Developers: | Cheboksary Electric Apparatus Plant (CHEAZ) |
Last Release Date: | 2023/01/10 |
Technology: | APCS |
Main article: APCS - typical structure
2023: Compatibility with MaxPatrol SIEM Information Security Event Monitoring System
The information security event monitoring system MaxPatrol SIEM and the software and hardware complex KVANT-CHEAZ (CAS KVANT-CHEAZ) passed compatibility tests. This was announced on January 10, 2023 by Positive Technologies. MaxPatrol SIEM provided monitoring of the KVANT-CHEAZ software and hardware complex and detection of information security incidents. CAS KVANT-CHEAZ performed all functions in accordance with the industry requirements for APCS in terms of the time of data exchange and commands, absence of failures, failures and loss of transmitted data.
The combined Positive Technologies solution Cheboksary Electric Apparatus Plant is relevant for enterprises of the fuel power complex and owners of facilities. critical information infrastructure According to Positive Technologies, in the second quarter of 2022, the number increased by more than one and a half times attacks industry compared to the previous quarter. In most cases, incidents led to violations of the work of enterprises (53%) and (55 sensitive data leaks %). The joint use of MaxPatrol SIEM and CAS KVANT-CHEAZ helps industrial companies identify incidents, ensuring compliance with the requirements for FSTEC to protection facilities. CUES
The MaxPatrol SIEM information security event monitoring system gives full visibility to the IT infrastructure and adapts to changes in the protected network. In this project, MaxPatrol SIEM is one of the elements of the platform for protecting the industry from cyber threatsRT Industrial Cybersecurity Suite (PT ICS). It allows you to detect attackers at all stages of an attack in industrial environments and respond to them in a timely manner. PT ICS, which also includes MaxPatrol VM, PT Industrial Security Incident Manager (PT ISIM), PT Sandbox and PT XDR, provides security for the industrial segment of the enterprise, ranging from network nodes to technological devices.
The KVANT-CHEAZ software and hardware complex, certified by PJSC Rosseti, is designed to create automated process control systems to ensure the observability of the substation, increase the reliability, efficiency of equipment operation and, as a result, the reliability of power supply to electricity consumers, reduce operating costs, minimize maintenance personnel and increase the safety of its operation. The product is used by Russian enterprises in the field of power and the fuel and energy complex (fuel and energy complex), among which there are owners of KII.
During compatibility tests:
- the correctness of data transmission between MaxPatrol SIEM and the most important components of KVANT-CHEAZ, in particular, server ASU the software system for collecting storages visualization and information received from RPA devices (relay protection and automation) and related devices, network equipment and others, was checked. information security tools Check result: data is transmitted correctly;
- time of tele-alarm and tele-control commands passing between the components of the complex when working with MaxPatrol SIEM was measured. Measurement results: not more than 1 second;
- performance and correctness of KVANT-CHEAZ CAS functioning together with MaxPatrol SIEM protection device were evaluated. Evaluation result: CAS KVANT-CHEAZ operates in accordance with operational standards;
- possible equipment failures, failures and emergency situations were detected. The result of the check: there are no failures, failures and emergencies.
Based on the results of the tests, the specialists of the Cheboksary Electric Apparatus Plant confirmed the correctness of the joint work of MaxPatrol SIEM and CAS KVANT-CHEAZ. The test also showed that the KVANT-CHEAZ software package, which is the basic part of the KVANT-CHEAZ CAS and is included in the Unified Register of Russian Programs for Computers and Databases, can be connected to MaxPatrol SIEM as one of the sources of information security events. This allows users in the MaxPatrol SIEM interface to manage and investigate incidents generated from data from the KVANT-CHEAZ software complex.
As domestic electrotechnical a manufacturer of equipment and, software the company strives to provide power and fuel enterprises with high-quality solutions that meet the regulatory requirements for information security, in particular the requirements of FSTEC Order Russia No. 239. Compatibility of MaxPatrol SIEM and CAS KVANT-CHEAZ was evaluated within a month, and each test was performed at least five times. The most important criterion was the absence of mutual negative influence and the time of passing technological information between the components of the KVANT-CHEAZ CAS, which included MaxPatrol SIEM. According to the test results, it was no more than one second with a high-load network, which complies with the standards, noted Nikolai Parshikov, Technical Director of IPC MPRZA JSC "CHEAZ."
|
Ensuring the safety of industrial enterprises requires an integrated, end-to-end approach. To effectively detect attacks, it is necessary to build protection at all levels of the industrial IT infrastructure and use a single set of current information security tools, supplemented by expertise in APCS. The use of MaxPatrol SIEM as part of the KVANT-CHEAZ CAS will help companies identify the actions of attackers and manage information security incidents in real time through a convenient interface. commented Dmitry Darensky, head of industrial cybersecurity practice at Positive Technologies.
|
2021: Compatibility with InfoWatch ARMA Industrial Firewall 3.5
On August 24, 2021, the company InfoWatch ARMA (part of the GC) InfoWatch announced that, together with JSC "," CHEAZ they signed an official statement on the compatibility of the software and hardware complex APCS of digital substations KVANT-CHEAZ (CAS KVANT-CHEAZ) and the software and hardware complex (certified industrial firewall with the intrusion detection system InfoWatch ARMA) Industrial 3.5. Firewall
The activities of the electrotechnical holding JSC "CHEAZ" are focused on a comprehensive approach to construction to and implementation of protected power supply systems for enterprises power engineering specialists and industry in compliance with Federal Law No. 187 "On Safety." critical information infrastructure RUSSIAN FEDERATION The most effective way to achieve this goal is to embed funds at information protection the stage of manufacturing digital substations.
According to the results of the compatibility test, it was found that these products are compatible, and InfoWatch ARMA Industrial Firewall can be used to protect information as a firewall and intrusion detection system for KVANT-CHEAZ CAS.
We understand the importance of ensuring the protection of information at electric power facilities, especially digital substation automation systems. It is obvious to experts that electric power facilities are especially critical for the normal functioning of our state and therefore must be protected from harmful information influences. Understanding this, we not only design our systems in accordance with the requirements of FSTEC of Russia, but also configure the information protection system to facilitate implementation and ease of operation, noted the technical director of IPK MPRZA JSC "CHEAZ" Nikolai Vladimirovich Parshikov.
|
Ensuring compliance with the provisions of Federal Law No. -187 "On the Security of the Critical Information Infrastructure of the Russian Federation" is guaranteed by the certificate of compliance of the InfoWatch ARMA Industrial Firewall software complex with the requirements of the FSTEC of Russia for level 4 of trust, requirements for firewalls of type "D" of class 4 of protection (IT.ME.D4.PZ) and NOS of level 4 of protection class (IT.SOV.S4.PZ).
For many, it is obvious that security functions should not only be performed by superimposed means of information protection, but how much should be built into the automated systems themselves. We put a high priority on the tasks of integrating our technologies for information protection into the automation systems of our colleagues and we hope that in the future the degree of mutual integration will only increase, "said Igor Soula, Technical Director of InfoWatch ARMA . |