Critical analysis of the threats bank of the Federal Service for Technology and Export Control (FSTEC) of Russia to the information systems of oil and gas enterprises
UDC: 004.056
DOI: -
Authors:
BOSHIN ALEXEY YU.
1,
PRAVIKOV DMITRY I.1
1 National University of Oil and Gas "Gubkin University", Moscow, Russia
Keywords: information security, cyber security, information security threats, threats landscape, digitalization, information system, cyber physical system, oil and gas enterprises
Annotation:
Modern oil and gas enterprises actively use cyber-physical systems created on the basis of advanced information technologies. It greatly simplifies their use, but at the same time makes them vulnerable to possible computer attacks. To ensure information security, experts analyze security threats in various areas, such as information systems and automated control systems, as well as communication networks and cloud infrastructure. The constantly changing threat landscape confirms the relevance of the chosen topic. The purpose of forming a list of the most significant threats to the information system of oil and gas enterprises is to identify relevant areas of protection and optimize the construction of the security system. For these purposes, sources that contain information about all currently known threats to information security, vulnerabilities and descriptions of computer attack vectors are used. The authors of the article critically analyze the threats bank of the FSTEC of Russia in order to determine the list of the most significant threats to the information systems of oil and gas enterprises.
Bibliography:
1. Korneev A.V. Zashchita infrastruktury TEK ot novykh sredstv kiberneticheskogo napadeniya. Opyt bor'by s distantsionnym terrorizmom // Energobezopasnost' i energosberezhenie. – 2012. – № 1. – S. 5–10. – URL: https://cyberleninka.ru/article/n/zaschita-infrastruktury-tek-ot-novyh-sredstv-kiberneticheskogo-napadeniya-opyt-borby-s-distantsionnym-terrorizmom (data obrashcheniya 10.02.2024).
2. Blechschmidt R. NATO rüstet sich für "Computer-Kriege" // Sueddeutsche Zeitung. – 2010. – Okt. 1. – URL: https://www.sueddeutsche.de/politik/neue-strategie-der-allianz-nato-ruestet-sich-fuer-computer-kriege-1.1006835
3. Elin V.M. Tekhnologiya tsifrovogo dvoynika. Ponyatie i osobennosti podkhoda k organizatsionno-pravovomu obespecheniyu kompleksnoy bezopasnosti // Vestn. YuUrGU. Seriya: Pravo. – 2020. – T. 20, № 3. – S. 68–75. – URL: https://cyberleninka.ru/article/n/tehnologiya-tsifrovogo-dvoynika-ponyatie-i-osobennosti-podhoda-k-organizatsionno-pravovomu-obespecheniyu-kompleksnoy-bezopasnosti (data obrashcheniya 10.02.2024).
4. Problemnye voprosy informatsionnoy bezopasnosti kiberfizicheskikh sistem / D.S. Levshun, D.A. Gayfulina, A.A. Chechulin, I.V. Kotenko // Informatika i avtomatizatsiya. – 2020. – T. 19, № 5. – S. 1050–1088. – DOI: 10.15622/ia.2020.19.5.6
5. Goncharov E. Problemy kiberzashchity promyshlennykh predpriyatiy. – Laboratoriya Kasperskogo, 2018. – 8 s. – URL: https://ics-cert.kaspersky.ru/publications/reports/2018/12/05/challenges-of-industrial-cybersecurity/ (data obrashcheniya 10.02.2024).
6. Bank dannykh ugroz bezopasnosti informatsii FSTEK Rossii. – URL: https://bdu.fstec.ru/ (data obrashcheniya 10.02.2024).
7. Metodicheskiy dokument. Metodika otsenki ugroz bezopasnosti informatsii: utv. FSTEK Rossii 05.02.2021. – URL: http://www.consultant.ru/document/cons_doc_LAW_378330/
8. Lazorin D.S., Pravikov D.I. Zashchishchennost' kiberfizicheskoy sistemy na osnove tsifrovogo dvoynika cherez otsenku kachestva upravleniya // Avtomatizatsiya i informatizatsiya TEK. – 2024. – № 2(607). – S. 43–47.
Back to issue