Publication date: May 23, 2014

The First Day of PHDays IV: From Critical Infrastructure to Clip Thinking

The international forum on practical security Positive Hack Days IV launched on May 21 in Moscow. More than 2000 experts in information security, hackers, scientists, writers, representatives of the Internet society and government gathered together to take part n the forum. Due to a large number of reports and seminars, discussions and contests, participants were able to learn more about real information security, talk about the future of the industry, and discuss the main topic of the forum – critical infrastructure security.

How to protect factories and ships

Infrastructure companies have become dependent on web systems, which makes experts think about various "Doomsday" scenarios, starting from disruption of water supply and electric power systems, and then interruption in trade operations and food price crisis. Participants of the section "Critical Infrastructure Security" tried to classify problems that threaten critical industries and to understand whether they are ready to respond to such irregular situations. Representatives of the Federal Security Service and other organizations also spoke on protection of large international events, such as Olympic games. Bulat Guzairov, Head of the Department of Server Technologies at ICL-KME CS, told about establishing a protection center for the Universiade. The center consisted of experts from Positive Technologies and Kaspersky Lab and other companies.

Boris Simis, Deputy CEO at Positive Technologies, presented results of public opinion research of 63 leaders of top 100 largest Russian companies. According to the research, malware attacks occurred in all the companies. More than 50% of the incidents caused serious financial and reputational damage and work disruption. Despite the fact that the questioned companies claimed their IS systems were debugged, in one case out of seven an incident was detected when the attacker penetrated into the internal network.

Among the session's participants were representatives of critical industries: Andrey Kurilo, Deputy Head of the Information Security Department at the Bank of Russia, Garald Bandurin, CIO at RusHydro, Marc Furrer, President of the Swiss company ComCom, Ahmad Hassan, Director of Risk Management and Compliance at du Telecom, Boris Makarov, Head of the Cybersecurity Center at RZD (Russian Railways).

The participants suggested that one of the main problems of critical infrastructure security is the lack of a foresight approach. Garald Bandurin noticed that information security issues should be solved during the planning stage. Bulat Guzairov from ICL shared this point of view during his speech on security infrastructure development for the Universiade held in Kazan. He said that they had learned that information security system development process and organization of a large event should start simultaneously. In other words, information security specialists should be involved as soon as possible. Ahmad Hassan from du Telecom offered a practical example from the telecom industry. He told that they usually start from risk assessment and designing response plans for various parts of the project. He also mentioned that the tendency to switching to cloud technologies changed the approach to information security.

RZD sticks to complex methods to IS issues as well. Boris Makarov said that one of the company's goals is to move the development cycle of microprocessor systems to Russia and a gradual shift to domestic development of computer elements.

During the discussion, experts also pointed out the importance of sharing experience between companies, and countries as well. The session's participants considered the problem of finding qualified personnel as "global".

Quotes of the day

Boris Simis: "It is not so easy to pass knowledge in our sphere as it might seem. We need personnel training methods—on the level of a state program, if possible.

No need for NSA

Igor Ashmanov was greeted with great enthusiasm. He is an expert in artificial intelligence, software development and project management and the managing partner of the famous media agency. Igor told the audience about security of social networks, i.e. about the fact that it's impossible to keep any information secret if you use these services. Systems that handle big data allow learning more about private life of any person: from planning a pregnancy and troubles with a car or something to political views. Personal data of millions of users can be useful not for gloomy intelligence services but for large corporations with a clean image. According to Igor's research, Facebook stores and analyze users' comments that were not published.

"Users migrated from LiveJournal to Facebook, – Igor says – And now they got used to short texts, short-living topics. So the clip thinking is being formed. A message lives for about 4–6 hours. This is the period during which the message is commented, retwitted, got likes etc. Moreover, 90% of people registered with social networks simply consume, they don't post or comment anything."

Igor Ashmanov: "After the Olympic games and the Crimea crisis, many liberals downloaded the Patriot update #phdays"

Hacking for good reasons

What do the second largest gas storage facility in Turkmenistan, the airport in Zurich and the Large Hadron Collider have in common? Sergey Gordeychik, Deputy CEO at Positive Technologies and enthusiastic specialists from SCADA Strangelove told about new vulnerabilities in ICSs (SCADA) that manage a large number of critical objects. According to Sergey, specialists from Positive Technologies have discovered more than two hundred 0-day vulnerabilities in such systems and many of them haven't been fixed yet. More than seventy thousand ICSs are connected to the Internet and there are many publicly available tools that help detecting them. And many exploits that allow using errors in these systems. But vendors are not in a hurry to fix them. And it's worth mentioning that almost one fifth of these vulnerabilities allow executing arbitrary code, which threatens not only business but physical security of many people. Artem Chaikin, a specialist at Positive Technologies, shared details about serious defects in smart grid technology for control and optimization of power supply expenses. Due to the rapid implementation of the technology, it will be soon possible to cut off the electricity supply of a whole city by writing a short code.

Apart from competitions, CTF contests, reports, Fast Tracks and seminars (including making keys with specialists from TOOOL), the program of the first day included the section "Prospects for Investment in Information Security in Russia" organized by representatives from Skolkovo. During the round-table discussions "Telecoms: From SS7 to Billing" information security problems in the telecom sphere were discussed. Speakers of the section "Security Management Means Risk Managemeприблизившиеся nt" (Mikhail Yemelyannikov as the moderator, among the participants: representatives of VTB Bank, VimpelCom, Lukoil-Inform and Yota) discussed correlation of information security risks and operational risks.

And this is not a half of it

On the second day of the forum Alexey Andreev led the section "State and Cybersecurity", the main topic of which was whether it is possible to preserve civil liberties nowadays. On four other halls speakers told about botnets, ARM exploitation, and cryptographically strong group communications.

Every participant of the $natch contest held on May 22 can try to withdraw money from bank accounts, while during the Critical Infrastructure Attack contest participants will be able to analyze the security of ICSs that are commonly used for factories and water power plants, transport infrastructure, illumination systems, oil and gas industry.

You will know the details shortly.

The schedule and more information about the forum's activities are available at

All news