Information security risks and cyberthreats
Due to a rise in cyberthreats at the Company, the following information security vulnerabilities were identified:
- Disruption and/or interruption of the information infrastructure and telecommunication systems of power grid facilities caused by cyberattacks. This risk is assessed as significant due to the high level of consequences associated with disconnection of electricity consumers, material damage and reputational risks of the Company
- Undue influence on power grid facilities and their information and telecommunication systems (of a terrorist, subversive, criminal or other nature), including through the use of information technologies caused by unlawful actions of third parties. This risk is assessed as significant and is characterised by a high level of consequences associated with long‑term disconnection of electricity consumers, equipment failure, material damage to the Company, as well as harm to the health of the Company’s personnel
In order to reduce (minimise) the above risks, the Company takes the following measures:
- Installation of technical security equipment, video surveillance systems, access control system and security alarm system
- Physical security of the most critical fuel and energy facilities of the Company
- Renovation of security equipment at the fuel and energy facilities as set forth in the Company’s investment programme
- Inclusion of information security requirements in technical design specifications for information infrastructure facilities and telecommunication systems of power grid facilities, control over the subsequent construction of facilities in compliance with the technical specifications
- Constant control over the actions of the Company’s employees by means of information security systems
- Monitoring and analysis of external information security events
- Use of certified information security means