Rostelecom-Solar protects ERA-GLONASS emergency response system from cyber attacks

2021: Protection of ERA GLONASS emergency response system from cyber attacks

Rostelecom-Solar on December 20, 2021 announced the protection of the ERA-GLONASS emergency response system from cyber attacks.

JSC GLONASS"" uses the to cyber attacks Solar JSOC company's countermeasure center service Rostelecom Solar " to monitor IB incidents. Solar JSOC is connected to emergency response system facilities. Accidents ERA GLONASS As part of the -Rostelecom Solar project, it also ensures compliance with the requirements of No. 187-FZ - about. In critical information infrastructure security particular, in the near future, Solar JSOC will begin to transfer to. State system of detection, prevention and elimination of consequences of computer attacks data

Critical information infrastructure (CII) objects are in the focus of attention of cyber groupings. According to Rostelecom-Solar, in 2021, 92% of such complex, targeted attacks were directed (Solar JSOC) to the KII segment. At the same time, ART attacks on critical infrastructures can not only lead to multimillion-dollar financial losses and technical failures, but also threaten the security of citizens. So, more than 8 million vehicles are connected to ERA-GLONASS, the time for transmitting incident information to emergency services through the system does not exceed 19 seconds. The automated information interaction of ERA-GLONASS with Sistema-112 has already been provided in 70 regions.

А что цитируем-то?

The monitoring service is provided by GLONASS JSC according to the cloud model. The customer infrastructure has a module for collecting events that are already being processed in the SIEM system located in the Rostelecom-Solar cloud. SIEM uses scenarios such as IB incident detection, operation of known vulnerabilities, launch of illegitimate and suspicious software on hosts and use of TOR utilities, login control under administrator accounts, monitoring of connection to networks via VPN and much more. Solar JSOC experts analyze the collected information, look for relationships between events. If anomalies or violations of security policies are detected, an initial investigation and assessment of the incident is carried out, and recommendations are made for its elimination. If necessary, Solar JSOC specialists conduct a comprehensive investigation of complex incidents.

Attacks of highly qualified attackers are extremely difficult to detect, since they use techniques to bypass basic protection tools and do not leave traces of presence in event logs. It is necessary to identify chains of events by indirect signs and non-obvious triggers. It is especially important that the owners of critical infrastructures such as ERA-GLONASS understand the danger of an increasing cyber threat and choose more advanced protection options. For the analysis of incidents, Solar JSOC uses its own daily updated database of indicators and knowledge about cyber threats (Threat Intelligence), information from a network of sensors and hanipots throughout the country, pentest results, data from third-party SOUNDand CERT, vendor subscriptions, as well as regulator data,