METHODOLOGICAL PRINCIPLES OF ESTABLISHMENT AND FUNCTIONING OF THE CYBER SECURITY CENTER OF INFORMATION INFRASTRUCTURE OF NUCLEAR ENERGY FACILITIES
DOI:
https://doi.org/10.28925/2663-4023.2021.12.172186Keywords:
information security center; nuclear power facilities; model of cybersecurity management system; critical infrastructure; countering cyber threatsAbstract
Nuclear power facilities (UAEs) are complex structural systems that operate large arrays of information flows, the distortion or blocking of which can potentially lead to inadequate and even catastrophic situations. Constant continuous automated control of the technical means of these objects is the key to ensuring the safety of man, society and the state. Therefore, ensuring the warranty of automated systems of the UAE as a technological basis for their functioning is a priority task of scientific research and development in this field. In the world's growing number and capacity of cyber attacks on critical information systems, long-standing confrontation of the state with hybrid war of limited financial resources, coordination and concentration of efforts to ensure cybersecurity of the UAE is the only way to solve certain problems in the industry. The purpose of such events should be to build a single cybersecurity center of the UIA. The creation of such a center should raise the state of information and functional security of enterprises of the industry to a qualitatively new level. The main tasks of the center are: ensuring the implementation of components of the organizational and technical model of information protection and cyber security; establishing mandatory information security requirements for critical information infrastructure objects taking into account international standards and industry specifics, including relevant critical information infrastructure facilities; monitoring of information security and information security at nuclear power facilities; countering cyber threats by raising general situational awareness of incidents and vulnerabilities among industry institutions and their critical infrastructure; preventing intrusion by sharing information and organizing initiatives; reducing vulnerabilities, preventing threats and their effective localization; monitoring of counteraction to threats at nuclear power facilities; stimulating and conducting training and raising the level of information awareness in terms of cybersecurity among critical infrastructure managers, appropriate testing, research and development. The functioning of the center will allow to coordinate and monitor the implementation of measures to deploy the information security system for critical information infrastructure facilities at nuclear power facilities. In addition, it will also prevent interference in information systems by exchanging information and functioning of centralized and decentralized technological systems and organizational initiatives. This will reduce the available vulnerabilities, reduce the possibility of new ones and effectively identify them when there are appropriate threats. The Center will protect against the whole range of threats, working with specialized services in a virtual environment, encouraging and conducting training on information security among specialists; will monitor and implement information security standards by subjects of critical infrastructure of nuclear power facilities; will develop and implement new security measures to reduce the risk of information and cyber threats, which are constantly changing and developing rapidly.
Downloads
References
Nosovsky, A.V. (2021). Naukovo-tekhnichnyi suprovid robit z podolannia naslidkiv chornobylskoi katastrofy. [Scientific and technical support of work to overcome the consequences of the Chernobyl disaster]. Bulletin of the National Academy of Sciences of Ukraine, (7), 32–36. Nosovskyi, A. V. (2021). Visnyk Natsionalnoi akademii nauk Ukrainy - Bulletin of the National Academy of Sciences of Ukraine, (7), 32–36 [In Ukraine]
Provedenye otsenok kompiuternoi bezopasnosty na yadernikh ustanovkakh. [Conducting computer security assessments at nuclear facilities.] (2018). Mezhdunarodnoe ahentstvo po atomnoi enerhyy - International Atomic Energy Agency.
Park, J. K., Suh, Y. S., & Park, C. (2016). Implementation of cyber security for safety systems of nuclear facilities. Progress in Nuclear Energy, 88, 88–94.
Poresky, C., Andreades, C., Kendrick, J., & Peterson, P. (2017). Cyber Security in Nuclear Power Plants: Insights for Advanced Nuclear Technologies. (UCBTH-17-001). CA.
Berg, H.-P. (2017). Cybersecurity of critical infrastructures such as nuclear facilities. ENERGETIKA, 63(4), 141–145.
Pohosov, O. Yu., & Derevianko, O. V. (2017). Fizychnyi zakhyst AES ta informatsiina bezpeka yak neobkhidni umovy znyzhennia ryzykiv yadernykh i radiatsiinykh avarii. [Physical protection of NPPs and information security as necessary conditions for reducing the risks of nuclear and radiation accidents]. Yaderna ta radiatsiina bezpeka - Nuclear and radiation safety, 3(75), 50–55 [In Ukraine]
Chumak, D. V., & Klevtsov, O. L. (2015). Komp‘iuterna bezpeka na yadernykh obiektakh v Ukraini: oblasti vzaiemodii mizh yadernoiu bezpekoiu ta zakhyshchenistiu. [Computer security at nuclear facilities in Ukraine: areas of interaction between nuclear safety and security] Yaderna ta radiatsiina bezpeka - Nuclear and radiation safety, 3(67), 60–64. [In Ukraine]
Shkarlet, S., Lytvynov, V., Dorosh, M., Trunova, E., & Voitsekhovska, M. (2019). The Model of Information Security Culture Level Estimation of Organization. Advances in Intelligent Systems and Computing, 1019, 249–258.
Lytvynov, V. V., Kazymyr, V. V., Stetsenko, I. V., Trunova, O. V., & Skiter, I. S. (2017). Metody analizu ta modeliuvannia bezpeky rozpodilenykh informatsiinykh system [Methods of analysis and modeling of security of distributed information systems]. Natsionalnyi tekhnolohichnyi universytet. [In Ukraine]
Lytvynov, V. V., Stoianov, N., Skiter, I. S., Trunova, O. V., & Hrebennyk, A. H. (2018). Zakhyst korporatyvnykh merezh vid atak z vykorystanniam kontent-analizu hlobalnoho informatsiinoho prostoru. [Protection of corporate networks from attacks using content analysis of the global information space]. Tekhnichni nauky ta tekhnolohii - Technical sciences and technologies,1(11), 115–130. [In Ukraine]
Computer security at nuclear facilities : reference manual : technical guidance. (2011). International Atomic Energy Agency.
International Electrotechnical Commission. (2009). Nuclear power plants — Instrumentation and control important to safety — Classification of instrumentation and control functions. (IEC 61226.).
International Electrotechnical Commission. (2014). Nuclear power plants — Instrumentation and control systems — Requirements for security programmes for computerbased system. (IEC 62645).
Cyber Security in the Energy Sector. Recommendations for the European Commission on a European Strategic Framework and Potential Future Legislative Acts for the Energy Sector (E03341). (2017). Energy Expert Cyber Security Platform (EECSP).
Technical Committee for Standardization "Information Technology" (TC 20) at Derzhspozhyvstandart of Ukraine and the International Research and Training Center (2004). Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 2. Keruvannia ta planuvannia bezpeky IT [nformation Technology. Information Technology (IT) Security Management Guidelines. Part 2. IT security management and planning] (41033) (DSTU ISO . DSTU ISO/TR 13335-2:2003). DP «UkrNDNTs».
Technical Committee for Standardization "Information Technology" (TC 20) with the participation of the Technical Committee for Standardization "Banking and Financial Systems". (2016). Informatsiini tekhnolohii. Metody zakhystu. Systemy upravlinnia informatsiinoiu bezpekoiu. Vymohy [Information Technology. Methods of protection. Information security management systems. Requirements] (DSTU ISO/IEC 27001:2015). DP «UkrNDNTs».
Technical Committee for Standardization "Information Technology" (TC 20). (2014). Informatsiini tekhnolohii. Metody bezpeky. Systemy menedzhmentu informatsiinoiu bezpekoiu. Vymohy [Information Technology. Security methods. Information security management systems. Requirements] (17. DSTU ISO/IEC 27001:2013). DP «UkrNDNTs».
Turner, P. L., Adams, S. S., & Hendrickson, S. M. (2017). Enhancing Power Plant Safety through Simulated Cyber Events. Submitted to the American Nuclear Society’s. У 10th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human Machine Interface Technologies (с. 301–313). American Nuclear Society ( ANS ).
Program on Technology Innovation: Analysis of Hazard Models for Cyber Security, Phase I (000000003002004995). (2015). EPRI.
Program on Technology Innovation: Cyber Hazards Analysis Risk Methodology, Phase II: A Risk Informed Approach. (000000003002004997). (2015). EPRI.