Cybersecurity Center UTSB and Atomik Soft tested a software platform for automation of CII objects

2024: Checking "Alpha" platform

The USCS team checked the Alpha Platform software complex Atomic Software for compliance with the requirements of Order No. 239 of the FSTEC of Russia from 25.12.2017 for use at critical information infrastructure (CII) facilities. The UTSB announced this on May 27, 2024.

Due to the fact that ON Alpha Platform is used in facility automation projects, CUES where customers and regulatory authorities have high requirements information security for and protection of such facilities, as well as to improve the safety level of their own, software the developer of Atomic Software needed to ensure that Alpha Platform Software fully complies with the requirements of the regulator. To conduct comprehensive testing and develop supporting documentation confirming compliance with the requirements for secure development, the developers turned to the specialists of the CSS Center cyber security.

The work was carried out in three stages in accordance with paragraph 29.3 of Order No. 239 of the FSTEC of Russia. In particular, in order to fulfill the requirement of paragraph 29.3.1, USCB experts developed a "Software secure development Guide" and prepared a model of information security threats for the Alpha platform. When creating the threat model, the project team used the international STRIDE technique with a wide range of analyzed attack vectors on software components. It is optimally suited for complex software complexes with many functional modules.

To implement paragraph 29.3.2, experts also conducted a set of tests to identify vulnerabilities in the Alpha platform, including static analysis of the source code and fuzzing of software testing.

We implement a systematic approach to setting secure development processes (DevSecOps) - from auditing to supporting the process of certification of developments for compliance with regulatory requirements. Our specialists will help you implement secure development tools at any stage of software product maturity, prepare documents for compliance requirements, and support operations in the format of periodic software security testing. The presence of expert teams in the UTSB allows you to work in parallel at different stages, thereby significantly saving time and improving the quality of tasks performed, "said Evgeny Todyshev, head of the Secure development department of the UTSB.

To implement paragraph 29.3.3 of Order No. 239 of the FSTEC of Russia, UCC specialists developed documents describing the procedures for tracking and correcting detected software errors and vulnerabilities. Such information will further help developers prevent accidental introduction of vulnerabilities, thereby increasing the resistance of the digital product to malware and unauthorized access.

As a result of the project, Atomik Soft confirmed the maturity of the Alfa Platform software secure development processes and received a CSS opinion on compliance with the requirements of clause 29.3 of Order No. 239 of the FSTEC of Russia. Thus, the software package can be used on significant objects of the critical information infrastructure of the second and third categories. The company has a full package of supporting documentation for the Alpha Platform.

The quality of development, the level of security of the company's solutions are very important for us and our customers. The functionality of the software platform allows us to implement automation projects for technological and production processes of almost any complexity and apply our product at CII facilities. Thanks to the work carried out for compliance with the requirements of the FSTEC of Russia, we have documentary evidence of compliance with high safety standards, - said Kirill Silkin, Technical Director of Atomic Software.