Alexander Chupriyan, NCC: Comprehensive Security Assurance (COB) - a new look at the protection of industrial enterprises

Alexander Chupriyan: Officially, the business direction of KOB has existed for a little over a year and only recently we announced it in full voice. However, in fact, the NCC has been working with problems for many years. We are one of the few companies in the Russian IT market that has long been seriously involved in various types of security in the context of ensuring technological sovereignty. countries This is not only - cyber security today many system integrators and specialized companies are engaged in it, but also comprehensive security in all areas. So far, we identify seven main types: technogenic, fire, environmental,,, transport power cyber (information) and physical security (anti-terrorist protection). In the future, there may be much more such areas and now we are working on this.

Communicating with the heads of industrial enterprises and their deputies, we found an interesting pattern: most organizations consider safety issues from a certain perspective - from the point of view of technogenic, fire, environmental safety. But real problems most often arise at the junction of directions. We came to the conclusion that it is necessary to manage security in a complex. Thus, an integrated approach was born, based on the relationship of big data analysis and forecasting with the use of intelligent solutions. With their help, enterprises will be able to ensure a high readiness for effective protection and prevent more than 1000 different risks and dangerous events. Further, we plan that this approach will be widely used by all large companies and this will help us solve problems of national scale and importance.

For NCC, KOB is not just a new direction. This idea goes far beyond business and extends much wider than the statutory mandatory requirements for industrial safety and compliance with environmentally acceptable standards. This is a client-oriented approach, high sensitivity to the needs of our potential partners. We are also a partner of the state in its quest to reform control and oversight activities. KOB is the missing link in the reform of state control and supervisory activities: after all, the point is not in the number of planned and unscheduled inspections, but in the fact that the solutions we propose are able to prevent large-scale man-made disasters.

Alexander Chupriyan: Because the security of the enterprise is the security of the country. The accident-free operation of the largest industries is the basis of the Russian economy, its well-being and defense capability. Every year the number of production capacities is growing, respectively, and risks are growing. The more production facilities, the more urgent the issue of control and monitoring of emergency situations. In addition, priorities have now changed a lot. Until recently, the digital transformation of industrial enterprises had more commercial goals, namely, improving the efficiency of production processes, optimizing costs and increasing profits. Not a word about security! But it is without her that there will be nothing - neither processes, nor profits, nor the enterprises themselves. Therefore, we have developed a modern digital approach covering this area as well.

Alexander Chupriyan: Our team is not indifferent people who have extensive experience in organizing measures to prevent emergency situations. This is our main idea that unites us. The very response to an emergency, the elimination of its consequences with the help of modern special means - it stands at the very end of the chain. That's the last thing we can do.

The key principle of the Safety Committee is predictive risk management. That is, the ability to influence security events long before the incident becomes irreversible. This is a completely new phenomenon not only in NCC, but also in Russian business. So far, there is nothing of this at the industrial enterprises of Russia. Yes, there are funds, plans, checks, but all this is aimed exclusively at responding. There is no holistic approach, no system. There are not enough preventive measures. It is them that we develop and improve within the framework of the KOB concept.

We do not claim that no one has dealt with security before us. But it is we who look at it in a new way, using the word "complex." And it is we who put our philosophy into practice.

Alexander Chupriyan: The digital security passport is completely our development, which has no analogues on the market. This is one of the main innovations and practical goals of the implementation of the Safety Assurance System. The product is a system of analytical panels-widgets that display summary data on various types of security and allow you to assess possible risks.

The digital passport collects and accumulates all key indicators with which it is possible to assess the readiness of forces and means to respond to incidents, the presence of negative events: accidents, untimely planned measures, detected violations by control and supervisory authorities, failure of warning systems, monitoring, etc.

Observing the widgets, the enterprise manager sees the dynamics of changes in indicators, their current state and keeps the security situation at the entrusted facilities under control. Specially prepared algorithms analyze the collected information and supplement the analysis results with visualization and color indication. Thus, the processes become clear and transparent to the manager.

The key innovation of the digital security passport lies precisely in the dynamics. Today, existing safety passports at enterprises are written on paper. Their use in order to prevent and respond to threats is ineffective, since this format does not allow you to quickly change indicators, because of this they quickly lose relevance. At the same time, the dynamics of changes in security parameters is always very high.

Unlike paper passports, a digital security passport reflects the actual state of existing processes and security indicators at any given time. The passport widgets clearly show in which segment the parameters have changed at the current time and how this will affect the security of the enterprise and its individual objects. The digital passport is based on a generalized assessment of the current safety state on the basis of the integrated safety index.

The digital security passport of a large corporation has a multi-level structure. At the lower level - digital safety passports of workshops, sites, sites of the enterprise, above them - safety passports of the enterprises themselves, branches and other territorial structures of the organization. The apex of this model is a unified system for controlling all safety processes - it is also a digital passport of the entire organization, which covers all objects and all types of security.

Alexander Chupriyan: In fact, this is the point of unification of all safety systems. The integral index is built on the basis of tracked indicators for all enterprises of the holding. This indicator takes into account the parameters of monitoring threats and objects, current statuses for action plans and response, information on planned and actual emergency rescue and fire forces and means, status of completed tasks as part of operational plans of duty officers, relevance and compliance with the documentary, organizational and technical support for regulatory requirements in the areas of safety, current statuses of inspections and compliance with regulations of supervisory authorities, as well as a number of other parameters. Changes in the integral index allow you to timely note and respond to important security changes.

By analogy with the multi-level structure of safety data sheets, the integral index of the organization's safety data sheets reflects the aggregate state of security processes immediately for all enterprises and territorial structures under the organization's jurisdiction. Similarly, the manager can monitor the security status of specific branches, enterprises, up to the lowest level of the organizational structure - workshop, site, etc. Working with this data allows us to achieve the key goal of the Safety Committee concept, namely, to move away from incident response to preventive security work.

Alexander Chupriyan: The comprehensive solution is built on the principle of the industrial Internet of Things, with the difference that in addition to the usual sensors and systems for collecting, analyzing and storing data, the KOB ecosystem includes systems of intelligent video surveillance, integrated anti-terrorist security and cyber security, transport monitoring, fire protection, monitoring environmental parameters, monitoring and control of engineering structures and much more. The solution is integrated with ERP credentials and PCS-class systems. Artificial intelligence algorithms are used to analyze aggregated data, which significantly speed up the processes of detecting and eliminating threats.

Alexander Chupriyan: We have a well-structured methodology, which implies the implementation in four stages: this is an assessment of the current level of security of facilities, the design of an information model and a threat model of the enterprise, the deployment of the Safety Assurance System at pilot facilities of the company and scaling up - the implementation of the Safety Assurance System at all facilities of the company. We are ready to go through all stages - from the implementation of pilot projects in specific industries, to the scaling of the solution to all production facilities of the partner company and replication to other large industrial companies. Our goal is to motivate business and the state to develop comprehensive security as a separate industry through the practical implementation of the Safety Committee.

I have already focused on the word "complex" several times. We have a comprehensive product that includes providing a high level of security and predictive turnkey risk management. Today, everyone needs it: business - to protect it from incidents and related losses, organizations - to reduce the cost of insurance, finally the state - to get away from formal compliance and prevent incidents.

Alexander Chupriyan: Obstacles exist mainly in people in their heads. Many enterprises still live on the principle of "until the thunder strikes" and approach security issues only formally. Executives want to simply "cover up" security issues to avoid a fine. Hence the lack of transparency and a conscious need to create a holistic system for dealing with risks. We still don't have a national security culture that we have yet to nurture. To do this, we must convince the market of our value and improve the methods we have developed.

Alexander Chupriyan: Sanctions play into our hands. Today, in all industries, there is a need to replace the entire range of equipment in the field of fire extinguishing and safety. By switching to Russian analogues, you can at the same time engage in the introduction of KOB. Our potential client is every organization that had a large and expensive emergency. Unless, of course, she wants a repeat of the incident.

Alexander Chupriyan: Huge! The costs of the state to eliminate the consequences of an emergency are colossal! The transition to a predictive risk management model changes the entire security economy, avoiding fines, incidents and related losses.

Alexander Chupriyan: At the moment, a sales funnel is being formed and audits are already being carried out and the first implementations are being prepared. A lot of efforts will be directed to the development of standards and regulatory requirements in the field of integrated security, because no matter how relevant the agenda is, it is impossible to work with it without a regulatory framework. We're building trust partnerships with industrial giants - and we're really trusted. After all, we are not a supervisory authority, we identify weaknesses not in order to fine, but in order to just avoid fines and even more so incidents. Within the framework of consulting, we work not only with the main, but also secondary risks, which also lead to losses, which often no one even considers. In other words, we help partners make money on security. It really works.

Alexander Chupriyan: Today this is one of the key activities of the NCC. We expect that over time, KOB will become one of the main lines of our brand. We have everything that is needed for this: experience, technology, competencies, and most importantly - a unique team, professionals, patriots, enthusiasts with burning eyes. It is beneficial for us that the KOB market is still being formed - we can form it ourselves and occupy the best niche.