EXPERIMENTAL STUDY OF THE MODEL FOR CALCULATING THE QUANTITATIVE CRITERIA FOR ASSESSING THE SECURITY LEVEL OF INFORMATION AND TELECOMMUNICATION SYSTEMS IN CRITICAL INFRASTRUCTURE OF THE STATE
DOI:
https://doi.org/10.28925/2663-4023.2022.16.618Keywords:
information and telecommunication system, critical infrastructure, critical infrastructure object, cybersecurity, security assessment criterion, functional security profileAbstract
Global trends in the number and complexity of cyber-attacks have led to the information and telecommunications systems (ITS) protection, in particular, industry, which are critical to society, socio-economic development and information component of national security. Given the needs of national security and the need to introduce a systematic approach to solving the problem of critical infrastructure protection, at the national level, creating a system of protection of such infrastructure is one of the priorities in reforming the defense and security sector of Ukraine. Thus, there is a need to develop methods and models for classifying ITS as a critical infrastructure to ensure Ukraine's national security. The paper studies the model of calculating the quantitative criterion for assessing the security of ITS based on the method of hierarchy analysis, which allowed the processing of expert assessments to obtain a quantitative indicator of ITS security. This made it possible to simplify the procedure for selecting experts, to avoid the specifics of processing expert data, as well as to assess ITS in a limited amount of statistics. The developed model allows to move from qualitative assessment in the form of an ordered series of alphanumeric combinations denoting the levels of implemented services, to quantitative assessment in the form of the ratio of functional security profiles. In addition, specialized software has been developed that implements the studied model, which allowed to conduct experimental research and verification of this model on the example of ITS of the National Confidential Communications System. In further research, the authors plan to investigate the model for calculating the quantitative criterion for assessing the security of ITS in other areas of critical infrastructure (energy, transport etc.).
Downloads
References
Pro osnovni zasady zabezpechennia kiberbezpeky Ukrainy, Zakon Ukrainy № 2163-VIII (2021) (Ukraina). https://zakon.rada.gov.ua/laws/show/2163-19#Text
Iudin, O., Sydorenko, V., Hnatiuk, S., Verkhovets, O. (2021). Model rozrakhunku kilkisnoho kryteriiu otsiniuvannia zakhyshchenosti informatsiino-telekomunikatsiinykh system krytychnoi infrastruktury derzhavy. Suchasni informatsiini systemy, 5(4), 109–115.
Hnatiuk, S., Yudin, O., Sydorenko, V., Yevchenko, Ya. (2021). Metod formuvannia funktsionalnoho profiliu zakhyshchenosti haluzevykh informatsiino-telekomunikatsiinykh system. Kiberbezpeka: osvita, nauka, tekhnika, 3(11), 166-182.
Pro Stratehiiu kiberbezpeky Ukrainy, Rishennia Rady natsionalnoi bezpeky i oborony Ukrainy (2016) (Ukraina). https://zakon.rada.gov.ua/laws/show/n0003525-16#Text
Pro krytychnu infrastrukturu, Zakon Ukrainy № 1882-IX (2021) (Ukraina). https://zakon.rada.gov.ua/laws/show/1882-20#Text
Sarkar, T., Salazar-Palma, M., Zhu, M., Chen, H. (2021). Mathematical Principles Related to Modern System Analysis. In Modern Characterization of Electromagnetic Systems and its Associated Metrology (p. 1–20). IEEE. https://doi.org/10.1002/9781119076230.ch1
Guo, X., Gao, M., Zhang, M., Chen, Y., Tseng, S.-P. (2020). Design and Implementation of Teaching Quality Assessment System based on Analytic Hierarchy Process Fuzzy Comprehensive Evaluation method. In 2020 8th International Conference on Orange Technology (ICOT). IEEE. https://doi.org/10.1109/icot51877.2020.9468778.
Sandoval-Alfaro, O. E., Quintero-Meza, R. R. (2021). Application of Data Analytics Techniques for Decision Making in the Retrospective Stage of the Agile Scrum Methodology. In 2021 Mexican International Conference on Computer Science (ENC). IEEE. https://doi.org/10.1109/enc53357.2021.9534800.
Vvedenye v teoryiu nechetkykh mnozhestv (A. Kofman, Per.). (1982). Radyo y sviaz.
Ma, Z., Wang, S., Deng, X., & Jiang, W. (2018). An improved approach for adversarial decision making under uncertainty based on simultaneous game. In 2018 Chinese Control And Decision Conference (CCDC). IEEE. https://doi.org/10.1109/ccdc.2018.8407545.
Iudin, O., Hnatiuk, S. (2017). Analiz vymoh do elementiv informatsiino-telekomuni-katsiinykh system upravlinnia enerhetychnoiu infrastrukturoiu, yaki zabezpechuiut kiberzakhyst, Perspektyvni napriamy zakhystu informatsii. In Tretia vseukrainska nauk.-prakt. konf. ONAZ.
ND TZI 2.5-004-99, Kryterii otsinky zakhyshchenosti informatsii v kompiuternykh systemakh vid nesanktsionovanoho dostupu, DSTSZI SB Ukrainy, 1999.
Gnatyuk, S., Sydorenko, V., Polozhentsev, A., & Sotnichenko, Y. (2020). Experimental Cybersecurity Level Determination in the Civil Aviation Critical Infrastructure. In 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T). IEEE. https://doi.org/10.1109/picst51311.2020.9467987.
Svidotstvo pro reiestratsiiu avtorskoho prava na tvir № 9 vid 14 lypnia 2018 r., UA.IeABA.18013-01 34 01, Derzhavna sluzhba intelektualnoi vlasnosti Ukrainy, «Prohramne zabezpechennia rozrakhunku koefitsiientu krytychnosti informatsiino-telekomunikatsiinykh system».
