CYBERSECURITY INCIDENTS NOTIFICATION MECHANISM AT CRITICAL INFRASTRUCTURE FACILITIES
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1200Keywords:
critical infrastructure facility, cybersecurity event; cybersecurity incident; notification mechanism; cybersecurity event notification; cybersecurity event report.Abstract
The importance of critical infrastructure facilities for the economy, national security, and defense has been demonstrated. This is due to the vital functions and/or services they provide to organizations in both the public and private sectors. Preventing their disruption is achieved by implementing measures and methods to manage, monitor, and assess security risks. Additionally, this involves either eliminating, mitigating the consequences, or recovering from threats once they materialize. At the same time, it involves adapting to emerging security risks. This is achieved by critical infrastructure operators developing appropriate systems, particularly those ensuring cybersecurity. Therefore, preventing negative impacts and consequences is achieved through risk management. In particular, critical infrastructure operators ensure incident response in accordance with the national plan. This necessitates the implementation of a cybersecurity event notification mechanism at critical infrastructure facilities. Analysis of recent studies and publications indicates that they focus primarily on the processes of detecting and responding to cybersecurity incident. In view of this, the cybersecurity event notification mechanism at critical infrastructure facilities is defined as a set of processes within a structured framework for incident management. To this end, the relationships between their components—specifically, activities, information assets, vulnerabilities, and threats—have been taken into account. Among the phases, the primary focus is on planning and preparation, detection and reporting, and assessment and resolution. Each of these phases defines the processes from receiving information about an event to deciding whether it falls into one of the categories—incident or non-incident. Together, they define the cybersecurity event notification mechanism at critical infrastructure facilities. To this end, the guidelines of the international standards ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035-1, 2, 3, harmonized in Ukraine, have been utilized. Particular attention is paid to learning lessons following the reporting of both events and cybersecurity incidents. This approach helps keep processes, cybersecurity event report templates, and related reports up to date.
Downloads
References
Verkhovna Rada of Ukraine. (2021). Law of Ukraine “On critical infrastructure” (No. 1882-20, November 16). https://zakon.rada.gov.ua/laws/show/1882-20#Text
National Bank of Ukraine. (2025). On critical infrastructure of the financial sector (Resolution No. 69, June 27). https://zakon.rada.gov.ua/laws/show/v0069500-25#Text
International Organization for Standardization. (2022). ISO/IEC 27005:2022—Information security risk management.
Mokhor, V. V., Bakalynskyi, O. O., Dorohyi, Y. Y., & Tsurkan, V. V. (2024). Paradigm of new cybersecurity risks. In Cybersecurity of energy (pp. 116–117). Pukhov Institute for Modelling in Energy Engineering NAS of Ukraine. https://doi.org/10.5281/zenodo.14601760
Verkhovna Rada of Ukraine. (2017). Law of Ukraine “On the basic principles of cybersecurity of Ukraine” (No. 2163-19, October 5). https://zakon.rada.gov.ua/laws/show/2163-19#Text
Cabinet of Ministers of Ukraine. (2019). On approval of general requirements for cyber protection of critical infrastructure objects (Resolution No. 518, June 19). https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF#n8
National Bank of Ukraine. (2025). On critical infrastructure of the financial sector (Resolution No. 143, December 9). https://zakon.rada.gov.ua/laws/show/v0143500-25#Text
Cabinet of Ministers of Ukraine. (2022). On approval of the regulation on information exchange between critical infrastructure protection entities (Resolution No. 1174, October 14). https://zakon.rada.gov.ua/laws/show/1174-2022-%D0%BF#Text
Cabinet of Ministers of Ukraine. (2025). On approval of the procedure for interaction of entities in responding to cyber incidents, cyberattacks, and cyber threats (Resolution No. 1471, November 13). https://zakon.rada.gov.ua/laws/show/1471-2025-%D0%BF#n8
Cabinet of Ministers of Ukraine. (2025). Some issues of response to cyber incidents, cyberattacks, and cyber threats (Resolution No. 1533, November 26). https://zakon.rada.gov.ua/laws/show/1533-2025-%D0%BF#n12
State Service of Special Communications and Information Protection of Ukraine. (n.d.). Analytical materials. https://cip.gov.ua/ua/statics/analitichni-materiali-derzhspeczv-yazku
Khoroshko, V. O., & Brailovskyi, M. M. (2021). Management of conflicts and information security incidents on the Internet. Informatics and Mathematical Methods in Modeling, 11(1–2), 15–25. https://doi.org/10.15276/imms.v11.no1-2.15
Senarath, Y., Mukhopadhyay, A., Vazirizade, S. M., Purohit, H., Nannapaneni, S., & Dubey, A. (2021). Practitioner-centric approach for early incident detection using crowdsourced data. In IEEE International Conference on Data Mining (pp. 1318–1323). https://doi.org/10.1109/ICDM51629.2021.00164
Nowikowska, M. (2022). The main tasks of CSIRT networks under the national cybersecurity system in Poland. In K. Chałubińska-Jentkiewicz et al. (Eds.), Cybersecurity in Poland (pp. 223–242). Springer. https://doi.org/10.1007/978-3-030-78551-2_15
Khlaponin, Y. I., Kozubtsov, I. M., Kozubtsova, L. M., & Shtonda, R. M. (2022). Functions of cybersecurity systems for critical infrastructure. Cybersecurity: Education, Science, Technique, 3(15), 124–134. https://doi.org/10.28925/2663-4023.2022.15.1241341
Fayzullajon, B., Azam, G., & Sherzod, S. (2023). Handling information security events and incidents. In Inventive Communication and Computational Technologies (Vol. 383, pp. 509–514). Springer. https://doi.org/10.1007/978-981-19-4960-9_40
Subach, I. Y., & Vlasenko, O. V. (2023). Architecture of an intelligent SIEM system for detecting cyber incidents in military information systems. Systems and Technologies of Communication, Informatization and Cybersecurity, 4, 82–92. https://doi.org/10.58254/viti.4.2023.07.82
Basan, E., Bystraya, Z., Mogilny, A., Lesnikov, A., & Lapin, V. (2024). Development of a framework for describing security incidents. In Advanced Information Security Management and Applications (Vol. 863, pp. 19–30). Springer. https://doi.org/10.1007/978-3-031-72171-7_3
Shulha, V. P., Ivanchenko, Y. V., Vyshnevska, N. S., & Berber, A. S. (2024). Methods and models for assessing cybersecurity of critical infrastructure. Modern Information Protection, 3, 6–19. https://doi.org/10.31673/2409-7292.2024.030001
Busetti, S., & Scanni, F. M. (2025). Evaluating incident reporting in cybersecurity: From threat detection to policy learning. Government Information Quarterly, 42(1), 1–17. https://doi.org/10.1016/j.giq.2024.102000
Sydorenko, V. M., & Maksymets, A. V. (2025). Decision-making method for cybersecurity incident management in critical infrastructure. Information Security, 31(2), 93–97. https://doi.org/10.18372/2225-5036.31.20701
International Organization for Standardization. (2022). ISO/IEC 27001:2022—Information security management systems—Requirements.
International Organization for Standardization. (2022). ISO/IEC 27002:2022—Information security controls.
International Organization for Standardization. (2023). ISO/IEC 27035-1:2023—Information security incident management—Part 1: Principles and process.
International Organization for Standardization. (2023). ISO/IEC 27035-2:2023—Guidelines for incident response preparation.
International Organization for Standardization. (2020). ISO/IEC 27035-3:2020—Guidelines for ICT incident response operations.
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Василь Цуркан, Владислав Ракович
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
