2. Головна
  3. АРХІВ НОМЕРІВ
  4. 2023 рік
  5. Том 45, № 4 (2023)
  6. c. 88-110

Розвиток парадигми резильєнтності в домені безпеки

Ф.О. Коробейніков

Інститут проблем моделювання в енергетиці ім. Г.Є. Пухова НАН України
Україна, 03164, Київ, вул. Генерала Наумова, 15
e-mail: Ця електронна адреса захищена від спам-ботів. Вам необхідно увімкнути JavaScript, щоб побачити її.

Èlektron. model. 2023, 45(4):88-110

https://doi.org/10.15407/emodel.45.04.088

АНОТАЦІЯ

Надано огляд наукових публікацій, спрямований на визначення підґрунтя становлення парадигми резильєнтності в сфері безпеки. Розглянуто основні етапи її еволюції, включно з походженням, розвитком та багатофакторним впливом на безпеку критичних систем та інфраструктур на різних рівнях. Детально розглянуто визначення, концепції та ключові ідеї, закладені в основу парадигми, що висвітлюють фундаментальні принципи, які сприяли її виникненню. Особливу увагу приділено конструктам, що лежать в основі парадигми резильєнтності в домені безпеки. Акцентовано їх практичне втілення у фреймворках та міжнародному законодавстві.

КЛЮЧОВІ СЛОВА:

резильєнтність, інформаційна безпека, ризики, критична інфра­структура.

СПИСОК ЛІТЕРАТУРИ

  1. Kuhn T.S., Schlegel R. The Structure of Scientific Revolutions. Physics Today, 1963, 16(4), 69 p. https://doi.org/10.1063/1.3050879.
  2. Fluri P., Tagarev T. The Concept of Resilience: Security Implications and Implementation Challenges. Connections: The Quarterly Journal, 2020, 19(3), pp. 5- https://doi.org/10.11610/connections.19.3.00
  3. Linkov I., Bridges T., Creutzig F., Decker J., Fox-Lent C., et al. Changing the resilience paradigm. Nature Climate Change, 2014, 4(6), pp. 407- https://doi.org/10.1038/nclimate2227
  4. Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC
  5. Department of defense strategy for operating in cyberspace Department of Defense USA, 2011. https://csrc.nist.gov/CSRC/media/Projects/ISPAB/documents/DOD-Strategy-for-Operating-in-Cyberspace.pdf
  6. Cambridge Advanced Learner's Dictionary & Thesaurus. Cambridge University Press, 2023. https://dictionary.cambridge.org/
  7. Holling C. S. Resilience and Stability of Ecological Systems. Annual Review of Ecology and Systematics, 1973, 4 (1), pp. 1- https://doi.org/10.1146/annurev.es.04.110173. 000245
  8. Walker B., Holling C.S., Carpenter S.R., Kinzig A.P. Resilience, Adaptability and Transformability in Social-ecological Systems. Ecology and Society, 2004, 9 (2). https://doi.org/10.5751/es-00650-090205
  9. Foucault M. The archaeology of knowledge. Social Science Information, 1970, 9(1), 175-185. https://doi.org/10.1177/053901847000900108
  10. Woods D. D., Hollnagel E. Prologue: Resilience engineering concepts. Resilience Engineering. CRC Press, 2017, pp. 1- https://doi.org/10.1201/9781315605685-1
  11. Komatsubara A. When Resilience Does Not Work. In: Nemeth, C.P. Resilience Engineering Perspectives, Volume 1: Remaining Sensitive to the Possibility of Failure (E. Hollnagel, Ed.) (1st ed.). CRC Press, 2008. https://doi.org/10.4324/9781315244396
  12. Schaefer D., Abdelhamid T., Mitropoulos P., Howell G. Resilience Engineering: A New Paradigm for Safety in Lean Construction Systems, 16th Annual Conference of the International Group for Lean Construction, 2008, pp. 723-
  13. Han S., Lee S., Peña-Mora F. System Dynamics Modeling of a Safety Culture Based on Resilience Engineering. Construction Research Congress 2010, American Society of Civil Engineers, 2010. https://doi.org/10.1061/41109(373)39
  14. Chialastri A., Pozzi S. Resilience in the Aviation System. In: Harrison, M.D., Sujan, MA. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2008. Lecture Notes in Computer Science, 2008, Vol. 5219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87698-4_10
  15. Malakis S., Kontogiannis T. Cognitive Strategies in Emergency and Abnormal Situations Training: Implications for Resilience in Air Traffic Control. Third Symposium on Resilience Engineering, Jaun-les-Pins, 28-30 June 2008, Ashgate, 2008.
  16. Mallak L. Measuring Resilience in Health Care Provider Organizations. Health manpower management, 1998, 24, pp. 148- https://doi.org/10.1108/09552069810215755.
  17. Haimes Y.Y. On the Definition of Resilience in Systems. Risk Analysis, 2009, 29(4), pp. 498- https://doi.org/10.1111/j.1539-6924.2009.01216.x
  18. Hale AR., Heijer H. Defining resilience. In E. Hollnagel, D.D. Woods, & N. Leveson (Eds.), Resilience Engineering Ashgate, 2006, pp. 35- ISBN 075464641 6
  19. Stephenson A., Seville E., Vargo J., Roger D. Benchmark Resilience: A Study of the Resilience of Organisations in the Auckland Region. In: Resilient Organisations Research Report 2010/03b, Resilient Organisations Research, Auckland, 2010. http://hdl.handle.net/10092/4275
  20. McDonald N. Organisational Resilience and Industrial Risk. In: Resilience Engineering by David D. Woods, Erik Hollnagel. CRC Press, 2017, pp. 155- ISBN: 9781317065289
  21. Grote G. Rules Management as a Source of Loose Coupling in High-Risk Systems. In: Hollnagel E., Nemeth C.P., Dekker S.W.A., Eds., Resilience Engineering Perspectives Vo­lume 1: Remaining Sensitive to the Possibility of Failure, Ashgate, Aldershot, 2008. ISBN 9780754671275
  22. Westrum R.A Typology of Resilience Situations. In: Hollnagel, E., Woods, D.D. and Leveson, N., Eds., Resilience Engineerng: Concepts and Precepts, Ashgate, Aldershot, 2006, pp. 55- ISBN 9780754649045
  23. Patterson E., Woods D., Cook R., Render M. Collaborative Cross-Checking to Enhance Resilience. Cognition, Technology & Work, 2007, 9, pp. 155- https://doi.org/10.1007/s10111-006-0054-8.
  24. Vogus T., Sutcliffe K. Organizational Resilience: Towards a Theory and Research Agenda. Conference Proceedings — IEEE International Conference on Systems, Man and Cyberne­tics, 2007, pp. 3418- https://doi.org/10.1007/s10111-006-0054-810.1109/ICSMC.2007.4414160.
  25. Bracco F., Gianatti R., Pisano L., Savona I. Cognitive Resilience in Emergency Room Operations: A Theoretical Framework. Third Resilience Engineering Symposium, 28―30 November 2008, Antibes Juan-les-Pins, MINES ParisTech., 2008.
  26. Hollnagel E., Woods D.D. Epilogue: resilience engineering precepts. Resilience engineering-concepts and precepts. Aldershot: Ashgate, 2006, pp. 347- ISBN 9780754649045
  27. Woods D.D. Resilience engineering: redefining the culture of safety and risk management. Hum Factors Ergon Soc Bull, 2006. ISBN 9780754649045
  28. Carmeli A., Friedman Y., Tishler A. Cultivating a resilient top management team: The importance of relational connections and strategic decision comprehensiveness. Safety Science, 51(1), 2013, pp. 148- https://doi.org/10.1016/j.ssci.2012.06.002
  29. Sheridan B. Risk, human error, and system resilience: fundamental ideas. Hum Factors. 2008 Jun, 2008, 50(3):418-26. https://doi.org/10.1518/001872008X250773.
  30. Costella M.F., Saurin T.A., de Macedo Guimarães L.B. A method for assessing health and safety management systems from the resilience engineering perspective. Safety Science, 2009, 47. https://doi.org/1056-1067. 10.1016/j.ssci.2008.11.006.
  31. NIST Special Publication 800-160, Volume 2, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. https://nvlpubs.nist.gov/nistpubs/ SpecialPublications/NIST.SP.800-pdf
  32. Oxford Learnerʼs Online Dictionary. Oxford University Press. https://www. oxfordlearnersdictionaries.com/definition/academic
  33. NIST Special Publication 800-30 Rev. 1, Guide for Conducting Risk Assessments.  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication 800–30r1.pdf
  34. Dekker S.W.A., Hollnagel E., Woods D.D., Cook R. Resilience Engineering: New Directions for Maintaining Safety in Complex Systems. Final Report, November 2008. 1-6. Lund University School of Aviation, Sweden, 2008. https://d1wqtxts1xzle7.cloudfront.net/ 50094116/Resilience_Engineering_New_directions_fo20161103-7568-aymfze-libre.pdf
  35. Deborah J. Bodeau, Richard Graubart Cyber Resiliency Engineering Framework. The MITRE Corporation, 2011. https://www.mitre.org/sites/default/files/media/publication/ 11_4436_2.pdf
  36. Cyber Resiliency Engineering Framework (CREF) Navigator. The MITRE Corporation. Online framework. https://crefnavigator. mitre.org/navigator
  37. Stefan H. Verstappen. The Thirty-Six Strategies of Ancient China, China Books & Periodicals, 1999. ISBN ‏ 0835126420https://www.academia.edu/43976682/Zhuge_Liang_The_ Thirty_Six_Strategies
  38. ISO 22316:2017, Security and resilience — Organizational resilience — Principles and attributes. https://www.iso.org/standard/50053.html
  39. ISO/TS 22318:2021 Security and resilience — Business continuity management systems — Guidelines for supply chain continuity management. https://www.iso.org/standard/ 79001.html
  40. Jason Hay, Patrick Craven, Benjamin Merrel, PhillipWilliams, Grace Wusk (2022) Resiliency in future cislunar space architectures. NASA Resiliency Framework. https:// ntrs.nasa.gov/api/citations/20220018492/downloads/2022-12-1%20NASA%20Resiliency% 20Framework.pdf
  41. Marc Berkowitz Space Mission Resilience, AIAA SPACE 2013 Conference and Exposition September 10-12, 2013. San Diego, CA, 2013. https://doi.org/10.2514/6.2013-5407
  42. Hulse D., Walsh H., Dong A., Hoyle C., Tumer I., Kulkarni C., Goebel K. FMDTOOLS: A Fault propagation Toolkit for Resilience Assessment in Early Design. International Journal of Prognostics and Health Management, 2021, 12(3). https://doi.org/10.36001/ijphm. 2021.v12i3.2954
  43. Analytical framework on risk and resilience UN System Chief Executives Board for Coordination, 2017. https://unsceb.org/sites/default/files/imported_files/RnR_0.pdf
  44. Wang X., Miao S., Tang J. Vulnerability and Resilience Analysis of the Air Traffic Control Sector Network in China. Sustainability 2020, 12, 3749, https://doi.org/10.3390/ su12093749
  45. Shafieezadeh A., Ivey Burden L. Scenario‐Based Resilience Assessment Framework for Critical Infrastructure Systems: Case Study for Seismic Resilience of Seaports. Reliability Engineering & System Safety, 2014, 132, pp. 207-219, https://doi.org/10.1016/j.ress. 2014.07.021
  46. Lu Q. Modeling Network Resilience of Rail Transit under Operational Incidents. Transportation Research Part A: Policy and Practice Volume 117, November 2018, pp. 227-237, https://doi.org/10.1016/j.tra.2018.08.015
  47. Rehak D.; Senovsky P.; Slivkova S. Resilience of Critical Infrastructure Elements and Its Main Factors. Systems, 2018, 6, 21 p. https://doi.org/10.3390/systems6020021
  48. Ouyang M., Fang, Y. A Mathematical Framework to Optimize Critical Infrastructure Resilience against Intentional Attacks. Computer-Aided Civil and Infrastructure Engineering, 2017, 32(11), pp. 909- https://doi.org/10.1111/mice.12252
  49. Rød B., Barabadi A., Gudmestad O. Characteristics of Arctic Infrastructure Resilience: Application of Expert Judgement.; International Society of Offshore and Polar Engineers: Rhodes, Greece, 2016. ISBN 978-1-880653-88-3; ISSN 1098-6189
  50. Mottahedi A.; Sereshki F.; Ataei M.; Nouri Qarahasanlou A.; Barabadi A. The Resilience of Critical Infrastructure Systems: A Systematic Literature Review. Energies, 2021, 14, 1571 p. https://doi.org/10.3390/en14061571
  51. Mohanty S.K.; Chatterjee R.; Shaw R. Building Resilience of Critical Infrastructure: A Case of Impacts of Cyclones on the Power Sector in Odisha. Climate, 2020, 8, 73 p. https://doi.org/10.3390/cli8060073
  52. Carlson J.L., Haffenden R.A., Bassett G.W., Buehring W.A., et. al. Resilience: Theory and Application. Technical Report. Argonne National Lab. (ANL), 2012, https://doi.org/ 2172/1044521.
  53. Petit F., Verner D., Phillips J., Lewis L.P. Critical Infrastructure Protection and Resilience— Integrating Interdependencies. У Advanced Sciences and Technologies for Security Applications. Springer International Publishing, 2018, pp. 193- https://doi.org/10.1007/978-3-319-78021-4_10
  54. Linkov I., Eisenberg D.A., Bates M.E., Chang D., Convertino M., Allen J.H., Flynn S.E., Seager T.P. Measurable resilience for actionable policy. Environmental science & technology, 2013, 47(18), pp. 10108–10110. https://doi.org/10.1021/es403443n, 47
  55. Petit F.D.P., Bassett G.W., Black R., Buehring W.A., Collins M.J., et. al. Resilience Measurement Index: An Indicator of Critical Infrastructure Resilience. Office of Scientific and Technical Information (OSTI), 2013. https://doi.org/10.2172/1087819
  56. Kott A., Linkov I. To Improve Cyber Resilience, Measure It. Computer, 2021, 54(2), pp. 80- https://doi.org/10.1109/mc.2020.3038411
  57. Erik Hollnagel from protection to resilience: Changingviews on how to achieve safety. Ecole des Mines de Paris, CRC, Sophia Antipolis, France, 2008. https://www.academia. edu/22733335/From_protection_to_resilience_Changing_views_on_how_to_achieve_safety?source=swp_share
  58. Fisher R., Norman M. Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources. Journal of business continuity & emergency planning, 2010, 4 (3), pp. 191- PMID: 20826384
  59. Brown C., Seville E., Vargo J. Measuring the organizational resilience of critical infrastructure providers: A New Zealand case study. International Journal of Critical Infrastructure Protection, 2017, 18, pp. 37- https://doi.org/10.1016/j.ijcip.2017.05.002
  60. Deborah Bodeau, Richard Graubart, Rosalie Mcquaid, John Woodill, Jr. Cyber Resiliency Metrics Catalog. The MITRE Corporation, 2018. https://apps.dtic.mil/sti/pdfs/ AD1108040.pdf
  61. Watson J.-P., Guttromson R., Silva-Monroy C., Jeffers R., Jones K. et. al. Conceptual Framework for Developing Resilience Metrics for the Electricity, Oil, and Gas Sectors in the United States. Office of Scientific and Technical Information (OSTI), 2014, https://doi.org/10.2172/1177743
  62. Panagiotis Trimintzios. Measurement Frameworks and Metrics for Resilient Networks and Services: Challenges and Recommendations. The European Network and Information Security Agency (ENISA), 2010. https://www.enisa.europa.eu/ publications/metrics-tech-report/ at_download/fullReport
  63. Linkov I., Eisenberg D.A., Plourde K., Seager T.P., Allen J., Kott A. Resilience metrics for cyber systems. Environment Systems and Decisions, 2013, 33(4), pp. 471- https://doi.org/10.1007/s10669-013-9485-y
  64. Deborah Bodeau, Richard Graubart Cyber Resilience Metrics: Key Observations. MITRE Corporation, 2016. https://apps.dtic.mil/sti/trecms/pdf/AD1107819.pdf
  65. Hosseini S., Barker K., Ramirez‐Marquez J.E. A Review of Definitions and Measures of System Resilience. Reliability Engineering & System Safety, 2016, 145, pp. 47-61, https://doi.org/10.1016/j.ress.2015.08.006.
  66. Francis R., Bekera B. A metric and frameworks for resilience analysis of engineered and infrastructure systems. Reliability Engineering & System Safety, 2014, 121, pp. 90- https://doi.org/10.1016/j.ress.2013.07.004
  67. Pant R., Barker K., Zobel, C.W. Static and dynamic metrics of economic resilience for interdependent infrastructure and industry sectors. Reliability Engineering & System Safety, 2014, 125, pp. 92- https://doi.org/10.1016/j.ress.2013.09.007
  68. Cheng C., Bai G., Zhang Y.-A., Tao J. Improved integrated metric for quantitative assessment of resilience. Advances in Mechanical Engineering, 2020, 12(2), 168781402090606. https://doi.org/10.1177/1687814020906065
  69. Council Recommendation of 8 December 2022 on a Union-wide coordinated approach to strengthen the resilience of critical infrastructure (Text with EEA relevance) 2023/C 20/01 ST/15623/2022/INIT OJ C 20, 20.1.2023, pp. 1-11 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023H0120(01)
  70. Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (Text with EEA relevance) OJ L 345, 23.12.2008, pp. 75-82 https://eur-lex.europa.eu/ legal-content/EN/TXT/?uri=celex:32008L0114
  71. UK Cyber Resilience Strategy for Defence (2022). Ministry of Defence UK. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1073315/20220425-Cyber_Resilience_Strategy_for_Defence.pdf
  72. Presidential Policy Directive — Critical Infrastructure Security and Resilience. (PPD-21) https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
  73. A Guide to Critical Infrastructure Security and Resilience (2019) USA. CISA https://www.cisa.gov/sites/default/files/publications/Guide-Critical-Infrastructure-Security-Resilience-110819-508v2.pdf
  74. Critical Infrastructure Security and Resilience Research, Development, Test, and Evaluation Spend Plan (2022) Science and Technology Directorate USA. https://www.dhs.gov/publication/2022-dhs-congressional-appropriations-reports
  75. ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary https://www.iso.org/standard/73906.html

КОРОБЕЙНІКОВ Федір Олександрович, здобувач, Інститут проблем моделювання в енергетиці ім. Г.Є. Пухова НАН України. Область наукових досліджень — теорія, методи і засоби забезпечення інформаційної безпеки, трастовості та резильєнтності систем, організацій та інфраструктур; інформаційна безпека складних систем. Досвід практичної роботи в цій сфері — понад 20 років.

Повний текст: PDF