Moscow Metro will spend 100 million for total control over mobile phones of employees

2019: The choice of software for control of use of mobile devices of employees

On October 16, 2019 it became known that the Moscow Metro selected 102 million rubles for acquisition of the hardware and software system (HSS) and software for control of use of mobile devices of the employees. This amount was exposed as the starting maximum price of the contract in the thematic tender of the enterprise started on September 27, 2019 in a format of an electronic auction.

Biddings were planned for October 15, 2019, but from two submitted applications one was not allowed therefore the auction could not take place. Names of the companies applicants, including the name of probable future contractor, in a public access are not provided yet. The press service of Subway specified CNews that to call the supplier "it is not possible as biddings are not complete".

According to the technical project, under control of the purchased PACK ICE about 7.5 thousand mobile devices will get, but the hardware-software platform should have a scaling option to 100 thousand pieces of equipment. At the same time for October 16, 2019 on the website of Moscow Metro it is said that in the organization about 57 thousand people work.

"Mobile devices (phones, tablets or notebooks) of the employees working with different data of the subway will be connected to a complex of management (corporate, office or, for example, confidential). First of all, it concerns the specialists occupied in infrastructure maintenance and ensuring transport security. The complex should allow workers of the subway to work quickly with necessary data even outside office, without thinking of additional resources of protection and saving their confidentiality. The special software will be established on earlier issued office devices and devices purchased within this purchase", 'the representative of Subway noted'

CNews noted that the technical project of the tender does not provide purchase of additional mobile devices therefore, obviously, the press service meant server "iron".

In the documents posted on the website of state procurements it is said that the platform on management of mobility should be compatible to versions of OS not below Android 4.0 and iOS 7.0 is not lower, to provide an ability to manage with notebooks on Windows OS (the version not lower than XP) and Mac OS (the version not lower than 10.5). With its help it will be possible to tie so-called security policies to the physical location of the mobile device defined through functionality of a geolocation.

The platform should reveal threats for mobile devices and notify on them. Within its functionality on mobile devices there has to be a module on detecting and removal of the malware, to be installed the safe browser with access to the websites determined by the customer using the configured gateway, safe mail with authentication by the certificate and integration with Exchange. Also on them should be implemented safe file sharing using the configured gateway and the safe editor of documents.

The functionality of remote record or listening of a talk is not stated in requirements to properties of the platform anywhere, however the possibility of remote blocking of the device, cleaning of content and settings, removals of data (selective or complete) including without confirmation by the user, inclusion/shutdown of the camera is supposed.

The platform should control the applications installed on devices, giving an opportunity (most likely, to administrators) to delete them or to set compulsorily, including in "the silent mode".

"The platform should have function of monitoring of actions of users of mobile devices and creation of automatic reports on violations of security policies, said in the technical project. — The administrator should have a possibility of collecting of logs from the remote mobile device for more detailed analysis. The platform should have a possibility of display of a geolocation of the mobile device in real time".

According to the Russian legislation ordering at state procurements of software in a priority order to be guided by the register of domestic software at the Ministry of Telecom and Mass Communications, Subway provides obligatory justification of impossibility of use of the Russian products for ensuring information security in the tender documentation — owing to their purchase of functionality, insufficient for the purposes.

Within this justification Subway according to the list from several tens parameters considers the software package Secret MDM of Code of Security company, Kaspersky Security software for mobile devices of Kaspersky Lab and the system of protection of corporate cellular communication SafePhone of "The national innovation center".

As a result, the customer comes to a conclusion that completely any of these products does not meet all functional requirements. In particular, in all three are completely not implemented safe mail with authentication by the certificate and integration with Exchange and also display of a geolocation of the mobile device in real time.^[1]

Notes