CYBERSECURITY OF CRITICAL INFRASTRUCTURE IN UKRAINIAN LEGISLATION AND IN DIRECTIVE (EU) 2022/2555

V.Yu. Zubok, A.V. Davydiuk, T.M. Klymenko

Èlektron. model. 2023, 45(5):54-66

https://doi.org/10.15407/emodel.45.05.054

ABSTRACT

The article presents industries, sectors and the main criteria for determining critical facilities cyber security of which is subject to special control, in particular, by state authorities. World-known approaches to defining critical infrastructure and requirements for its cyber security are also presented. The main provisions of Directive (EU) 2022/2555, known as NIS2, and its differences from the previous NIS directive are analyzed. The classification of facilities, industries and sectors with special cyber security control are shown. The expansion in relation to previous provisions was considered for comparison with Ukrainian legislation and practice in order to further assess the scope and directions of work on the harmonization of Ukrainian legal acts with documents of the European Union.

KEYWORDS

NIS2 Directive, cyber security, critical infrastructure, comparative analysis.

REFERENCES

  1. Some issues of critical infrastructure facilities: Resolution of the Cabinet of Ministers of Ukraine from 09.10.2020 р. № 1109: actual on 11 May 2023 р. URL: https://zakon.rada.gov.ua/laws/show/1109-2020-п#Text (accessed: 12.07.2023).
  2. On approval of the Procedure for maintaining the Register of critical infrastructure objects, inclusion of such objects in the Register, access and provision of information from it: Resolution of the Cabinet of Ministers of Ukraine from 28.04.2023 р. № 415. URL: https://zakon.rada.gov.ua/laws/show/415-2023-п#Text (accessed: 12.07.2023).
  3. Some issues of critical infrastructure facilities: Resolution of the Cabinet of Ministers of Ukraine from 09.10.2020 р. № 943: actual on 07 Sep 2022 р. URL: https://zako rada.gov.ua/laws/show/943-2020-п#Text (accessed: 12.07.2023).
  4. On the approval of the Criteria for the identification of enterprises, institutions and organizations that are important for the national economy in the areas of the organization of special communications, information protection, cyber protection, protection of critical infrastructure, electronic communications and radio frequency spectrum in a special period : Order of the Administrations of the State Service of Special Communications and Information Protection of Ukraine from 31.05.2023 р. № 465. URL: https://zakon.rada.gov.ua/laws/show/z1057-23#Text (accessed: 12.07.2023).
  5. Enhancing the protection and cyber-resilience of critical information infrastructure. URL: https://digitalregulation.org/enhancing-the-protection-and-cyber-resilience-of-critical-information-infrastructure/ (date of access: 28.07.2023).
  6. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive). O.J. L 333, 27.12.2022, p. 80-
  7. NIS2 cyber law for essential businesses: what is the difference between NIS1 and NIS2? | Guardey. Guardey. URL: https://www.guardey.com/what-is-the-difference-between-nis1-and-nis2/ (date of access: 28.08.2023).
  8. NIS2 Directive | Prepare Your Organization Now. The NIS2 Directive. URL: https://nis2directive.eu (date of access: 28.08.2023).

Full text: PDF