Security technology: export of solutions for critical information infrastructure
Security technology: export of solutions for critical information infrastructure
18 MayVenue: the city of Kazan, IEC KAZAN EXPO
Time: 18.05.2023, 15:40-17:00
Organizer: Doverennaya Platforma (Trusted Platform) Association, NTI Platform, ANO
Moderator: Andrey Ivanovich Tikhonov, President of the Doverennaya Platforma Association
Speakers:
Kravchuk Oleg Viktorovich, Deputy Director for Strategic and International Projects of Kod Bezopasnosti (Security Code), LLC;
Hasi Kardas, Channel Sales Manager, C-Prot;
Kulashova Anna Vladimirovna, Managing Director of Laboratoriya Kasperskogo (Kaspersky Lab) in Russia and CIS countries.
A number of problems related to modern threats in the information sphere and methods of their settlement were discussed during the session. The attention of the participants was focused on the new trend in cybersecurity - constructive security (secure by design). It was noted that elements of the digital infrastructure are becoming increasingly interconnected, raising the challenge of ensuring the integrity of the digital systems’ security. Whereas the goal of cybercriminals is to obtain personal benefit, cyberterrorists aim at damaging digital infrastructure, then the goal of technical intelligence is to gain access to the data from critical infrastructures.
The participants of the discussion noted that there occurs an acute problem of trust in foreign digital products in modern reality, which is conditioned by possible undocumented properties of the element base and software. Solutions to this problem have been proposed.
The first option is to achieve digital sovereignty by creating your own software and hardware. Herewith, it is extremely important to predetermine at the stage of development all possible vulnerabilities for different types of information infrastructure elements.
The second option is the development of international cooperation with establishing trust-based relations. This implies the possibility of testing the product by the user or localizing products and equipment on the client’s territory on the terms of the local regulator. Hardware and software keys under such conditions could be held by the client, who can verify them and be sure that his data is protected from unauthorized change.