Technoserv created Command center information security for RPF

Command center information security - the centralized complex of forces and means intended for warning, identification, reaction, mitigation of consequences and investigation of incidents of information security in information infrastructure of RPF.

Main objectives of TsUIB are:

• forecasting, detection and neutralization of security risks of information;
• ensuring steady and smooth functioning of information systems of RPF;
• ensuring compliance to requirements for security of information;
• increase in trust to RPF due to increase in level of security of information resources of RPF.

The command center of information security provides solving of tasks of inventory of assets of RPF; the centralized collecting and data analysis about all incidents of cybersecurity of RPF with the subsequent visualization of analytical materials and reporting; decision makings and responses to different types of incidents of information security for the purpose of minimization of damage to primary activity of RPF; analysis of security of RPF; increases in awareness of users and also interactions with the third-party centers of monitoring of cybersecurity.

2019

Completion of creation of TsUIB

On April 26, 2019 the Technoserv company, the Russian system integrator, announced project completion on creation of the Command Center Information Security (CCIS) for the Pension Fund of the Russian Federation.

TsUIB quickly reveals incidents of information security One or several unexpected or undesirable events in the field of cybersecurity with which the considerable probability of a compromise of processes of RPF and creation of threat of information security is connected, and reacts to them in information infrastructure of RPF. The implemented management processes of cybersecurity provide the continuous growth of level of security of information systems and increase in culture of cybersecurity in general.

Specialists of Technoserv executed a full stroke of works: from design, delivery and setup of a hardware and software system before development, implementation and maintenance of start in operating activities of management processes of cybersecurity.

The technology basis of TsUIB is constructed on modern solutions:

• to the platform of information security incident management (IRP),
• to the system of collecting and correlation of events of security (SIEM),
• to the system of inventory of IT assets,
• to the system of visualization and reporting.

To provide the most effective information system protection of RPF, all platform was integrated with already existing in the IT system and cybersecurity solutions including technical support service and the system of inventory of IT assets.

Within the project hundreds of sources of events and metadata about network interactions from federal state information systems and 85 subjects of the Russian Federation were connected.

The project for the Pension Fund of the Russian Federation is selected with the scale and care of study of questions cybersecurity. Creation of the centralized processes of identification and response to all relevant types of cyberthreats in RPF was difficult and uncommon. Alexey Kopeykin, director of the department of work with government institutions of Technoserv company

We are proud of assessment of our competences of creation of this Security Operation Center SOC center. Accomplishment of such large-scale projects and ensuring cyberstability of the enterprises is the main priority of work and development of Technoserv in the direction of information security. In each project we aim at that the result of our work as fast as possible began to bring to customers benefit. Therefore special attention is paid to building of processes of cybersecurity and interaction between divisions of IT/cybersecurity. The accumulated experience of similar projects allowed us to create own methodology of creation of SOC based on practicians and the legislation of the Russian Federation. At the same time the methodology is flexible and adapts under features of each customer. Sergey Terekhov, director of competence center of information security of Technoserv company

• Processes of identification and inventory of assets are implemented and the database of information resources the cybersecurity filled and updated from several and IT of sources is implemented. The base contains more than 90,000 records in a target status, including information on program and the hardware of assets, system and network settings, parameters of security and the existing vulnerabilities;
• Hundreds of sources of events and metadata about network interactions from two federal state information systems and 85 territorial subjects of the Russian Federation, including operating systems, databases, active network equipment, the application software, and means of protecting of both foreign, and domestic manufacturers are connected;
• The uncommon task of building of the centralized processes of response to several tens of types of cyberthreats and incidents of information security of RPF is solved – the continual loop of determination of relevant threats, development of the detecting measures concerning relevant threats, implementation of rules of reference of events to incidents of cybersecurity, formalization of management processes and development of several tens plans of response to incidents of cybersecurity, feedback, statistical data and the transparent reporting for the management is organized;
• TTsMIB is deeply integrated into the existing infrastructure of the Pension fund. Functional parts of TTsMIB and technical and software tools of protection complement each other.
• Activity of command center of cybersecurity is organized taking into account the recommendations of the domestic and international organizations and adapted to the processes existing in RPF, organizational and regular structure and features of productive activity.
• Cooperation with the leading third-party centers of monitoring, including with FinCERT of the Bank of Russia is established
• Ensuring cyberstability of activity of department in the world of daily cyber attacks: The center started detection and prevention of the computer attacks, to protection and ensuring safety of data which collects, stores and processes the Pension Fund of the Russian Federation.

Uniqueness of the project

• One of the first centers of response to cyberthreats implemented in public sector within the Digital Economy program and execution of provisions of the legislation of the Russian Federation on increase in security of the state information resources is created.
• One of the largest implementations of this segment in federal agencies.

The second stage

To the second stage of works in RPF there were high-end servers of IBM z13. The used operating system — IBM z/OS, the proprietary 64-bit server OS developed by IBM company for self-produced mainframes. The involved DBMS — IBM DB2.

Also IT infrastructure of RPF included software of MaxPatrol Server, MaxPatrol Consolidation Server (consolidates information from the different MaxPatrol servers), software "Security Vision: center of intellectual monitoring and information security management" and software of process automation of response to incidents of cybersecurity of IBM Resilient Incident Response Platform Standard. For software of the created Center it was necessary to provide compatibility with all these means.

At the same time, as specified in Technoserv, the mentioned IBM z13 mainframes a direct part of the Center is not, and are a part automated InformSystems of the Pension fund of the next generation (AIS RPF-2). Mainframes in RPF act as an asset which the Center is designed to protect.

Moreover, the integrator assures that for the project no "iron" was bought in principle.

At the second stage Technoserv needed to implement software of IBM for protection of mainframes — zSecure Audit and zSecure Alert and also the portal solution Positive Technologies Reporting Portal, R-Vision monitoring system, "Security Vision: Center of intellectual monitoring and information security management". Three last products are the Russian developments. R-Vision and Security Vision are included in the Register of the Russian software.

In addition the integrator needed to carry out installation and setup of anti-virus software, software of centralized operation by firewalls and software of asset management. Specific vendors of these programs are not stated in the technical project.

2017: A victory in the tender and creation of the first stage of TsUIB

Besides, in September, 2017 Technoserv came out the winner from the tender for delivery to the Center of the software for 63.5 million rubles, having bypassed Tegrus company at biddings. Under the terms of the contract of RPF software of monitoring and management of cybersecurity from the Register of domestic software at the Ministry of Telecom and Mass Communications was required — compatible to the software packages of monitoring of events of information security IBM QRadar which are in operation in RPF.

Creation of the first stage of the Center was also performed earlier by Technoserv. He received the contract for the amount of 44.6 million rubles in May, 2017 according to the results of one more electronic auction, having bypassed Uniform System Technologies company at biddings.^[1]

Notes