AN INTEGRATED APPROACH TO CYBERSECURITY AND CYBERCRIME INVESTIGATION OF CRITICAL INFRASTRUCTURE THROUGH A RANSOMWARE INCIDENT MONITORING SYSTEM
DOI:
https://doi.org/10.28925/2663-4023.2023.21.286296Keywords:
critical infrastructure; ransomware; monitoring; cybercrime; information systems; cybersecurity audit; artificial intelligence; information security; cybersecurity; information security system; information security framework.Abstract
In today's rapidly growing digitalised world, cybersecurity is becoming increasingly important in protecting national security, the economy and public welfare. Critical infrastructure, such as energy, transport, financial services and healthcare, is particularly vulnerable to cybersecurity threats, including ransomware. Our proposed integrated approach to strengthening cybersecurity and investigating cybercrime in these sectors emphasises the importance of an incident monitoring system. It relies on three key pillars: the development of advanced monitoring systems that incorporate artificial intelligence to rapidly detect and analyse threats; in-depth comprehensive risk assessments to identify potential vulnerabilities; and active interagency cooperation for coordinated incident response. A detailed look at the technical aspects of the monitoring system, including its architecture and machine learning algorithms, highlights its ability to predict and detect cyber threats in real time. It also discusses the legal and ethical dimensions of data collection and processing, which are critical to ensuring privacy and trust. By analysing real-life cases, we demonstrate how an integrated approach can significantly improve cybersecurity by ensuring effective detection, rapid response and neutralisation of cyber threats. Special attention is paid to successful cases of detecting and blocking attacks, which emphasises the importance of a comprehensive approach to protecting critical infrastructure. In the final part of the article, we consider the prospects for the development of critical infrastructure cybersecurity, focusing on the need for continuous technology upgrades, improved risk assessment methods, and expanded interagency and international cooperation. The importance of adapting to the changing cyber landscape and implementing innovative solutions to strengthen resilience in the face of emerging threats is emphasised. This article makes a significant contribution to the development of integrated cybersecurity strategies, emphasising that the combination of advanced monitoring technologies, in-depth risk assessment and strong interagency cooperation can significantly increase society's ability to effectively counter cyber threats and ensure the security of critical infrastructure.
Downloads
References
Kovaliv, M., Skrynkovskyi, R., Nazar, Y., & Esimov, S. (2020). Legal support of cybersecurity of critical information infrastructure of Ukraine. http://dspace.lvduvs.edu.ua/handle/1234567890/3731.
Sinitsyn, I., Ihnatenko, P., Slabospytska, O., & Artemenko, O. (2021). An integrated approach to building a cyber defense system for the critical information infrastructure of the state. Information Protection. http://dspace.nbuv.gov.ua/bitstream/handle/123456789/144499/08-Sinitsyn.pdf?sequence=1.
CORDIS, cordis.europa.eu. (December 11, 2023). Cyber security incident handling, warning and response system for the european critical infrastructures | cybersane project | fact sheet | H2020 | CORDIS | european commission. CORDIS | European Commission. https://cordis.europa.eu/project/id/833683
Cyber incident reporting for critical infrastructure - considerations for the space industry. Berkeley Technology Law Journal. https://btlj.org/2024/01/cyber-incident-reporting-for-critical-infrastructure-considerations-for-the-space-industry/.
Cyber security and IT infrastructure protection. (2014). Elsevier. https://doi.org/10.1016/c2011-0-08750-1
Dudykevych, V. B., Opirskyy, I. R., & Susukaylo, V. A. (2016). The analysis of existing approaches to deal with unauthorized access to the information networks of the state on the basis of game theory. Scientific Bulletin of UNFU, 26(3), 345-349. https://doi.org/10.15421/40260357
Military, U. S., Department of Defense (Dod) & Clemente, J. (2018). Cyber security for critical energy infrastructure - enhancing electrical grid security, attacks on ukrainian and western energy sectors, critical infrastructure management, safeguards, mitigation. Independently Published.
Mitropoulos, S., Patsos, D., & Douligeris, C. (2006). On incident handling and response: A state-of-the-art approach. Computers & Security, 25(5), 351-370. https://doi.org/10.1016/j.cose.2005.09.006
Neittaanmaki, P., & Lehto, M. (2022). Cyber security: Critical infrastructure protection. Springer International Publishing AG.
Papastergiou, S., Mouratidis, H., Kalogeraki, EM. (2019). Cyber Security Incident Handling, Warning and Response System for the European Critical Information Infrastructures (CyberSANE). In: Macintyre, J., Iliadis, L., Maglogiannis, I., Jayne, C. (Eds) Engineering Applications of Neural Networks. EANN 2019. Communications in Computer and Information Science, Vol 1000. Springer, Cham. https://doi.org/10.1007/978-3-030-20257-6_41
Uchenna D Ani, Jeremy D McK Watson, Nilufer Tuptuk, Steve Hailes, Madeline Carr, Carsten Maple. (2022). Improving the cybersecurity of critical national infrastructure using modeling and simulation. http://arxiv.org/abs/2208.07965v1
U.D. Ani ; J.D. McK Watson ; J.R.C. Nurse ; A. Cook ; C. Maples (2019). A review of critical infrastructure protection approaches: Improving security through responsiveness to the dynamic modelling landscape. https://doi.org/10.1049/cp.2019.0131
von der Assen, J., Feng, C., Huertas Celdrán, A., Oleš, R., Bovet, G., & Stiller, B. (2024). GuardFS: A file system for integrated detection and mitigation of linux-based ransomware. http://arxiv.org/pdf/2401.17917v1.pdf.
Zhuravchak, D. (2021). Ransomware spread prevention system using python, auditd and linux. Electronic Professional Scientific Edition "Cybersecurity: Education, Science, Technique". https://doi.org/10.28925/2663-4023.2021.12.108116
Zhuravchak, D., Dudykevych, V., & Tolkachova, A. (2023). Study of the structure of the system for detecting and preventing ransomware attacks based on endpoint detection and response. Cybersecurity: Education, Science, Technique, 3(19), 69-82. https://doi.org/10.28925/2663-4023.2023.19.6982
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Олег Гарасимчук, Андрій Партика, Олена Нємкова, Ярослав Совин
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
