Industrial Cyber Security in Russia is Now a Serious Thing

By Massimiliano Latini, Research and Projects Director, H-ON Consulting
Industrial Cyber Security in Russia is now going through a more mature stage compared to other countries. A major interest in this topic increased dramatically due to the famous cyber-attacks caused by the Petya and WannaCry viruses. Thanks to this alarm bell, Russian security legislation has intervened in a restricted manner in order to fix the collapse of industrial businesses which had been damaged by cyber-attacks. As a result, Cyber Security within the Russian Federation is now subject to the brand new and mandatory FSTEC requirements. In this article you will find a few tips dedicated to foreign manufacturers to help them find their way in this marketplace and export control and automation systems in compliance with Russian Cyber Security standards.
What FSTEC is and what it says about Cyber Security
The FSTEC certification system (Federal Service for Technical and Export Control) is the compulsory requirement introduced in 2018 that, among other, certifies the conformity of components to Russian Industrial Cyber Security standards. It means that FSTEC is addressed to Operational Technologies and industrial control systems employed within the Russian Federation. FSTEC aims at fostering the domestic market of control and automation systems. For this reason, mandatory fulfilments and procedures to get the FSTEC certification have a strong impact on foreign suppliers of OT systems.
The certification process in the Russian FSTEC system is conducted by certification bodies and laboratories accredited by FSTEC. Compared to traditional certification of conformity processes, we find here more restrictions, for instance:
- The program coding must be fully disclosed and transmitted to Russian laboratories.
- The certification application must be validated by the owner of the device/software, while the manufacturer must obtain the permission to certify the equipment.
- All laboratory tests must be carried out inside the territory of the Russian Federation (testing in other countries is not allowed).
Further, FSTEC imposes every security relevant component of a control system - hardware and software which is addressed to the Russian marketplace - to be certifiedand compliant with safety requirements. More in general, all hardware and software systems which protect equipment shall be certified and registered in the FSTEC system.
How to deal with OT systems addressed to the Russian market
The application of such mandatory requirements and restrictive measures has shown technical and organization issues for foreign manufacturers of OT devices, SCADAs and PLCs, hardware and software components intended to be exported to Russia.
The most convenient solution for foreign manufacturers is to supply already certified equipment, including software. Otherwise, the supplier shall certify its equipment from scratch, including the disclosure of software coding to Russian state-owned certification bodies and laboratories. In the specific case of an industrial supply from US (or Europe) to the Russian Federation, the supplier must include in its own contract references to FSTEC and Cyber Security requirements and comply with them. These requirements will have to be described in the purchasing specifications, in relation to the technical Cyber Security standards to be implemented during the design, procurement and manufacturing phases.
About the Author
As Research and Projects Director, Massimiliano Latini utilizes his "what would you do in their shoes" method to find expert solutions and build relationships with customers. His systematic, meticulous, international approach has gained incredible results over the years. His expertise, past and current specialities include: CE Marking, Quality processes, worldwide safety regulations and product compliance.

Check out our free e-newsletters
to read more great articles.
MORE ARTICLES
-
Inside the Rise of 5G Industrial Automation Networking
By Bill Lydon, Automation.com
5G is starting to make the goal of wireless industrial automation a reality. Companies are already starting to... -
The Push and Pull of Composite Manufacturing
By Robert Glass, Exel Composites
From window and door manufacturers to the professional tree surgeon, weighing up material options usually comes... -
Augmented Intelligence
By Mark Howard, EU Automation
Augmented intelligence is one of the few technologies named on the Gartner Hype Cycle for Emerging Technologies,... -
PLC Programming Preference Survey: Insights & User Comments
By Bill Lydon, Automation.com
The PLCopen organization and Automation.com conducted a joint survey of PLC programming preferences. Here are some... -
Robots or Cobots: Which to Choose?
By Jonathan Wilkins, EU Automation
Today’s plant managers are faced with a dearth of automation technologies but it’s not always obvious what...
RELATED
-
Advancing Automation: Sensors & Instruments, Volume XXI
With so many new tools and capabilities, it can be hard to keep up with innovations. That’s why Automation.com remains committed to being the top...
-
B&R and ABB announce integration of robotics and automation solutions
With the ability to offer machine flexibility and precision, merging robotics with machine control into one unified architecture will enable...
-
ABB uses swimming robots to help Australian silicon company enhance transformer inspections
Simcoa Operations sought the expertise of the local ABB Transformer Service team in Australia to perform an internal inspection for one of their...
-
Seeq announces achievement of Amazon Web Services (AWS) Industrial Software Competency status
To receive the AWS Industrial Software Competency designation, APN Partners undergo rigorous AWS technical validation related to industry specific...
-
Pepperl+Fuchs Comtrol and Callisto Integration announce strategic partnership
Pepperl+Fuchs Comtrol and Callisto work with each manufacturing customer to deliver initial solutions that have tangible results, and then collect...