2. Home
  3. ARCHIVE
  4. 2024
  5. VOL 46, NO 4 (2024)
  6. pp. 50-59

ASSESSMENT OF CYBER RISKS OF A CRITICAL INFORMATION INFRASTRUCTURE FACILITY BASED ON THE TOPOLOGY OF ITS EXTERNAL CONNECTIONS

V. Zubok, G. Dubynskyi

Èlektron. model. 2024, 46(4):50-59

https://doi.org/10.15407/emodel.46.04.050

ABSTRACT

The concept of cyberspace as a critical information infrastructure object using mathematical topology is described. A method for categorizing the risk of an external connection based on the impact on the integrity, confidentiality, and availability of information exchanged over this connection is proposed. The method considers communication as an element of the cyberspace topology of a critical information infrastructure object, a "supply chain" from the cyber security risk management perspective. That makes it possible to fill the corresponding gap in the national regulatory documents on categorizing critical infrastructure objects and their cyber protection.

KEYWORDS

critical infrastructure, cyber security, cyberspace, topology, risk assessment, risk categorizing.

REFERENCES

  1. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive). O.J. L 333, 27.12.2022, p. 80-
  2. Some issues regarding critical infrastructure objects: Resolution of the Cabinet of Ministers of Ukraine dated October 9, 2020, No. 1109: as of May 11, 2023. URL: https://zakon.rada.gov.ua/laws/show/1109-2020-п#Text (access date: July 12, 2023).
  3. On approval of the Procedure for maintaining the Register of critical infrastructure objects, including such objects in the Register, access and provision of information from it: Resolution of the Cabinet of Ministers of Ukraine dated April 28, 2023, No. 415. URL: https://zakon.rada.gov.ua/laws/show/415-2023-п#Text (access date: July 12, 2023).
  4. Some issues regarding critical information infrastructure objects: Resolution of the Cabinet of Ministers of Ukraine dated October 9, 2020, No. 943: as of September 7, 2022. URL: https://zakon.rada.gov.ua/laws/show/943-2020-п#Text (access date: July 12, 2023).
  5. On approval of the Criteria for determining enterprises, institutions, and organizations that are of critical importance for the national economy in the fields of special communication organization, information protection, cybersecurity, critical infrastructure protection, electronic communications, and radio frequency spectrum in a special period: Order of the Administration of the State Service of Special Communications and Information Protection of Ukraine dated May 31, 2023, No. 465. URL: https://zakon.rada.gov.ua/laws/show/z1057-23#Text (access date: July 12, 2023).
  6. Zubok V.Yu., Davydiuk A.V., Klymenko T.M. Cybersecurity Of Critical Infrastructure In Ukrainian Legislation And In Directive (EU) 2022/2555. Elektronne Modelyuvannya, 2023. 45(5):54-66. 
    https://doi.org/10.15407/emodel.45.05.054
  7. Some issues regarding the implementation of the provisions of the Law of Ukraine "On Mobilization Preparation and Mobilization" regarding the reservation of conscripts for the period of mobilization and wartime: Resolution of the Cabinet of Ministers of Ukraine dated January 27, 2023, No. 76. URL:  https://zakon.rada.gov.ua/laws/show/76-2023-%D0%BF#Text
  8. On the approval of the plan of measures for the implementation of the Concept of ensuring the national resilience system until 2025: Decree of the Cabinet of Ministers. of the Ministries of Ukraine dated November 10, 2023 No. 1025-r. URL: https://zakon.rada.ua/laws/show/1025-2023-%D1%80/print
  9. Kelley, J.L. (2017). General Topology. Dover Books on Mathematics (Reprint Edition).
  10. Srinivas, S., Rajendran, S., & Ziegler, H. (Eds.) (2021). Supply Chain Management in Manufacturing and Service Systems. Cham: Springer International Publishing. 
    https://doi.org/10.1007/978-3-030-69265-0
  11. Benjarattanapakee, C., & Ongkunaruk, P. (2023). Analyzing the supply chain sustainabi­lity of an internet service provider in Thailand. E3S Web of Conferences, 408, 01011. 
    https://doi.org/10.1051/e3sconf/202340801011
  12. The NIST Cybersecurity Framework (CSF) 2.0. (2024b). 
    https://doi.org/10.6028/NIST.SP.1309.ipd
  13. On amendments to the Methodological recommendations on the categorization of critical infrastructure objects: Order of the Administration of the State Service of Special Communications and Information Protection of Ukraine dated September 26, 2023, No. 857. URL: https://zakon.rada.gov.ua/rada/show/v0857519-23#Text (access date: May 12, 2024).
  14. Stouffer, K. (2023b). Guide to Operational Technology (OT) security. 
    https://doi.org/10.6028/NIST.SP.800-82r3
  15. DSTU EN IEC 31010:2022 Risk management — Risk assessment techniques (EN IEC 31010:2019, IDT; IEC 31010:2019, IDT). Official publication.

Full text: PDF