At cyber crossroads: should Russian power industry switch to domestic IT systems?
In 2014, after the accession of Crimea to Russia and sanctions from Europe and the United States, Russia embarked on autonomy and increased security, including information one. The government obliged state-owned companies to use mainly domestic software since 2024, and the ministry of energy and the ministry of industry and trade — to control the localization of essential technologies. Read in our material what results this can bring for energy security of the country.
New energy security doctrine
In November 2018, the Security Council of Russia approved a new doctrine of energy security. The sanctions against Russia revealed a serious dependence of Russian energy sector on foreign capital, technology and software, the protocol says (quoted by Vedomosti). Foreign software and IT equipment contain undocumented features and vulnerabilities, and its use in the energy sector creates ''threats to the cybersecurity of essential infrastructure'', the Security Council concluded.
The board requested the government in March to change the sectoral plans on import substitution to reduce the dependence of companies in the fuel and energy complex (FEC) from imports of essential technologies taking into account the risk of expanding sanctions. In February, at one of the meetings Deputy Minister of Energy Alexey Teksler called the dependence on the software in the fuel and energy complex one of the most acute in comparison with other technologies.
The government in 2017 approved the national programme Digital Economy, where there appeared a whole section about information security: the Cabinet plans to allocate 30 billion rubles until 2024. By this time, officials will have to use 90% of domestic software (in value terms), and state-owned companies, including energy ones — 70%, the representative of the ministry of communications reminded.
In December, First Deputy Prime Minister Anton Siluanov accelerated this work: he prescribed the state-owned companies from the list of 91-R (regulated by the government) to adopt internal programmes ''on pre-emptive switch to domestic software''. According to the directives, Rosseti, FSK YeES PAO, RusHydro, Inter RAO and System Operator are obliged to use more than half of the domestic software by 2021. The exception will be made only for unique software that is not produced in Russia.
Experience in the application of foreign software in Tatarstan through the example of TGC-16
TGC-16 JSC (part of TAIF Group) today occupies a leading position in the production of thermal and electric energy in the Republic of Tatarstan, and the branches of the company Kazan CHP-3 and Nizhnekamsk CHP (PTK-1) are considered to be one of the most efficient facilities in the energy sector not only in Tatarstan, but also throughout Russia. The power plants provide energy to the largest petrochemical enterprises in the region and residential areas in Kazan and Nizhnekamsk.
To ensure the required reliability and maximum efficiency of power supply to consumers, the company pays special attention to the repair of main and auxiliary equipment, construction of new facilities, technical re-equipment and modernization of existing equipment. In particular, as part of the comprehensive modernization of the power plant in 2017, a new power unit was installed at Kazan CHP-3 on the basis of the most powerful and efficient gas turbine plant in Russia and the world produced by General Electric, which doubled the installed electric power of the power plant and tripled its production of electric energy.
Moreover, at the new power unit of the branch, the company introduced software solutions of the specialized platform Predix™ for industrial data collection and analytics, as a result of which Kazan CHP-3 has become one of the first pilot sites of Tatarstan to implement the concept of Industry 4.0.
The Predix system monitors the technical parameters of the unit and, at the same time, there is a continuous comparison of the mathematical model of the operating equipment with the mathematical model of the ''ideal machine''. The programme centralizes large amounts of data and allows to predict situations that arise during operation. The parameters of work are continuously analyzed, a map of possible defects and recommendations is created, all this avoids accidents and unscheduled stops, more accurately plan repairs and optimize service work, they explain in TGC-16.
Necessary foreign software
Important software in any enterprise can be divided into three groups, Prosoft experts explain.
The first level — they are often called SCADA systems (data collection and operational control systems: CAPCS — Computer-Aided Process Control System, ACSPS — Automated Control System for Power Supply, ASCAPC — Automated System for Commercial Accounting of Power Consumption). Their task is the collection and primary processing of data on technical processes and resources of the enterprise, as well as supervisory control and equipment management.
The second level – MES — Manufacturing Execution Systems. They are necessary to synchronize, coordinate, analyze and optimize the production. There can also be included software for planning repairs, managing of personnel who perform maintenance.
Finally, the third, top level is ERP — Enterprise Resource Planning. They control the financial and human resources of the company, monitor the inventory of materials used for planning.
Most of the types of software that are currently used in the energy sector — of foreign production, says Director of the Energy Development Fund Sergey Pikin. During the reform of RAO UES the energy sector focused on foreign suppliers of not only equipment, but also of software — it was easier and more convenient: if you buy a gas turbine from Siemens, then it is logical to buy CAPCS also from Siemens, he explains.
It is more profitable for power companies to buy software packed with imported equipment: otherwise the manufacturer deprives them of the warranty, and then inevitably there will be problems with the insurance of the machine, confirms Chairman of the Board of Directors of ROTEC (part of RENOVA Group) Mikhail Lifshits.
According to the ministry of energy, now about half of the equipment in the Russian energy sector is foreign-made. For example, the share of imported gas turbines reaches 70%, various transformers — up to 60-50%. From the Russian equipment, the companies bought mainly energy boilers and steam turbines — 95% and 87% of them in the system, respectively.
After the reform, all massively began to install expensive foreign enterprise management systems (ERP), mainly SAP, recalls Pikin. The share of foreign ERP systems in the Russian market in general is about 70%, said Ilya Massukh, the director of the Centre of Competence for Import Substitution in the Field of Information and Telecommunication Technologies.
''Foreign software is widely used in the power industry, and for a long time it did not cause much concern,'' explained Evgeny Grabchak, the director of the Department of Operational Control and Management at the Ministry of Energy, in an interview with Bigpowernews. But the growing level of automation of processes in the industry and the ambiguous foreign policy situation make us think about the control of the solutions used, he admits.
Yevgeny Grabchak: ''Foreign software is widely used in the electric power industry, and for a long time it did not cause much concern.'' Photo: minenergo.gov.ru
Ministry of energy on guard
The ministry of energy is mainly concerned about the security of first-level software solutions, namely the ability of a foreign supplier to remotely collect raw primary data and influence the operation of equipment. Back in 2015, at a special meeting in the ministry of energy, officials asked power engineers whether direct data transmission is safe and whether the manufacturer can intercept the control of turbines, Переток.ру reported with reference to sources. Then, according to the publication, the company assured the ministry that direct data transmission was safe.
But in the summer of 2017, after the delivery of turbines of a foreign company to Crimea and a new wave of sanctions, officials again raised this problem. The ministry of energy revealed that ''when transmitting and storing data via communication channels abroad, it is possible to remotely control power equipment, including its disabling,'' said Deputy Energy Minister Andrey Cherezov. According to him, even foreign manufacturers do not deny this possibility.
The closed-source software can contain so-called ''bookmarks'' — undocumented features, explains Ayrat Shagiyev, a specialist of the department for economic security, protection and regime at TGC-16. A knowledgeable person can use such ''bookmarks'' to bypass the protection, he explains.
The ministry of energy offered all suppliers of generating equipment — both Russian and foreign ones — to undergo special certification and to disclose all control codes of the equipment.
The ministry has already issued an order that provides for checking software for presence of undocumented features, said Grabchak. It enters into force in August 2019.
Is the threat real?
If a foreign software vendor suddenly has such task to harm, for example, to shut down an energy unit, he can do it, said Michael Lifshitz. In 2018, ROTEC launched the Russian system of remote monitoring and forecasting Prana: it constantly monitors more than 500 parameters of equipment, predicts regular and emergency situations, avoids accidents. ''We are literally sitting in the brains of the turbine. The same opportunities exist for foreign suppliers of similar software, the only question is how they will use them,'' explains Lifshitz.
In the segment of high-capacity gas turbines, Russian engineers have to work with foreign equipment and software. ''But this is a very superficial work: conventional Siemens turbine for the majority of Russian specialists remains a ''black box''. That is, it works, but almost nobody knows how exactly,'' says CEO of Sitienergo Stanislav Gydenov. The work of the turbine is remotely serviced by the company's engineers, and run — under the leadership of foreign chiefs, he explains.
Foreign software can threaten the power system even if a malicious function was included in it at the stage of developemnt, says Airat Shagiyev. The best example is the Stuxnet infection of the enterprises of other sanctioned state — Iran. In 2009, the virus attacked modifications of Siemens controllers and disabled national centrifuges for uranium enrichment, he recalls. Experts interviewed by The New York Times and BBC highlighted an extreme complexity of the worm. In their opinion, the virus was developed for a specific purpose, perhaps not by an ordinary hacker, but by a team that enjoyed state support. Kaspersky Lab experts called the Stuxnet attack ''a bombing of Hiroshima and Nagasaki in the digital world''. According to them, the attack began with five partner companies of the company, which was engaged in uranium enrichment. It is noteworthy that four of them are developers of automated control systems for equipment for industry.
Mikhail Lifshits: ''We are literally sitting in the brains of the turbine. The same opportunities exist for foreign suppliers of similar software, the only question is how they will use them.'' Photo: ruscable.ru
Last spring, Russian senators cited the Petya virus as an example of a security threat to energy, which affected a large number of computers in Bashneft, Rosneft and other companies. Many computers could not be restored, the data was destroyed. However, most of the affected enterprises were in Ukraine, so the US, UK and Canada accused Russia of developing the virus. The Kremlin categorically denied it.
In general, the risks when using foreign software are not catastrophic, but they exist, it just needs to be borne in mind, concludes Lifshitz.
Even if foreign partners collect data on the work of the Russian energy, then only partially. System Operator, which monitors and controls the entire power system, uses only domestic software in critical segments, said representative of the regulator Dmitry Batarin. The Russian operational and information complex Monitor-Electrik is responsible for managing the modes in System Operator.
In 2016, the ministry of communications published the special ''Unified Register of Russian Programmes for Electronic Computers and Databases''. Russian officials should give preference to products from the register when choosing foreign or domestic software. The list is constantly updated, now it has 262 items, including software for energy sector. Russian specialists are already making almost all kinds of software that is necessary for the industry, experts explain. But Russian software is used in the country in spots and cannot yet take a large share in the market, says Ayrat Shagiev.
Programmes for control of electrical equipment — transformers, switches, etc. — almost all are Russian, says Stanislav Gyndenov. Software complexes are developed by EKRA, ProSoft, Tavrida Elektrik, and ''everything works fine'', he says.
In Rosseti, the overwhelming number of information systems providing operational and technological management processes is domestic, the representative of the holding confirms.
InSat develops the Russian SCADA system — MasterSCADA, it is listed in the Register of the Ministry of Communications. MasterSCADA is used by the largest oil companies — Rosneft and Lukoil, as well as Irkutskenergo, Kalinin NPP, etc., the company's website says.
Several manufacturers are engaged in CAPCS in Russia. It is Rakurs in St. Petersburg (the company's website says that the company develops automation from scratch — from the R&D stage), Teplopribor Research Institute, RusAtom Automated Control Systems — the subsidiary of Rosatom, ProSoft. A relatively new player in the CAPCS market is Tekon, which belongs to Gazprom Energoholding. It was decided to create the JV with Tekon GC about 7 years ago, and in 2015 head of the company Denis Fedorov said that the quality of its own automation company reached the world level, and planned to supply the product to Europe.
Prana software by Rotek is analogous to software systems of Schneider Electric and GE. Today, 3,5 GW of equipment is already connected to the system, in Russia these are power units of Gazprom Energoholding, Gazprom Neft and T+, but there are already foreign buyers — from Kazakhstan and Italy, Mikhail Lifshits says.
ERP systems are presented by 1C and Galaktika programmes.
Some Russian specialists can already develop software for the management of foreign equipment, the same Siemens gas turbines, Stanislav Gyndenov says.
''For example, we independently launched such turbines at Kvadra's power plants: the equipment had already expired the warranty period, so we developed our own software, abandoning the manufacturer's software,'' he says. Rostec also managed to launch German turbines in Crimea.
Full transition to Russian software will not happen
Power companies disagree on what software is better. In TGC-16, in terms of process control, almost all software is domestic, and there are no problems with it, said Mikhail Kuzmin, an engineer for operation and repair of CAPCS at Bigpowernews. Rimma Nureeva, the head of the department of information management systems, adds that the domestic software is used for anti-virus protection of servers, corporate document management system, accounting system (1C), information exchange with System Operator and much more. Moreover, the company is now actively working on the introduction of the automated system of procurement management on the basis of domestic software. As the specialists of the energy enterprise emphasize, TGC-16 strives to use only the best available technologies. The same approach applies to software: where domestic developments are not inferior to foreign ones, the choice is undoubtedly made in favour of Russian software. Where it is impossible to do without foreign software, all possible measures are taken to limit its communication with the outside world.
But there are also drawbacks, says Stanislav Gyndenov. First, Russian developers still offer separate sketchy solutions that cannot always be integrated with other software solutions, both domestic and foreign. Another problem is that software solutions are often developed under old European platforms, it is difficult to call it a Russian development. However, according to him, the development of its own platforms to develop, for example, CAPCS, may require 200 million rubles and about a year of work.
Finally, Russian companies are in principle smaller in size of business and personnel than foreign ones. As a result, they are mainly programmers, but there are no technologists who are directly responsible for the implementation of software, concludes Gyndenov.
Compared to Russian software developers, foreign suppliers simply have by an order of magnitude more implementations, which means better software, says Sergey Pikin. Roughly speaking, we can upgrade from the current version of Windows to Windows 95. Both options work, but the difference is obvious, the expert concludes.
The companies are unlikely to do this voluntarily, and if the problem is solved directive — like all issues in the energy sector — it will give impetus to the development of domestic IT products, says Pikin.
The main thing is not to overdo it: domestic analogues of high-performance systems are only at the stage of development, and if you sharply ban foreign software, Russian companies will not be able to quickly offer a similar product, ''we will just go back to the Stone Age'', says Ayrat Shagiyev. But in the case of a planned and competent import substitution with the associated development of the scientific industry, one should expect an increase in the level of energy security, the expert believes. In his opinion, the technological gap with the West in the field of energy software can be overcome in about 20 years. This is possible if we purposefully raise the country's economy, as, for example, China is doing, said Shagiyev.
The state has no task to completely ban foreign software, all measures are aimed only at reducing risks, says Yevgeny Grabchak. Therefore, it is logical to continue cooperation with companies that demonstrate openness and use an open source product, he points out. At the same time, the ministry of energy is working on the conditions for the transition of energy sector to domestic software in those segments where it is necessary. This should not affect the reliability of energy supply, Yevgeny Grabchak promises.