The development of a resilient and secure critical infrastructure (CI) is one of Russia’s national priorities, as CI links all economic sectors. While digitalisation gains traction, the number of cyber attacks grows as well. To protect against them, developed countries adopt laws, enter into cyber non-aggression pacts and improve cyber security by rolling out CI automation.
Since recently, the development of critical infrastructure in energy, transport, financial and other sectors has been going hand in hand with their digitalisation.
According to the Russian Minister of Communications Nikolay Nikiforov, Russia’s 2024 agenda for digital economy development will embrace three layers: environment, platforms and technologies, markets and economy sectors.
The Energy Net Roadmap allocates USD 40 billion for smart energy transition. One of the priorities in energy digitalisation is the development of virtual power plants (VPP).
In 2015, an International Union of Railways (UIC) digital platform was created. Russian Railways are now developing a global project under a working title Digital Railway to be launched in 2020–2023.
According to Sberbank CEO Herman Gref, all foreign currency settlements, financial information exchange and all transactions will eventually go digital.
Critical infrastructure digitalisation puts increasing pressure on cyber security.
According to the European Union Agency for Network and Information Security (ENISA), cyber attacks cost the EU economy some USD 400 billion in annual losses.
The US adopted its cyber security law in late 2015, the EU – in summer 2016. In September 2015, the US and China entered into the Cyber Agreement and agreed to refrain from cyber attacks on each other's critical infrastructure during peacetime.
In February 2017, Microsoft President Brad Smith suggested signing a Digital Geneva Convention and establishing an independent organisation focused on monitoring hacker attacks and responding to them.
Only in Russia, about 70 million cyber attacks on information resources are registered annually, including attacks on critical infrastructure, and this number is bound to grow.
On November 8–14, 2016, Russia’s financial sector (including Sberbank, Rosbank, Alfa-Bank, the Bank of Moscow and other banks) suffered from a massive attack.
On May 12, 2017, hackers aimed to attack Windows OS computers in 74 countries. Over 200,000 users from 150 countries suffered from the attack, with the largest number of infection attempts registered in Russia.
This year, Kaspersky Lab expects the number of hacker attacks to grow. The specialists are particularly concerned about possible cyber attacks on production facilities and IoT devices.
In Russia, cyber threats are targeted on a nationwide level.
In early 2017, the State Duma approved during the first reading a package of draft laws on the security of Russia's critical information infrastructure (CII). Creation of hacking tools to attack critical information infrastructure items is suggested to be punished by ten years’ imprisonment. The State Duma also proposes initiatives to protect critical IT infrastructure against foreign intrusion.
Cyber security is improved also through the joint efforts of the government and private business sectors, including creation of consortia in multiple areas.
In summer 2016, the Bank of Russia initiated the creation of a blockchain consortium focused on promising technological solutions in the financial services universe. Participants: QIWI, Accenture, B&N Bank, MDM Bank and Otkritie Bank.
In summer 2016, the Internet Initiatives Development Fund (IIDF), communications operators (MTS, MegaFon and VimpelCom) and GS Group launched a national Internet of Things consortium, with a roadmap for the development of IoT technologies.
In March 2017, the Institute of Internet Development (IID), National Centre of Informatisation (Rostec’s subsidiary), the Sechenov First Moscow State Medical University and a number of R&D centres signed an agreement to set a telemedicine consortium.