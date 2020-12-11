26.11.2020

TMK launches a cyberattack monitoring and response center through a partnership with Rostelecom-Solar

TMK has teamed up with Rostelecom-Solar for a major project to establish a corporate cyberattack monitoring and response center, the Security Operations Center (SOC). The center will monitor security threats and prevent attacks on the infrastructure of all of TMK's key facilities and information systems.

SOC operations at TMK will use a hybrid model, with TMK providing hardware resources, organizing the collection of data on the state of office and production IT infrastructure, determining monitoring priorities and responding to incidents. Rostelecom-Solar's Solar JSOC staff will in turn provide monitoring for information security events, determining their criticality, analyzing the causes and possible consequences, alerting TMK to incidents and recommending solutions.

Several TMK plants, the executive office and data centers have already been connected to the monitoring center. It took just six weeks to provide a basic connection and launch the phase one set of unique and proven industry use cases. During this period, a full diagnostic was run on the infrastructure of TMK plants, key sources of data on information security events were covered by monitoring, and the use cases were tailored to the business processes used at TMK.

To ensure that TMK has the most up-to-date and complete information on new cyber threats, the Solar JSOC cyber security platform collecting these data was integrated with TMK's similar existing platform. As a result, two-way data sharing has been enabled between the two companies, enriching their databases of compromise indicators for information systems and allowing them to detect attacks early on.

'Currently, the vast majority of the Company's operational business processes are automated and run on TMK's IT systems. This has significantly raised information security requirements. We must prevent, identify and maximize responses to any risks wherever they arise - from an office desktop computer to a tube mill. As no ready-made solutions are available on the market, we have built a hybrid model to combine the cyber threat response capabilities and experience of our partner with our own in-house industry expertise. In just a month and a half, we launched a full-fledged cyberattack monitoring and response center based on Solar JSOC's and our own IT resources. The center already provides security monitoring services for the IT infrastructure of TMK's three largest plants, and the system will be further rolled out to cover other company sites. We are also considering scaling up the project to ensure the cybersecurity of equipment connected to the automated process control system (APCS),' said TMK's IT Director Dmitry Yakob.

'Countering cyberattacks is one of the most pressing issues facing the industry, and TMK has demonstrated not just a deep understanding of its urgency but also a willingness to lead the industry in adopting the most advanced protection methods. According to Rostelecom-Solar's observations, attempts to compromise industrial infrastructures are more often made for the purposes of a long-term espionage campaign, for which intruders seek to penetrating deep into a facility's infrastructure. Moreover, such attacks often aim to cause destructive impacts from the disruption of production processes. When attacking industrial enterprises, intruders use highly sophisticated tools that are difficult to detect by basic protection means. Thanks to the expertise of the TMK team and close cooperation with Solar JSOC specialists, the project was launched within a short timeframe and is rapidly advancing despite its significant scope and the specifics of the customer's infrastructure,' explains Vladimir Dryukov, Head of the Security Operations Centre Solar JSOC, Rostelecom-Solar.