MODEL FOR CALCULATING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE FACILITIES

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.28.829

Keywords:

cybersecurity, critical infrastructure, critical infrastructure facilities, cybersecurity measures, assessment of the state of cybersecurity of critical infrastructure

Abstract

The growing number of cyberattacks on critical infrastructure facilities in Ukraine is a steady trend that necessitates systematic improvement of approaches to cybersecurity. The issue of improving the security of information and communication systems and information resources of critical information infrastructure facilities is of particular relevance. Despite the existence of certain mechanisms in Ukrainian legislation for assessing the state of cybersecurity of such facilities, their practical implementation remains difficult and resource-intensive. In many cases, critical infrastructure owners and operators do not have sufficient capacity to effectively implement the established requirements, which necessitates the development of more accessible and adaptive assessment models. At the current stage in Ukraine, the process of identification and protection of critical infrastructure is at an initial level, which creates risks for national security and the functioning of important social systems. The article proposes a model for calculating the level of cybersecurity of critical information infrastructure facilities, which provides for the possibility of expanding the system of characteristics by applying a set-theoretic approach. The formalization of subsets of criteria (classes of cybersecurity measures) and the corresponding system of parameters is carried out, which allows for a quantitative assessment of the level of security of the object. The proposed model has the potential for practical use as a tool for monitoring and improving the effectiveness of cybersecurity measures. In further research, it is planned to use the proposed model to develop a method for improving the level of cybersecurity.

Downloads

Download data is not yet available.

References

State Cyber Protection Center of the State Service of Special Communications and Information Protection of Ukraine. (2024). Russian cyber operations. H2 ‘2024. https://cip.gov.ua/services/cm/api/attachment/download?id=68769

State Service of Special Communications and Information Protection of Ukraine. (2024). Cyberattacks on Ukraine: Russia is trying to gain any information for an advantage in conventional warfare. https://cip.gov.ua/ua/news/kiberataki-na-ukrayinu-za-dopomogoyu-khakeriv-rosiya-namagayetsya-otrimati-bud-yaku-informaciyu-yaka-mozhe-dati-yii-perevagu-v-konvenciinii-viini

Gnatyuk, S., Sydorenko, V., & Polozhentsev, A. (2023). Method for cybersecurity level evaluation in the civil aviation critical infrastructure. Proceedings of the International Workshop on Advances in Civil Aviation Systems Development (ACASD 2023), 736, 203–214). https://doi.org/10.1007/978-3-031-38082-2_16

Gnatyuk, S., Sydorenko, V., Polozhentsev, A., & Sotnichenko, Y. (2020). Experimental cybersecurity level determination in the civil aviation critical infrastructure. In 2020 International Conference on Problems of Infocommunications Science and Technology (PIC S&T), 757–764. IEEE. https://doi.org/10.1109/PICST51311.2020.9467987

On the Basic Principles of Ensuring Cybersecurity of Ukraine, Law of Ukraine No. 2163-VIII (2025) (Ukraine). https://zakon.rada.gov.ua/laws/show/2163-19#Text

On the Protection of Information in Information and Telecommunication Systems, Law of Ukraine No. 80/94-VR (1994) (Ukraine).

On the Basic Principles of Cybersecurity in Ukraine, Law of Ukraine No. 2163-VIII. (2017) (Ukraine)

On Approval of General Requirements for Cybersecurity of Critical Infrastructure Facilities, Resolution No. 518 (2019) (Ukraine).

Administration of the State Service of Special Communications and Information Protection of Ukraine. (2021). Methodological recommendations on improving the level of cybersecurity of critical information infrastructure (Order No. 601 dated October 6, 2021). https://cip.gov.ua/ua/news/nakaz-ad-2021-10-06-601

National Institute of Standards and Technology. (n.d.). Cybersecurity Framework. https://www.nist.gov/cyberframework

Yudina, D. O. (2023). Cybersecurity measures for critical information infrastructure facilities against cyber threats and cyber attacks. In Challenges and Threats to Critical Infrastructure, 89–93. Detroit, MI: NGO Institute for Cyberspace Research.

Yudina, D. O., Shulha, V. P., Khorchenko, O. H., Ivanchenko, Y. V., Bakalynskyi, O. O., Myalkovskyi, D. V., & Zubkov, D. A. (2023). Method for assessing the cybersecurity state of a critical infrastructure facility under review. Problems of Creation, Testing, Application, and Operation of Complex Information Systems: Collection of Scientific Papers of ZhVI, 25(II), 40–57.

Zhylin, A., Beliavsky, V., & Bakalynsky, O. (2024). NIST CSF 2.0: New cybersecurity framework from the National Institute of Standards and Technology of the United States. Ukrainian Scientific Journal of Information Security, 30(1), 73–76.

Cybersecurity and Infrastructure Security Agency. (2023). CISA Cybersecurity Performance Goals. https://www.cisa.gov/sites/default/files/2023-03/CISA_CPG_REPORT_v1.0.1_FINAL.pdf

Downloads


Abstract views: 0

Published

2025-06-26

How to Cite

Yudina, D. (2025). MODEL FOR CALCULATING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE FACILITIES. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(28), 586–598. https://doi.org/10.28925/2663-4023.2025.28.829

Issue

Vol. 4 No. 28 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Діана Юдіна

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.