ANALYSIS OF CYBERSECURITY REQUIREMENTS OF AUTOMATED PROCESS CONTROL SYSTEMS AS CRITICAL INFORMATION INFRASTRUCTURE

O. Bakalynskyi, D. Pakholchenko

Èlektron. model. 2021, 43(4):103-112
https://doi.org/10.15407/emodel.43.04.103

ABSTRACT

The  analysis  of  the  current  legislation  and the  best  world  practices  on  cyber protection of automated control systems of technological processes in which requirements for realization of cyber protection of objects of critical information infrastructure are offered is carried out. Problematic issues related to cyber security of critical information infrastructure objects are given.

KEYWORDS

cybersecurity, object of critical information infrastructure, information security management system, industrial automation and control systems.

REFERENCES

  1. Law № 2163-VIII, On the Basic Principles of Cyber Security of Ukraine, Session 7. (from 2017, Oct. 5), available at: http://zakon.rada.gov.ua/laws/show/2163-viii.
  2. Resolution № 943 Some issues of critical information infrastructure facilities, The Cabinet of Ministers of Ukraine, (from 2020, Oct. 9), available at: https://zakon.rada.gov.ua/ laws/show/943-2020-%D0%BF#Text
  3. Sukhodolya, O. (2017), “Critical Infrastructure Protection: Current Challenges and Priorities for the Security Sector”, Scientific Journal of the Academy of National Security, Vol. 1-2, no 13-14, pp. 50-80.
  4. Gonchar, S. (2020), “Methodology for assessing the risks of cybersecurity of information systems of critical infrastructure”, Abstract of Cand. Sci. (Tech.) dissertation, 05.13.21, Kyiv.
  5. Bakalinsky, O. (2020), “Model and methods for determining the design characteristics of information security management systems: monograph”, Kyiv, Ukraine, ISBN: 978-966-7690-51-9.
  6. Mokhor, V., Bogdanov, O., Bakalinsky, O. and Tsurkan, V. (2017), “Descriptive analysis of analogies between information security management systems and queuing”, Information Protection, Vol. 19, № 2, pp.119-126.
    https://doi.org/10.18372/2410-7840.19.11683
  7. ISA/IEC 62443 Cybersecurity Certificate Programs, available at: https://www.isa.org/ training-and-certification/isa-certification/isa99iec62443/isa99iec-62443-cybersecurity-certificate-programs.
  8. DesRuisseaux D. Cybersecurity Assessment – The Most Critical Step to Secure an Industrial Control System, Daniel DesRuisseaux, Version 1.0.–7, available at: https://www. se.com/us/en/download/document/998-20298472/.
  9. Reznikova, O. and Voitovsky, K. (2020), “On the concept of ensuring national stability in Ukraine”, Analytical note, Series "National Security", № 8, available at: https: //niss. gov.ua/sites/default/files/2021-02/analit-resnikova-national-security-8-2020-1-1.pdf
  10. Resolution № 518 On approval of the General requirements for cyber protection of critical infrastructure, The Cabinet of Ministers of Ukraine, 2019, June 19, available at: https:// zakon.rada.gov.ua/go/518-2019-%D0%BF.
  11. DSTU ISO / IEC 27001: 2015 Information technologies. Methods of protection. Information security management systems. Requirements, available at: https://www.assistem. kiev.ua/doc/dstu_ISO-IEC_27001_2015.pdf.
  12. Law № 1160-IV, On the Principles of State Regulatory Policy in the Sphere of Economic Activity, The Verkhovna Rada of Ukraine. Session 4. (2003, ver. 11), available at: https://zakon.rada.gov.ua/laws/show/1160-15.
  13. DSTU ISO, IEC 27005: 2019 Information technologies. Methods of protection. Information Security Risk Management, available at: http://online.budstandart.com/ua/catalog/ doc-page.html?iddoc=66912.
  14. Resolution of the National Bank of Ukraine of 28.09.2017 № 95 On approval of the Regulations on the organization of measures to ensure information security in the banking system of Ukraine, available at: https://zakon.rada.gov.ua/laws/show/v0095500-17#Text.
  15. Resolution of the Cabinet of Ministers of Ukraine of October 9, 2020 № 943 "Some questions of objects of critical information infrastructure", available at: https://zakon.rada.
  16. NIST SP 800-82 Rev. 2 Guide to Industrial Control Systems (ICS) Security, available at: http://online.budstandart.com/ua/catalog/doc-page.html?id_doc=84401.
  17. State Standard of Ukraine (2019), DSTU 62443-4-1:2018, Security for industrial automation and control systems, Part 4-1, available at: https://www.twirpx.com/ file/3101466/.
  18. Order of the Ukrainian Research and Training Center of Standardization, Certification and Quality “On the adoption of national standards and the adoption of an amendment to the national standard” № 249 approved 13.08.2019, available at: http://online.budstandart.com/ua/catalog/doc-page?id_doc=84240

Full text: PDF