IP addresses and card data of ticket buyers for the plane and train will be transmitted to the Ministry of Internal Affairs

History of creation

2024: IP addresses and card data of ticket buyers for the plane and train will be transmitted to the Ministry of Internal Affairs

On September 1, 2024, the unified state information system for ensuring transport security (EGIS OTB) will receive data on bank cards, IP addresses, telephones, email addresses and passwords of passenger accounts for air, water and railway transport, as well as vehicles for intercity and international traffic (except for flights between Moscow and Moscow Region, St. Petersburg and the Leningrad Region). This became known on February 22, 2024.

As Kommersant"" writes with reference to the order, Ministry of Transport of the Russian Federation when paying with a bank card, the carrier will have to transfer the last four digits of the card and the name of the bank, as well as the cost of the ticket and class of service. The information will be stored for seven years. Access to EGIS OTB has,,, and Rosaviatsia Rostransnadzor. MINISTRY OF INTERNAL AFFAIRS FSB

𝓲

Unsplash

The Association of Air Transport Operators (AEVT) told the publication that the login and password of the account are "confidential information" and are not subject to disclosure without the consent of their owner. Separately, it is noted that the transfer of information that the passenger indicates when booking and buying a ticket (Passenger Name Records, PNR: phone number, email address, ticket information), within 15 minutes after the completion of the operation "does not meet the established standards and recommendations of ICAO and is a difficult task" for Russian and foreign carriers using different booking systems.

Smartavia pointed to the increasing risks of leakage. The airline also noted that they do not store IP addresses and passwords from personal accounts, and therefore do not know how to comply with the requirements of the Ministry of Transport. A source close to the Ministry of Transport called the fears of leaks exaggerated. According to him, the information state system is better protected than the carriers' databases, and passenger data will allow you to quickly calculate intruders "from smugglers to" terrorists^[1]

2023

State systems will begin to collect more data on air passengers

In Russia, they can expand the list of data on booking air tickets, which must be transferred to automated centralized databases of personal data about passengers. This was reported on September 25, 2023 by Izvestia with reference to three sources (one in the aviation market and two from government agencies).

𝓲

aviabilety-sheremetevo.ru

Such bases are part of the unified state information system for ensuring transport security (EGIS OTB). The passenger's name, date of birth, data of the document that was used for booking, points of departure and destination, date of trip, gender and citizenship, phone number and email address are transferred to it.

In the future, the collection of passenger information may be expanded. In particular, they can start collecting data about the method of payment for the ticket, the passenger account information on the airline's website and the address from Internet protocol computer which the information was transmitted when booking. In addition, the state system may also begin to transfer data on luggage, the date of booking a ticket, with whom the passenger booked it and whether any changes were made to the reservation. However, there are no exact new categories of information that will be transmitted to the authorities yet.^[2]

First of all, the expansion of the list of data that will be collected by the state is associated with the intention of the state to strengthen passenger safety measures, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications. 

"Of course, tracking such data can be useful to identify those who may pose a threat to the security of even the entire country as a whole - for example, terrorists. Because, as experts note, often even features of how they book tickets can help identify a criminal. As for the passengers themselves, they will not feel any difference, since the amount of data filled out will be the same. The main thing is that the transfer of these data and their storage are carried out in compliance with all the necessary information security measures against the background of the constantly growing number of leaks, "the deputy emphasized.

The updated regulation on the EHIS OTB comes into force on September 1

The updated regulation on the unified state information system for ensuring transport security (EGIS OTB) comes into force on September 1, 2023.

The system was created and put into operation by the Ministry of Transport of Russia in 2013 in order to ensure transport safety in all types of transport, including the protection of vehicles and infrastructure, passengers and personnel from acts of illegal interference.

EHIS OTB is a centralized, geographically distributed state system and is an object of critical information infrastructure (CII).

EHIS OTB provides:

• information support for activities in the field of transport security of the Ministry of Transport of Russia, Rosaviation, Roszheldor, Rosmorrechflot, Rosavtodor, Rostransnadzor and other authorized organizations and enterprises;
• automated collection and processing of personal data on passengers and personnel of vehicles, which are used in solving the tasks of ensuring transport security determined by the state.

Through the EHIS OTB infrastructure, authorized bodies provide state services and functions in the field of transport security in digital form. The transition from "paper" to "digital" allowed the transport security industry to reduce the financial and time costs of committing legally significant actions. Since 2022, the service for applicants is available on the State Public services portal.

The developer of EGIS OTB was FSUE ProtectionInfoTrans, subordinate to the Ministry of Transport of Russia. FSUE ProtectionInfoTrans also operate the system at all stages of the life cycle.

The resolution on the new regulation on EGIS OTB was approved on August 1, 2023 by the Government of the Russian Federation. The Regulation establishes the goals, objectives, basic principles of functioning, the structure, composition of information resources and information subsystems of the system, the composition and powers of participants in information interaction, as well as general requirements for the protection of information contained in the system.

The document was published on the portal of legal information and comes into force on September 1, 2023^[3] of the Government of the^[4].

2020

Approval of the technical assignment for the development of a unified transport monitoring system

On July 16, 2020, it became known that the Information Security working group of the Digital Economy organization as a whole approved the terms of reference for the development of a unified transport monitoring system. The system is created at the federal level to identify possible cyber attacks and failures in the operation of transport infrastructure equipment online. The tender for the development of a pilot project will be held by the Ministry of Transport of Russia at the beginning of the 3rd quarter of 2020.

The monitoring system (Unified Environment for Monitoring the Security of Transport Information Infrastructure and Transmission, Processing data storage and - ESMZ Services) will collect and accumulate information incidents on information security transport infrastructure, identify computer attacks and timely inform authorized executive authorities about illegal interference in the activities of the transport complex. At the same time, unauthorized impact on transport facilities does not come down only to cyber attacks. Distortion or blocking of transmission of primary information from objects may also be associated with equipment failure or abnormal operation. ON

It is planned to connect significant transport infrastructure facilities to the ESMZ, the failure of which can cause the greatest damage. These include systems for managing the information infrastructure of international transport corridors, systems for the digital network of transport logistic nodes and their flows, systems identifications for "" digital twins transport infrastructure facilities, vehicles and cargo, as well as network management systems that communications provide voice communication and access to the Internet to transport infrastructure.

The transport industry is characterized by "big data" flows that need to be processed in a very short time. Most systems will be able to independently monitor their condition and maintain a normal operating mode. However, in case of active external impact or in case of internal failures, the health status of the systems should be monitored and measures of a "supra-system" nature should be taken. In order for the industry regulator to see the picture of the security of transport systems in general, and not at the local level, an appropriate tool is needed, which should be ESMZ.

In connection with the transition to a "smart" transport infrastructure based on the Internet of Things, working with minimal human participation as an operator, there is a need for a tool for monitoring the state of such systems at the federal level. The system to be created is such a tool. It involves the exchange of data, on the one hand, with departmental systems of the Ministry of Transport of Russia, processing information about the state of security of the transport complex as a whole, on the other, with the state system for detecting, preventing and eliminating the consequences of computer attacks aimed at information resources of the Russian Federation, - comments Nikolai Zubarev, director of the Information Security direction of the Digital Economy organization.

At the current stage, it is planned to develop technical solutions and conduct a pilot project, the results of which will clarify the cost of creating and operating the system.

525 million rubles will be allocated to the Ministry of Transport of Russia to protect against cyber attacks of transport infrastructure

525 million rubles will be allocated to the Ministry of Transport of Russia to protect against cyberattacks of transport infrastructure, Izvestia reported at the end of June 2020.

Financing of the pilot project will be carried out at the expense of the federal project "Information Security." A total of 732 million rubles will be allocated for these purposes until 2024. So far, the ministry will be allocated 525 million rubles in the near future, according to the publication of the publication of June 30, 2020. The Ministry of Transport of the Russian Federation in the third quarter will hold a tender for the relevant work.

Ministry of Transport creates a state system for protecting transport from hackers for 732 million rubles

The system, which the ministry plans to create, will monitor what is happening in the information infrastructure of the country's transport complex in real time. Due to this, it will be possible to assess the level of security of all systems as a whole, and not at the local level.

The transport infrastructure facility generates "big data" streams that need to be analyzed in a very short time. Most systems of transport complex companies are able to independently control their condition and maintain the normal operating mode. However, with active external impact or with internal failures, their performance must be monitored and measures of a "supra-system" nature should be taken.

The Unified Security Monitoring Environment (ESMZ) will collect, process and store data on how the transport infrastructure is managed. The data obtained will make it possible to understand which mechanisms cybercriminals can use to hack security systems, as well as what measures need to be taken with one form or another of attack.

Nikolai Zubarev, director of Information Security at ANO Digital Economy, told the publication that the organization's working group recommended that the Ministry of Telecom and Mass Communications submit a financial and economic justification for the need for additional funding for this project.

The Ministry of Telecom and Mass Communications, as the press service told the newspaper, received a letter from the Ministry of Transport describing the work on the deployment of a unified monitoring system and will prepare a response to it.

Airports, metro, railways, etc. around the world are quite vulnerable and very attractive for various hacker groups and cybercriminals, said Group-IBAnton Fishman, head of system solutions. According to him, the task of the system developed by the Ministry of Transport is not to respond to the consequences, but to be one step ahead.

The cost of introducing such an umbrella IT shell in any case will be much less than the potential financial damage from a malfunction of any serious transport system caused by a hacker attack, said the director of the Institute of Economics of the National Research transport University. On the HSE Mikhail Blinkin other hand, the commission of physical terrorist attacks (with the participation of people and the use of weapons and explosives) transport is much more realistic today than hacking infrastructure information systems and transport companies for this, he added.

The architecture of information security in transport is generally similar to other industries and includes blocks of protection against threats from the external perimeter, internal network, applications, as well as proactive threat monitoring, noted the publication in the company "Air Gate of the Northern Capital." They added that Pulkovo Airport is developing in a similar direction and operates in accordance with the law.^[5]

2017: Ministry of Transport overpaid 380 million for new IP

The Ministry of Transport of the Russian Federation inefficiently used p380 million received from the federal budget for the creation and operation of information systems. This conclusion was reached by the Accounts Chamber, which checked how the Ministry of Transport spent these funds in 2013-2016^[6].

According to the chamber, all cases of ineffective spending of funds occurred during settlements with FSUE ProtectionInfoTrans, the ministry's contractor. ProtectionInfoTrans are the sole executor of the state contract for the creation and operation of the Unified State Information System for Ensuring Transport Security (EGIS OTB).

Estimated and total contract value

Even before the conclusion of the state contract, ProtectionInfoTrans drew up a financial and economic justification for the costs of creating the EGIS OTB, for which it received p24 million. According to the company's specialists, the creation of EGIS OTB should have cost p2 billion, and its operation - 172.8 million rubles.

But the Ministry of Transport did not use this justification when it subsequently signed a contract with ProtectionInfoTrans. The total costs of creating the EHIS OTB turned out to be p197.7 million more than the estimated amount and reached p2.2 billion. The cost of operating the system also exceeded the estimate by p181.6 million, ultimately amounting to p354.4 million. In total, the difference between the estimate of the works and their total cost is almost p380 million.

Contractor's salaries and contributions to funds

The company "ProtectionInfoTrans" has a staffing table, which indicates the salary of its employees. The salary of the same employees appears in the Calculation of funds for the operation of information systems of the Ministry of Transport for 2015. According to the Calculation, some employees of ProtectionInfoTrans received remuneration exceeding their salary in the staffing table, in some cases four times.

Another violation is associated with contributions to state extra-budgetary funds. According to the Calculation of the Ministry of Transport, in 2015 these deductions amounted to 42.4%. But according to the current laws, they cannot exceed 30.2%.

If we take into account the overestimation of salaries for the contractor's personnel and the prices of the state contract dated June 15, 2015, it turns out that the state suffered economic damage in the amount of p104.9 million.

2016: Russia's transport security system gets rid of Oracle due to hidden capabilities and outage risks

On August 2, 2016, FSUE ProtectionInfoTrans announced the purchase from a single service provider for the implementation of import substitution of certain components of the Unified State Transport Security Information System (EGIS OTB).^[7] The contractor of the contract was the company "Inforion," the cost of work amounted to almost 12 million rubles.

Russia's transport security system gets rid of Oracle due to hidden capabilities and outage risks

Within the framework of the contract, import substitution of the selected components of the "P" loop (the loop of personal data on passengers and personnel of vehicles) should be carried out as part of the GIS OTB of the first stage for open source technologies.

The use of foreign technologies implies the purchase of the required number of licenses for the use of these products and their technical support. In the current economic and political conditions, dependence on foreign software creates additional threats to information security (hidden undeclared opportunities in the software), as well as additional risks of the operation of such products are created related to the termination of support or sale of the product, a sharp change in pricing policy, etc. The development of the "P" circuit of the EGIS OTB implies the possibility of expanding computing capabilities. Such an expansion when using foreign software requires large financial costs, which may limit the development of EGIS OTB, - noted in the procurement documents

Under the terms of the contract, the relational database Oracle will need to be replaced with an PostgreSQL open source relational database. Oracle Identity Manager The contractor will also have to replace the user management system with an open source solution.

It was decided to replace the IBM WebSphere Application Server with an open source WildFly application server, and the IBM WebSphere Portal with an open source LifeRay Portal.

During import substitution, the possibility of ensuring the processing of the existing information flow and readiness to increase computing power without full processing of the existing solution, as well as the possibility of ensuring fault tolerance of the processed components, ensuring operability during planned or unplanned disconnection of one of the used computing nodes should be maintained.

In addition, under customer conditions, it is necessary to leave the ability to synchronize the state between the main and backup data center, with the ability to switch the processing process to the backup data center when making an appropriate decision, and switch back. Also, during import substitution, it should be possible to use existing backup solutions for affected components.

2013

FSUE "ProtectionInfoTrans" by order of the Ministry of Transport of Russia No. 155-r was appointed operator of the Unified State Information System for Ensuring Transport Security (EGIS OTB), including automated centralized databases of personal data on passengers (ACBPDP)

On July 1, 2013, the Order of the Ministry of Transport of the Russian Federation (Ministry of Transport of Russia) dated July 19, 2012 No. 243 of Moscow "On Approval of the Procedure for the Formation and Maintenance of Automated Centralized Databases of Personal Data on Passengers, as well as the Provision of Data Contained in Them" came into force

FSUE ProtectionInfoTrans has begun accepting applications from carriers and transport infrastructure entities for connection to the ACBPDP and concluding agreements on information interaction between the USIS OTB operator and information suppliers.

2011

In 2011, a new version of Article 11 of Federal Law No. 16 "On Transport Security" came into force, which made it possible to normatively consolidate the function of creating the Unified State Security Service of the Ministry of Transport of Russia.

During 2011, the draft technical design of the OGIS OTB was developed, a prototype of the Automated Centralized Database of Personal Data on Passengers and Personnel (ATBPDP) was created.

2010

On March 31, 2010, a decree was signed "On the creation of an integrated system for ensuring public safety in transport."^[8]

In November 2010, the Government approved the Comprehensive Program for Ensuring the Safety of the Population in Transport^[9] the^[10], within the framework^[11] which in 2010-2013 it was planned to spend 2.8 billion rubles on the creation of EGIS OTB.

2007

On February 9, 2007, Russian President Vladimir Putin signed the Federal Law of the Russian Federation of February 9, 2007 N 16-FZ On Transport Security. 180 days after the official publication of the law, on August 13, 2007, the law entered into force.

In accordance with Article 11 of this law, a Unified State Information System for Ensuring Transport Security (EGIS OTB) is being created

System description

The Unified State Information System for Ensuring Transport Security (EGIS OTB) is designed to provide information support for the activities of federal executive bodies (FOIV) to implement the legal, economic, organizational and other measures established by the state in the field of the transport complex, corresponding to threats of unlawful interference.

EGIS OTB, including its basic information and telecommunication infrastructure and automated centralized databases of personal data on passengers, is the basis of information support for the Integrated System for Ensuring Public Safety in Transport, which integrates the information resources of federal executive bodies in the field of ensuring transport security into a single protected closed information space. EGIS OTB provides interaction with the information systems of federal executive bodies in the interests of fulfilling its functions (FSB of Russia and the Ministry of Internal Affairs of Russia).

GIS OTB is one of the most expensive information systems in Russia - in 2015, its operation, according to the informatization plan of the Ministry of Transport, cost 592 million rubles, and in 2016 - 662 million. The ministry planned to invest another 168 million in its development.

Purpose of System Creation

The main goal of creating the CGIS OTB is to collect, accumulate and process information using modern information and communication technologies in the interests of:

• information support for the activities of officials of the Ministry of Transport of the Russian Federation, federal agencies subordinate to it and services that make decisions on transport security issues;
• information support for the activities of the authorized body for the formation of state policy, the development of draft legislative and other regulatory legal acts in the field of transport security and regulatory legal support for the activities of state authorities and economic entities in the field of transport security;
• information support for the current activities of the departments of the Ministry of Transport of Russia and its subordinate federal agencies and services in the field of transport security;
• information support of the activities of federal executive bodies authorized by the Government of the Russian Federation in the field of transport security within the framework of the established sphere of activity, including those related to the processing of personal data on passengers of all types of transport.

System users

The users of EHIS OTB are federal executive bodies authorized by the Government of the Russian Federation to carry out functions in the field of transport security, as well as MINISTRY OF INTERNAL AFFAIRS Russia the FSB of Russia.

System Automation Objects

The following federal executive bodies in terms of carrying out activities in the field of transport security are the objects of automation of GIS OTB:

• Ministry of Transport of Russia;
• Federal Air Transport Agency (Rosaviatsia) and its territorial offices;
• Federal Road Agency (Rosavtodor);
• Federal Railway Transport Agency (Roszheldor) and its territorial offices;
• Federal Agency for Maritime and River Transport (Rosmorrechflot);
• Federal Service for Supervision of Transport (Rostransnadzor) and its territorial departments.

System structure

EHIS OTB is designed as a geographically distributed information system in a protected version. At the federal level, the system consists of the main and backup data processing centers, and also includes software and technical complexes that are equipped with the Department of Transport Security and Special Programs of the Ministry of Transport of Russia, as well as the Transport Security Administration of the services and agencies subordinate to the Ministry of Transport of Russia. At the territorial level, the system consists of software and technical complexes that are equipped with the territorial bodies of the transport security department of Rostransnadzor (8 facilities), Rosaviation (16 facilities) and Roszheldor (7 facilities).

Personal Passenger and Crew Databases

Automated centralized databases of personal data on passengers and personnel (crew) of vehicles (ACBPDS) as part of the Unified state Transport Security System (EGIS OTB) are part of the Public Safety Information System (transport SIOBNT).

ACBPDS are designed to automate the processes of collecting and processing personal data on passengers and personnel (crew) of vehicles, the formation and maintenance of databases that are used in solving legal, organizational and other tasks determined by the state to ensure transport security in the field of transport complex.

The formation of the ACBPDP is organized on the basis of information provided by the subjects of the transport infrastructure and carriers when performing registered operations during the execution of travel documents (tickets), when forming passenger lists when transporting passengers by custom (transportation by order) flights, as well as when forming personnel (crews) of vehicles.

The procedure for the formation and maintenance of the ACBPDP is determined by Order of the Ministry of Transport of Russia dated July 19, 2012 No. 243. The information sources provide data to the ACBPDS in electronic form via secure communication channels (VPN channels of the Internet or channels of secure industry networks):

• in automatic scheduled mode by selecting the required data from the information system of the transport infrastructure entity or carrier, uploading them to an exchange file (or message) of the agreed format and transmitting it using the established protocols (FTP, SITATEX) and exchange formats (CSV, UN/EDIFACT) to the input gateways of the ADDCS;
• in interactive mode by entering passenger transportation data directly on the ACBPDP portal.

Functions

EHIS OTB provides performance of the following functions:

• centralized collection, processing, accumulation and storage of incoming information from the information resources of federal executive bodies in the field of transport security, as well as from carriers and subjects of transport infrastructure of all types of transport;
• search, selection and analytical processing of information at local and geographically remote automated workplaces (AWS) of authorized officials of the Ministry of Transport of Russia, agencies and services subordinate to it on the basis of access to a centralized storage of information using protected closed channels and temporary storage of the required information arrays;
• search, selection and transmission of information to consumers via protected closed channels upon their request or according to regulations (schedule).

Prerequisites for Creating a System

• Intelligent Transport Infrastructure (ITS) of Russia
• Digital Transport and Logistics (departmental project)

Notes

Read also

• Digital Transport and Logistics (departmental project)
• Digital platform of the transport complex of the Russian Federation (TsPTK)