BASIC ASPECTS OF CONFIDENTIAL INFORMATION SECURITY IN CRITICAL INFORMATION INFRASTRUCTURE OBJECTS
DOI:
https://doi.org/10.28925/2663-4023.2020.9.170181Keywords:
cybersecurity; critical information infrastructure; information-communication technology; confidential information; security requirements; classificationAbstract
The rapid development of information and communication technologies has increased the vulnerabilities of various networks, systems and objects as well as made it much more difficult to ensure their reliable protection and security. All these factors have led to the fact that the world's leading countries have begun to pay considerable attention to cybersecurity and critical information infrastructure protection. However, the protection of various types of information with restricted access (in particular, confidential information) at critical infrastructure objects remains unexplored. With this in mind, the paper analyzes the existing approaches of the world's leading countries to the confidential information protection at critical infrastructure. The analysis revealed that today there are no comprehensive, multifunctional methods of protecting confidential information at critical information infrastructure. In addition, the classification of critical information infrastructure objects according to information security requirements is developed. This classification by determining the type of processing information, possible access modes and criticality category, allows to ensure unity of approaches to protection of these objects belonging to different types, including information systems, automated control systems and information-telecommunication networks.
Downloads
References
ISO/IEC 27032, Information technology – Security techniques – Guidelines for cybersecurity, 2012, 50 p.
Gnatyuk S. «Cyberterrorism: history of development, modern trends and countermeasures», Bezpeka informatsii, 2013, vol. 19, № 2, pp. 118-129 (in Ukrainian).
Law of Ukraine «About basic issues of cybersecurity ensuring in Ukraine», 05.10.2017 р., № 2163-VIII, Access mode: http://zakon0.rada.gov.ua/laws/show/2163-19
Decision of Cabinet of Ministries of Ukraine «About General requirements for cybersecurity of critical infrastructures objects», 19.06.2019, № 518, Ind. 49.
Project of Law of Ukraine «About critical infrastructure and its security», Access mode: http://search.ligazakon.ua/l_doc2.nsf/link1/JH7YW00A.html (17.07.2020).
Discussion on Project of Law of Ukraine «About critical infrastructure and its security» Access mode: https://www.ppl.org.ua/nadpovnovazhennya-dlya-sbu-i-obmezhennya -dostupu-do-informaci%D1%97-zakonoproekt-pro-kritichnu-infrastrukturu-vid-minekonomrozvitku.html (17.07.2020).
Law of Ukraine «About access to public information», 13.01.2011, № 2939-VI.
Critical infrastructures objects security against terroristic attacks, UN, 2018, 152 p. Access mode: https://www.un.org/sc/ctc/wp-content/uploads/2019/07/RUS-compendium-final.pdf
Charter on main rules of EU, Nice agreement and extension of EU, 2001, 124 p.
Council Directive on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (СD 2008/ 114/EC), Access mode: https://eur-lex.europa.eu/legalcontent/EN/TXT/? uri=uriserv%3AOJ.L_ .2008.345.01.0075.01.ENG (17.07.2020).
Trusted network for information exchange. Access mode: https://tisn.gov.au/
France 2014, General instruction on life safety, General Secretary on defense and national security (№6600 / SGDSN / PSE / PSN). Access mode: http://circulaire.legifrance. gouv.fr/ pdf/2014/01/cir 37828.pdf (17.07.2020).
Information gateway of critical infrastructure. Access mode: https://cigatewav.ps.gc.ca/lavouts/pscbranding / trms- eng.pdf (17.07.2020).
Mikhalevych I.F. Issues of critical information infrastructure objects classification by information security, XIII All Russian meeting on management problems VSPU-2019, pp. 2587-2590 (in Russian).
Technique for categorization the state and private objects to critical objects for national security of Russian Federation (annualized 30.12.2019 N 43-7134-11).
Melekh O.V., Maksymovych E.P., Fisenko V.K. Classification of critical objects of informatisation by requirements of physical protection by claster analysis, Artificial Intelligence, 2010, № 4, pp. 666-677 (in Russian).
ICAO Aviation Security Manual, Doc 8973, Restricted, 2019.
