2. Home
  3. ARCHIVE
  4. 2024
  5. VOL 46, NO 6 (2024)
  6. pp. 109-119

ASSESSING AND IMPROVING THE CYBERSECURITY OF THE TOPOLOGY OF CRITICAL INFORMATION INFRASTRUCTURE OBJECTS IN GLOBAL CYBERSPACE

V. Zubok, G. Dubynskyi

Èlektron. model. 2024, 46(6):109-119

https://doi.org/10.15407/emodel.46.06.109

ABSTRACT

Risk-informed approaches to the organization of the topology of critical information infrastructure during its design and modernization are proposed. Recommendations are provided to increase the protection of critical information assets from such attacks, the vector of which is external connections (connections in cyberspace) of the critical information infrastructure object (CII), and references are also provided to good practices for assessing information security risks. The presented recommendations describe additional measures that detail or complement more general procedures performed in the information security cycle.

KEYWORDS

critical infrastructure, cyber security, cyberspace, topology, risk assessment, risk categorizing.

REFERENCES

  1. On the Basic Principles of Ensuring Cybersecurity of Ukraine: Law of Ukraine dated 05.10.2017 No. 2163-VIII: as of 28 Jun. 2024 URL: https://zakon.rada.gov.ua/laws/show/2163-19#Text (access date: 26.10.2024).
  2. Prazian, M. (2023). Resilience for Better Sustainability. ISO 28000: 2022 vs 2007. Comparative Analysis. Nuclear and Radiation Safety, 1(97), 67- https://doi.org/10.32918/nrs.2023.1(97).08
  3. On Approval of Methodological Recommendations for the Categorization of Critical Infrastructure Facilities: Order of the Admin. State Service for Special Communications and Security Information of Ukraine 15.01.2021 No. 23: as of June 26, 2023 URL: https://zakon.rada.gov.ua/rada/show/v0023519-21#Text (access date: 26.10.2024).
  4. Stouffer, K. (2023b). Guide to Operational Technology (OT) security. https://doi.org/6028/nist.sp.800-82r3
  5. DSTU EN IEC 31010:2022 Risk management — risk assessment methods (EN IEC31010:2019, IDT; IEC 31010:2019, IDT). Official edition.
  6. ND TZI 1.1-002-99 General provisions on the protection of information in computer systems from unauthorized access. Approved by order of the DSTSZI SBU dated 28.04.1999 No. 22.
  7. ND TZI 1.4-001-2000 Model regulation on the information protection service in automated systems. Approved by order of the DSTSZI SBU dated 04.12.2000 No. 53.
  8. Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., &McQuaid, R. (2021). Developing cyber-resilient systems: National Institute of Standards and Technology (U.S.). URL: https://doi.org/10.6028/nist.sp.800-160v2r12
  9. Tier Certification Overview — Uptime Institute [online]. URL: https://uptimeinstitute.com/tier-certification (accessed 12 May 2024).
  10. ISO/IEC 22237 Site/Facilities Certification (DCCC) [online]. URL: https://www.epi-ap.com/services/9/31/150/ (accessed 12 May 2024).
  11. Cloud Computing. Benefits, risks and recommendations for information security. URL: http://www.enisa.europa.eu/media/news-items/cloud-computing-speech (accessed: 11.11.2024).
  12. Zubok, V.Yu. Cybersecurity of INTERNET topology: monograph / V.Yu. Zubok, V.V. Mohor. : IPME im. G.E. Puhova, 2022. 191 p. ISBN 978-966-02-9929-0. DOI: 10.5281/ zenodo.6795229
  13. Zubok, V. Assessment and improvement of digital resilience in the energy crisis caused by missile strikes. IOP Conf. Ser.: Earth Environ. Sci. 1254 012039. DOI: 10.1088/1755-1315/1254/1/012039

Full text: PDF