The administration of the Volgograd region selected Solar JSOC for protection of critical infrastructure

2019: Solar JSOC choice

On October 17, 2019 Rostelecom-Solar reported that the Administration of the Volgograd region entrusted it protection of a regional segment of the Russian information system of health (RISZ VO). Experts of the center of monitoring and response to cyber attacks of Solar JSOC control the level of information security of the solution in mode 24*7 and close issues of interaction with State system of detection, prevention and elimination of consequences of computer attacks.

The Russian information system of health on Volgograd region is created for the purpose of formation of a common information space state of organizations health care of the region and automation medical of assistance to the population. It functions within performance of the Decree of the President RUSSIAN FEDERATION of 5/7/2018 No. 204 "About the national purposes and strategic problems of development of the Russian Federation until 2024" on creation of mechanisms of interaction of the medical organizations on the basis of the Single state information system in the field of health care. RISZ supports personal data patients and the staff of medical institutions and also the data carried to medical secrecy — data about the state of health of patients, types and volumes of the provided medical care.

According to No. 187-FZ, RISZ VO treats objects of critical information infrastructure of the Russian Federation. It is necessary to provide protection of such system in the round-the-clock mode with accomplishment of the strict requirements imposed to the subject of State system of detection, prevention and elimination of consequences of computer attacks and to quickly transfer information on the occurred incidents of information security to NKTsKI.

For receiving in this part of highly skilled cybersecurity services the Center of information technologies of the Volgograd region made the decision to transfer a problem of monitoring of cyberthreats to the external contractor. Based on the tender preference was given to Rostelecom company.

Solar JSOC — SOC in Russia with wide experience of the organization of interaction with State system of detection, prevention and elimination of consequences of computer attacks and an impressive project portfolio, including in state agencies. We see notable advantage of interaction: colleagues from Solar JSOC quickly transfer us significant information on threats and attempts of the attacks which is broadcast in NKTsKI and on the basis of which we can make the weighed decisions on protection, comments Sergey Barykin, the head of department of cybersecurity of the Center of information technologies of the Volgograd region

During the project specialists Rostelecom-Solar in close interaction with committee of IT of the Volgograd region constructed the encoded communication channel connecting IT infrastructure of Solar JSOC and DPC of regional administration. On the next stage transfer of events of information security from the systems of protection in a SIEM system which aggregates these data and provides their correlation was implemented, connecting the events separated, at first sight, in a uniform picture of the developing attack.

For October, 2019 Solar JSOC performs the round-the-clock monitoring of infrastructure of RISZ VO. At the same time specialists of cybersecurity provider see and collect only the technical information from systems. On incidents of high criticality time of informing and issue of recommendations for the customer does not exceed 30 minutes.

This project — one more example of how using resources of external SOC it is possible not only to increase considerably the level of protection of the infrastructure against cyberthreats, but also to provide without serious consequences connection to State system of detection, prevention and elimination of consequences of computer attacks, having fulfilled the key requirement of the regulator,

The next stage of the project plans connection to Solar JSOC of additional sources of data on incidents of cybersecurity and the systems of the Volgograd regional administration.