ВДОСКОНАЛЕННЯ КІБЕРЗАХИСТУ ЗБРОЙНИХ СИЛ З УРАХУВАННЯМ ДОСВІДУ ПРОТИДІЇ ВІЙСЬКОВИМ КІБЕРОБЕРАЦІЯМ РОСІЙСЬКОЇ ФЕДЕРАЦІЇ В 2022 РОЦІ

Authors

DOI:

https://doi.org/10.28925/2663-4023.2022.17.3145

Keywords:

cyber defense, countermeasures, information security, cyber security, risk management system, decision support system

Abstract

The article considers the possibilities of improving the cyber defense system of the Armed Forces of Ukraine and the Ministry of Defense of Ukraine in accordance with the goals and objectives defined in the decisions of the National Security and Defense Council of Ukraine and the Laws of Ukraine. A review of the requirements of normative documents on information and cyber security of Ukraine and similar documents of the United States of America was carried out. The considered algorithm for developing a risk management system in the direction of information security is outlined in the USA national standards. The scientific novelty of the work is that in the process of developing the risk management system in the information and communication systems (ICS) of the Armed Forces of Ukraine and the Ministry of Defense of Ukraine, it was proposed to create an decision support system that will be based on a specialized knowledge base capable of accumulating experience both during cyber-defense measures of the ICS and during the implementation of cyber-influences on the ICS of the enemy. An overview of open international standardization methods and relevant knowledge bases that can be used to update information on vulnerabilities and countermeasures in IC systems was carried out. The  joint to use of open knowledge bases and specialized knowledge bases potentially can create new opportunities not only during cyber defense, but also during the implementation of cyber influences on the ICS of the enemy, therefore, this direction of research is promising and corresponds to the national interests of Ukraine

Downloads

Download data is not yet available.

References

Lakhno, V., Tereshchuk, A., Petrenko, T. (2016). Improving the cyber protection of information systems due to adaptive technologies for the recognition of cyber attacks. Information Protection, 18(2), 99-106.

Beketova, G., Akhmetov, B., Korchenko, A., Lakhno, A. (2016). Design of a model for intellectual detection of cyber-attacks, based on the logical procedures and the coverage matrices of features. Ukrainian Scientific Journal of Information Security, 22(3), 242-254.

Law of Ukraine "On Protection of Information in Information and Communication Systems" as amended from June 15, 2022. https://zakon.rada.gov.ua/laws/show/80/94-%D0%B2%D1%80#Text.

Law of Ukraine "On National Security of Ukraine" as amended from November 16, 2021. https://zakon.rada.gov.ua/laws/show/2469-19#Text

Decree of the President of Ukraine dated August 26, 2021 No. 447/2021 "On the decision of the National Security and Defense Council of Ukraine dated May 14, 2021 "On the Cyber Security Strategy of Ukraine". https://www.president.gov.ua/documents/4472021- 40013

Order of the State Enterprise "Ukrainian Research and Training Center for Standardization, Certification and Quality Problems" dated December 18, 2015 No. 193. https://zakon.rada.gov.ua/rada/show/v0193774-15#Text

Order of the State Enterprise "Ukrainian Research and Training Center for Standardization, Certification and Quality Problems" dated October 16, 2019 No. 312. https://zakon.rada.gov.ua/rada/show/v0312774-19#Text

Law of Ukraine "On Amendments to Certain Laws of Ukraine Regarding Military Standards" dated June 6, 2019. https://zakon.rada.gov.ua/laws/show/2742-19#Text

Order of the Ministry of Defense of Ukraine "On issues of military standardization" No. 56 of February 24, 2020. https://www.mil.gov.ua/content/nakaz_moy/56_nm.pdf

Resolution of the Cabinet of Ministers of Ukraine No. 1 dated January 10, 2019. https://ips.ligazakon.net/document/KP140671?an=9

Nespoli, P., Marmol, F., Vidal, J. (2021). Battling against cyberattacks: towards pre-standardization of countermeasures. Cluster Computing, 24, 57–81

Calton, J. (2017). Evaluation of the 2015 dod cyber strategy: mild progress in a complex and dynamic military domain. Strategic Studies Institute, US Army War College.

Public Law 107–347 107th Congress, E-Government Act of 2002. https://www.congress.gov/107/plaws/publ347/PLAW-107publ347.pdf

Public Law No: 113-283 113th Congress, Federal Information Security Modernization Act of 2014. https://www.congress.gov/bill/113th-congress/senate-bill/2521/text

FIPS PUB 199. Standards for Security Categorization of Federal Information and Information Systems. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf

FIPS PUB 200. Minimum Security Requirements for Federal Information and Information Systems. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.200.pdf

CNSS № 1253 Categorization and control selection for National Security Systems 29 July 2022. https://www.cnss.gov/CNSS/issuances/Instructions.cfm

NIST SP 800-37 Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

NIST SP 800-53B Control Baselines for Information Systems and Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53B.pdf

Dempsey, K., Witte, G., & Rike, D. (2014). Summary of NIST SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. National Institute of Standards and Technology. https://doi.org/10.6028/nist.cswp.02192014

Stine, K., Kissel, R., Barker, W., Fahlsing, J., Gulick, J. NIST SP 800-60 Vol. 1 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf

Stine, K., Kissel, R., Barker, W., Fahlsing, J., Gulick J. NIST SP 800-60 Vol. 2 Rev. 1 Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v2r1.pdf

Ross, R, McEvilley, M., Oren, J. NIST SP 800-160 Vol. 1 Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf

NIST SP 800-53A Rev. 5 Assessing Security and Privacy Controls in Information Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar5.pdf

Dempsey, K., Chawla, N., Johnson, L., Johnston, R., Jones, A., Orebaugh, A., Scholl, M., Stine, K. NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-137.pdf

Kaur, J., Ramkumar, K. (2022). The recent trends in cyber security: A review. Journal of King Saud University. Computer and Information Sciences, 34(8), 5766-5781

Standley, V., Nuno1, F., Sharpe, J. (2020). Fusing attack detection and severity probabilities: a method for computing minimum-risk war decisions. Computing, 102, 1385–1408.

Bhol, S., Mohanty, J., Pattnaik, P. (2020). Cyber security metrics evaluation using multi-criteria decision-making approach. Smart Intelligent Computing and Applications.

Chowdhury, N., Gkioulos, V. (2021). Cyber security training for critical infrastructure protection: A literature review. Computer Science Review, 40, 100361

Rizwan, A. (2016). Cyber Situational Awareness for the NATO alliance. The Three Swords Magazine 30, 72-75.

Ministry of Defence. (2019, 23 липня). Allied Joint Doctrine for the Planning of Operations (AJP-5). GOV.UK. https://www.gov.uk/government/publications/allied-joint-publication-ajp-05a-allied-joint-doctrine-for-the-planning-of-operations.

Chew, E., Swanson ,M., Stine, K., Bartol, N., Brown, A., Robinson, W. NIST SP 800-55 Rev. 1 Performance Measurement Guide for Information Security. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-55r1.pdf

Downloads


Abstract views: 344

Published

2022-09-29

How to Cite

Baidur, O. (2022). ВДОСКОНАЛЕННЯ КІБЕРЗАХИСТУ ЗБРОЙНИХ СИЛ З УРАХУВАННЯМ ДОСВІДУ ПРОТИДІЇ ВІЙСЬКОВИМ КІБЕРОБЕРАЦІЯМ РОСІЙСЬКОЇ ФЕДЕРАЦІЇ В 2022 РОЦІ . Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(17), 31–45. https://doi.org/10.28925/2663-4023.2022.17.3145