the list of leaders in secure solutions for APCS. For example, the PT Industrial Security Incident Manager (Positive Technologies) software and hardware complex for deep analysis of technological traffic provides a search for traces of information security violations in APCS networks. InfoTeCS offers invoices (ViPNet Coordinator IG industrial gateway) and embedded cryptographic security tools (ViPNet SIES). Jet Information Systems, BI.ZONE, Positive Technologies provide the services of the GosSOPKA provider with monitoring of the critical information infrastructure segment and data transfer to NCCC [14].
Let's define industries where true security has received full recognition. Neftegas has always taken information security seriously. It is from there that many requests for domestic solutions are now coming. Transport enterprises showed similar interest. For example, Russian Railways recently announced the start of the introduction of quantum distribution of encryption keys. Among the advanced areas, energy can also be noted, where a cyber police has been created to develop information protection tools and assess
the impact of the consequences of cyber incidents.
Protection of enterprises operating on foreign APCS. The global ICS cybersecurity market is represented by traditional leaders and vendors. Market leaders, as a rule, have their own competence centers and are busy building integrated network protection. Schneider Electric, General Electric, ABB, Siemens, Honeywell have safety gateways; centralized platforms for monitoring and managing embedded cyber defense solutions, for example, Honeywell (Forge) and General Electric (Predix); antivirus protection is a partnership between Siemens, Symantec, Yokogawa, Trend Micro, Schneider Electric, McAfee, Kaspersky Lab [24].
Russian enterprises can now choose between the following protection options: the use of compensatory measures, the installation of overhead security tools, the implementation of organizational measures, the development of safe models for using data. Previously, some Western vendors of information security systems forbade the use of overhead protective equipment, threatening to limit the operation of their systems. After disabling their technical support, companies can now use their information security funds. However, a difficult situation is developing. There are certain legal risks. In addition, numerous consulting companies have appeared on the market that offer their services "to provide support at the vendor level in full." The credibility of such promises is questionable.
De-digitalization of enterprises. Today, it is important to de-digitalize if companies do not have other means to protect against existing threats. Unfortunately, digitalization was built without regard to information security. Initially, it was assumed that information security would permeate the digital economy. Then it became < there > less and less. As a result, everything came to naught. The main goals were to increase productivity and efficiency, acceleration. This is wonderful, but it turned out that many systems are built either on open source systems or on imported systems. Now you have to replace it in some way or block it.
As an alternative, it is possible to propose measures for the development of the industry and offer practical steps to raise the radio-electronic industry, create conditions for the production of microprocessors [8]. This will allow you to create trusted hardware and software complexes. Decifration should be considered in a different plane. It is necessary to rely on an engineering approach, not to abandon digital technologies, but to introduce duplication of functions, possibly using alternative principles of their operation -for example, the combination of electromechanics and microprocessor devices. However, the introduced changes must be implemented reasonably, relying on the scientific base.
In fact, digitalization arose in order to optimize production, reduce costs and grow profits. This process is so natural for development that no business will give it up. At the same time, there is a concept of "degraded management." It is able to dynamically manage a group of electric power facilities, collecting data from them on the degree of readiness for work and reliability. The system is able to track itself when indicators fall to the degradation threshold. A deeper decline is unacceptable. This becomes a signal for taking emergency measures to restore the system and ensure its protection.
Threat of partial loss of security when switching to Russian solutions. Close to "de-digitalization" was the assessment of whether the transition to Russian information security systems for APCS could cause a catastrophic decrease in the security level. The question is clearly not idle. Russian systems developed differently. They have a much shorter development period, many practices related to end-to-end security control bypassed previously Russian solutions by the party due to their non-wide implementation in the industry. The current surge in interest in Russian solutions is largely caused artificially. Therefore, the question of their readiness for widespread implementation remains debatable. Most Russian developers do not have rich practical experience in vulnerability management processes. Many Russian vendors
Азимут научных исследований: экономика и управление.
2023. Т. 12. № 1(42) e-ISSN: 2712-S4S2; p-ISSN: 23Q9-1762
also have not built safe development processes.
DISCUSSION
The Federal Service for Technical and Export Control (FSTEC of Russia) is now paying a lot of attention to the introduction of secure software development (software). In previous years, experts from testing laboratories were trained. They studied the practice of using analytical tools. A lot of practical work is underway to scale. The expert center is the Institute of System Programming named after V.P. Ivannikova of the Russian Academy of Sciences (ISP RAS).
Figure 1 shows information on the state of information security at industrial enterprises of the Russian Federation after the start of a special military operation (SVO).
Figure 1. Information on the state of information security at industrial enterprises of the Russian Federation after the start of RWT [17]
According to Figure 1, it can be stated that a third of those who took part in the survey improved their attitude towards information security. But the appearance of 15 % is sad, for whom nothing has changed [17]. However, it is important to understand what criteria they were guided by in their assessment.
Enterprise Cyber Security Risk Management Methodologies
Two standards are identified that contain a detailed description of the risk management methodology: ISO 27005 (Information Security Risk Management) and ISO 31000 (Risk Management). The application of these techniques varies greatly between companies, and this must be taken into account. In addition to risks for information systems, risks for physical objects should also be considered. Industry needs "industry-oriented" techniques that will consider assessing specific unacceptable consequences. Most likely, the development of the theory of the safety of APCS will move in this direction.
Figure 2 presents information on the impact of the legislative framework of the Russian Federation (in particular, Decree of the President of the Russian Federation of 30.03.2022 No. 166 "On Measures to Ensure Technological Independence and Security of the Critical Information Infrastructure of the Russian Federation" [2]) on the real security of industrial enterprises.
framework of the Russian Federation on the real security of industrial enterprises
It is simply impossible to change the APCS. It will be necessary to stop production, and this is a real disaster. You can, of course, patchily replace one solution with another, but additional study will be required.
Industry regulation of cybersecurity in 2022.
The presence of the regulator in matters of industry regulation of the I&C safety control systems by the state is obvious: most industrial enterprises belong to CII facilities. The requirements for technical measures of protection by the state have not changed in 2022. We are talking about orders of the FSTEC of Russia No. 31 [4] and No. 239 [5], which were not amended. At the same time, two new Presidential Decrees were issued (No. 166 [2] and No. 250 [3]), where additional requirements for cybersecurity were formulated. It should also be mentioned the requirements prescribed in the order of the FSTEC of Russia No. 239 [4]. They entered into force in 2023 and touch upon the issues of safe software development, which is used at CII facilities.
In the whole country, unfortunately, there is no industry regulation of cybersecurity in industry. For example, there is no organization in the energy sector that can take on the role of an industry regulator. For comparison, in the United States, cybersecurity regulation in various industries (electricity, maritime transport, mechanical engineering, and so on) is carried out through industry associations. This must be done professionally.
The implementation of Decree of the President of the Russian Federation No. 166 (prohibition of foreign software) [2] causes rather pessimism. Its first part came out late, the second part has not yet received regulatory support. It is urgent to take an inventory of everything that is in the country. It is necessary to create effective cooperation chains that will combine Russian trusted OS and software application products for APCS. Prerequisites should be formed at the state level: production associations, industry associations have been created. This will allow you to move forward. Microprocessor manufacturers need industry customers who will correctly formulate their requirements for the future product. It is urgent to develop a set of concrete practical measures, otherwise the country will face serious problems.
Figure 3 shows information on approaches of industrial enterprises management to APCS protection in 2022.
Figure 2. Information on the influence of the legislative
Figure 3. Information on Approaches of Industrial Enterprises Management to APCS Protection in 2022 [17]
The fact that a significant part of customers have begun testing domestic solutions looks optimistic. But what about someone who doesn't know what to do? Many market players show signs of denial or depression.
Minimum set of information security hardware and software for APCS protection
To ensure the basic level of APCS protection by using the minimum set of information security hardware and software, it is necessary to:_
BAURINA Svetlana Borisovna and others CYBERSECURITY REALITIES AND RESOURCES .
Azimuth of Scientific Research: Economics and Administration. 2023. T. 12. № 1(42) e-ISSN: 2712-8482; p-ISSN: 2309-1762
- separate APCS and corporate network from each other,
- implement the "demilitarized zone,"
- perform network segmentation for large APCS,
- the emergency network must be allocated to a special segment,
- connect cryptographic protection of transmitted information in case of use of open public communication networks.
There is no single list of requirements suitable for all APCS. The named set can be characterized as averaged for typical systems. You can add firewalls, workstation and server protection, incident monitoring, and response to it. All possible means are indicated in the order of the FSTEC of Russia No. 239 [4]. When building protection, it is necessary to be guided by the answers to the following questions: what channels for spreading threats exist in this case and how an attacker can get to the target and realize his intentions.
In addition, it is necessary to strengthen the APCS due to its own built-in means, having achieved an increased level of stability [23]. Such "hardening" is implemented in almost all solutions of Western vendors who left the Russian market. There are no similar means in domestic APCS. It is necessary to launch monitoring and control the system in order to be aware of all security events [6; 18]. And, of course, set up a security management system.
Figure 4 shows the prospects for automating incident response in the industrial network.
Figure 4. Information on the prospects of automation of incident response in the industrial network [17]
According to Figure 4, 20 % are exploring automation. In fact, this is a great achievement against the background of the previous assessment "We do not need anything!"
The main question is: who should use them? If we are talking about suppliers of protective equipment, then they will use the same sources as before. If we are talking about feeds (FID is a stream of content, the blocks of which are downloaded automatically), which can be used at enterprises in order to implement the Threat Intelligence direction, then you need to be aware that there is no one to do this at Russian industrial enterprises. There are no employees of the appropriate qualifications, there are also no tools. Therefore, there are no tasks of building your own Threat Intelligence system at enterprises due to the lack of trained personnel.
It is necessary to distinguish between industrial and corporate funds.
Certificates for work in the Russian market
Consider the following set:
- Certificates of FSTEC of Russia. When selecting, you need to pay attention to which profile they belong to.
- SDL certificates.
- APCS certificates; it is important that the vendor belongs to the Russian jurisdiction.
- Certificates of the Federal Security Service of Russia.
CONCLUSIONS
Conclusions of the study. The departure of Western vendors-developers of APCS and security tools for them hit Russian enterprises hard. In some cases, protection modules were "blocked," in others there was a state of uncertainty regarding technical support, which is unacceptable for
information security systems. Now there is a process of emergency transition to Russian security systems. There are many difficulties on the way, but the industry has not fallen into depression, but is actively developing.
In recent years, interest in the protection of networks and components of APCS has been growing at an increased pace. This is largely facilitated by the digitalization of processes and systems for managing production resources, problems of emergency safety and fault tolerance of production. Today, comprehensive solutions have been requested to form the appearance of information security in order to save money, move to more efficient mechanisms for resource development through automation and audit of many technological processes. A very important role is played by government support in terms of regulation and the provision of subsidies for the development of software products.
Prospects for further research in this direction. Anticipating changes in the market of I&C safety systems, it can be argued that the market will actively develop. In terms of cybersecurity requirements, specialized requirements for each area/industry will appear in the industry.
What new requirements can be expected from regulators? Regulators can be expected to develop regulations to reflect situations leading to unacceptable events. Practical experience in the field of cryptography will also be accumulated, which will allow changes to regulations.
With regard to the development of information security products for enterprises, each vendor already has its own opinion. The main task for the information security industry is now to shape the demand for domestic solutions.
REFERENCES:
1. Federal Law of the Russian Federation N 187 of 26.07.2017 «About safety of critical information infrastructure of the Russian Federation» (latest revision)//http://www.consultant.ru/document/cons_ doc_LAW_220885/
2. Decree of the President of the Russian Federation of30.03.2022 N 166 "About Measures for Ensuring Technological Independence and Safety of Critical Information Infrastructure of the Russian Federation"//http:// publication.pravo.gov.ru/Document/View/0001202203300001
3. Decree of the President of the Russian Federation of01.05.2022 N 250 «About Additional Measures for Ensuring Information Security of the Russian Federation» //http://www.kremlin.ru/acts/bank/47796
4. Order of FSTEC of Russia of 25.12.2017 N 239 (an edition of
20.02.2020) «About the approval of Requirements for safety of significant objects of critical information infrastructure of the Russian Federation» // http://www.consultant.ru/document/cons_doc_LAW_294287/
5. The order of FSTEC of Russia of 14.03.2014 N 31 (an edition of
15.03.2021) «About the approval of Requirements to ensuring information security in automated control systems for production and technological processes on crucial objects, potentially dangerous objects and also the objects posing the increased hazard to life and human health and to the surrounding environment» //http://www.consultant.ru/document/cons_ doc_LAW_165503/
6. Alekseev A.O. Management of difficult objects which conditions are described by means of matrix mechanisms of complex estimation / A.O. Alekseev//Applied mathematics and issues of management. 2020. N 1. p.114-139
7. Anikina N.V., Glukhova T.V., Utkina L.I. Management of IT of infrastructure of the enterprise//Russian Economic Bulletin. 2020. T. 3. N 2. p. 79-83.
8. Vasyaycheva V.A. The mechanism of management of efficiency of innovative activity of the industrial enterprise//Management in Russia and abroad. 2020. N 4. p. 100-105.
9. Volkodayeva A.V., Balanovskaya A.V. The analysis and trends of the market of information security in the Russian Federation. Science about the person: humanitarian researches. 2020. N1 (39). p. 226-232.
10. Golovina T.A., Sukhanov D.A. Risk-oriented management in the conditions of digitalization of economic processes//Management in Russia and abroad. 2020. N 2. p. 59-66.
11. Grishin O.A., Kurushin S.A. Problems of information security and a way of their prevention in the period of a pandemic//the Collection of works of faculty of the right and management of the Federation Council of MGPU / under the editorship of E.A. Guskov. — Samara: Federation Council of GAOU VO MGPU, 2020. - Issue 4. p. 9-13
12. Dudikhin V.V., Shevtsova I.V. Clever management - management with use of artificial intelligence // Public administration. Electronic bulletin. 2020. Issue 81. p. 49-65.
13. Results of 2022 in the sphere of cyber security from Positive Technologies. Press release / Weekly digest d-russia.ru//https://d-russia.ru/ itogi-2022-goda-v-sfere-kiberbezopasnosti-ot-positive-technologies.html
14. The largest companies of Russia in the sphere of information security 2022. Review of CNews Analytics//https://www.cnews.ru/reviews/secu-rity2022/review_table/12b4f5538e57db6abd0a5e202c744bc94f1ec876
15. Ksenofontova O.V., Kozlovskaya A.I. Use of digital technologies in management of business processes at the industrial enterprises //
Азимут научных исследований: экономика и управление.
2023. Т. 12. № 1(42) e-ISSN: 2712-8482; p-ISSN: 2309-1762
Innovations and investment. 2020. N 6. р. 110-113
16. Merzlikin V.G., Zeyda M.V., Parfyonov P.K. Modeling of projections of information leakages of limited access. In the collection: Problems and prospects of development of the industry of Russia. Сб. Materials IX International scientific and practical конф. REU of G.V. Plekhanov. Moscow. - 2021. р. 150-158.
17. Methods and technical means of safety of information: materials of the 31st scientific and technical conference on June 27-30, 2022. SPb: Publishing house of the Polytechnical university, 2022. 180 p.
18. Mechanisms of clever management of the industrial enterprises / V.N. Burkov, O.V. Loginovsky, O.I. Dranko, A.V. Gollay //Applied mathematics and issues of management. 2020. N1. р. 59-73.
19. Okhotina P.A. Problems of information support of a control system of the modern enterprises // the Collection of works of faculty of the right and management of the Federation Council of MGPU / under the editorship of E.A. Guskov. - Samara: Federation Council of GAOU VOMGPU, 2020. - Issue 4. р. 112-115
20. Plotnikov I. Review of the market of the built-in means of cyber security of industrial control system //https://www.anti-malware.ru/analytics/ Market_Analysis/Built-in-ICS-cybersecurity-tools
21. The most influential companies in the sphere the Security.Lab.ru by Positive Technology//https://www.securitylab.ru/analytics/525710.php Cyber security / Portal
22. Cyber Risk Index: we compare the companies on level the cyberse-curity/Blog of the Trend Micro company. Information security. Researches and forecasts in IT//https://habr.com/ru/company/trendmicro/blog/540412/
23. Folco S.G.Management and controlling in the conditions of crisis / S.G. Falko // Controlling. 2020. N 2 (76). р.76-79
24. Industrial Control Systems (ICS) Security Market by Component (Solutions and Services), Solution, Service, Security Type (Network Security, Endpoint Security, Application Security, and Database Security), Vertical and Region - Global Forecast to 2027 // https://www.market.sand-markets.com/Market-Reports/industrial-control-systems-security-ics-mar-ket-1273.html
25. Haasnoot Е., Luuk J. Spreeuwers and Raymond N.J. Veldhuis Presentation attack detection and biometric recognition in a challenge-response formalism // EURASIP Journal on Information Security. 2022. 05 // https://jis-eurasipjournals.springeropen.com/articles/10.1186/s13635-022-00131-y
26. Martincic Н. Review: Hornetsecurity 365 Total Protection Enterprise Backup //Moving forward. 2022. 07. Issue 72. р. 4-12.
27. MuthP., GeihsМ., Arul Т., Buchmann J., Katzenbeisser S. ELSA: efficient long-term secure storage of large datasets (full version) // EURASIP Journal on Information Security.2020.09 // file:///C:/Users/CBemRaHa/ Downloads/s13635-020-00108-9.pdf
28. Raja S. 7 threat detection challenges CISOs face and what they can do about it // Moving forward. 2022. 07. Issue 72. р. 12-14.
29. Whitburn S. How to set up a powerful insider threat program // Moving forward. 2022. 07. Issue 72. р. 15-18.
Авторы заявляют об отсутствии конфликта интересов
The authors declare no conflicts of interests
Received date: 09.03.2023 Revised date: 25.03.2023 Accepted date: 29.03.2023
