6.9. Cybersecurity

In 2019, one of the main business areas of Transneft in the field of information security was the implementation of measures to meet the requirements of Federal Law No. 187 On the Security of the Critical Information Infrastructure of the Russian Federation dated 26 July 2017 (hereinafter — Federal Law No. 187-FZ).

In 2019, to conform with the requirements of Federal Law No. 187-FZ and regulations thereunder, measures were taken to:

  • classify critical information infrastructure facilities of Transneft and Transneft subsidiaries;
  • arrange interaction with the Russian State System for Detection, Prevention, and Mitigation of Computer Attacks (GosSOPKA);
  • conduct emergency response drills to respond to computer attacks.

In 2019, measures were taken under the Programme for Combating Threats to Information Technology Resources of Transneft and the IT resources of Transneft subsidiaries, aimed at:

  • improving information security incident response processes;
  • arranging and developing interaction with consumers of oil and petroleum products transportation services regarding information security;
  • raising the awareness of the personnel of Transneft and Transneft subsidiaries around information security issues and practicing hacker attacks response;
  • analysing and improving the security levels of Transneft’s information and computing infrastructure and information systems;
  • creating test benches for testing of applied software updates, operating system security updates and means of information protection.

In 2019, the hacker attacks on the IT resources of Transneft and Transneft subsidiaries were repelled and did not lead to failure of automated and information systems.

In 2020, special attention will be paid to implementation of technical measures to protect data at critical information infrastructure facilities, update of the regulatory and methodological documentation in the field of cybersecurity and improvement of information security processes.