November 30th is the International Computer Security Day. Nowadays, the importance of this field related to data is clear to everyone, since data not provided with sufficient security is the main goal of cybercriminals using it for personal purposes. At SUSU, the Information Security Research and Education Centre, created with the support of Kaspersky Laboratory, works on the problem of data security.
In the modern world, information security is one of the most topical fields of work to prevent cyber threats and eliminate their consequences. Personal information and data related to the operation of entire enterprises are stored in a digital form, and therefore their security is the responsibility of not only specialized employees, system administrators and security services, but also of every specialist of the company, and every user of the Internet resources.
During the coronavirus pandemic, the number of attacks related to the systems of remote working increased as a significant part of the staff of companies switched to working from home. Traditional methods of information security have shown their low efficiency, and the bandwidth of communication channels in many organisations has not been able to provide stable remote work at an increased volume of traffic, and this has been aggravated by malicious actions of attackers who have intensified DoS and DDoS attacks.
According to Andrey Barinov, Acting Director of the SUSU Information Security Research and Education Centre, the standard rules of information hygiene that everyone needs to know include the use of secure passwords, and information verification before opening links and files obtained from unreliable sources. Information security specialists are highly competent and are responsible for enterprise security systems. Professionals are trained at the SUSU School of Electronic Engineering and Computer Science, and the Information Security REC provides its help in this process.
- Andrey, tell us please about the Information Security REC. What is the main goal of the centre?
- Information Security REC was created within the structure of the School of Electronic Engineering and Computer Science in 2017 under the agreement on cooperation in strategic partnership in the field of education between the Kaspersky Laboratory and SUSU. The main goal of the centre is to provide educational, information and consulting services both within the educational institution (for students, teaching staff, engineering personnel) and to the representatives of the regional community.
(1).jpg)
Photo: Andrey Barinov, information security specialist of the Information Security Research and Education Centre
- Information security is one of the fields of training of SUSU students. How does REC help students become competent professionals?
- As part of the main educational activities, the specialized courses of the Department of Information Security have been audited and received recommendations for improvement from Kaspersky Laboratory in 2017. Also, as part of the main educational programmes, students learn about the products and technologies by Kaspersky Laboratory under the guidance of certified teachers. A Master's degree programme for students majoring in "Information Security" will be opened soon.
- What projects are being implemented jointly with students within the REC?
- Starting this academic year, under the guidance of Maksim Ufimtsev, a researcher at the Information Security REC, the elite education programme “Creation of a tool for automatic generation of security configuration files for complex systems with a large number of interacting devices based on KasperskyOS” is being implemented. The programme is based on the materials of his research work presented at the competition of projects for the SUSU students and postgraduates. The project received positive assessment from the experts at Kaspersky Laboratory, and now, under the guidance of the researcher, students are developing a prototype of a software product.
In addition, during the implementation of project-based learning, the REC coordinates the project "Ensuring information security of field-level networks", which involves three graduate students of the Department of Information Security of the School of Electronic Engineering and Computer Science and two second-year students of the Department of Mechatronics and Automation of the Institute of Engineering and Technology. The project is being implemented according to the task set by the industrial partner that is the Chelpipe Group. During the implementation of the project, students solve the project problem not only on the basis of the REC, but at the customer's site during their practical training. Now, during the implementation of the Sirius program, schoolchildren are also involved in the project.
- In the REC you can work with unique equipment that emulates a real technological process. What kind of equipment is this?
- To study the impact of information security threats on the technological process, the REC uses the “Modular complex of the information security integration complex in industrial systems”. Thanks to it, students and postgraduates, while conducting their research, can implement attacks and carry out their detection and prevention, using both their own developments and the products by Kaspersky Laboratory to protect industrial facilities.
(1).jpg)
Photo: Information Security REC supports research and education activities of students
- What other advantages does cooperation with Kaspersky Laboratory provide?
- During cooperation with Kaspersky Laboratory, the staff of the Department of Information Security, with the coordination by the REC, have developed the Network Security module of the Basics of Cybersecurity online course. From November 30th, it is available at the Kaspersky Academy. We are planning to develop other MOOCs on related topics.
Kaspersky Laboratory provides us with its software. And Evgeny Kaspersky has noted that in Russia there have not yet been such cases as we offer: a study of the KasperskyOS software platform and holding conferences, hackathons, and other events. Kaspersky Laboratory and the Information Security REC support the research and project activities of the SUSU students. For example, in February 2020, we held the Kaspersky CyberDay conference, and on December 12th we are planning to hold an online competition on information security in the CTF format.
– Please, tell us about the REC's plans for the future. What projects will you develop?
- We are planning to develop the topic of information security for KasperskyOs-based embedded systems. The issue is considered both from the point of view of the formation of information security policies according to the formal model, and with regard to the applied approach, that is, the use of industrial automation systems. We plan to analyze the possibilities of their application in the “Smart Home” and “Smart City” systems. This solution by Kaspersky Laboratory has already been used in Orenburg, but Chelyabinsk has not yet had such an experience.
South Ural State University is a university of digital transformations, where innovative research is conducted in most of the priority fields of development of science and technology. In accordance with the strategies of research and technological development of the Russian Federation, the university is focused on the development of big scientific interdisciplinary projects in the field of digital industry, materials science and ecology. Within the framework of these fields, objects of metallurgy, mechanical engineering, power industry, housing and communal services, safe urban infrastructure, and human comfort are being studied.
SUSU is the participant of Project 5-100, which is aimed to enhance the competitiveness of Russian universities among the leading research and education centres.