ANALYSIS OF SYSTEMIC AND PERSONALIZED FACTORS OF ORGANIZATIONAL AND RESOURCE CONDITIONS CYBER SECURITY ENDUEMENT ACTIVITIES BODIES OF STATE AUTHORITY AND CRITICAL INFRASTRUCTURES OF UKRAINE

Abstract

The article is devoted to approaches to ensuring the adequacy of the resource provision of cyber protection activities of state authorities and critical infrastructure objects to the objective requirements of achieving the normative (defined by the Cybersecurity Strategy of Ukraine and UL "On the basics of cyber security in Ukraine) level of effectiveness and performance of the national cyber defense system. The article uses a factor analysis of organizational and resource factors of the potentially achievable and actually implemented level of cyber protection of state authorities and critical infrastructure objects. Factors are structured into two groups: systemic and personalized. The first express the degree of compliance of the rules and the norms of resource provision for cyber protection activities of state authorities and critical infrastructure objects provided by the current legal acts with the actual tasks and objective needs of achieving the desired level of cyber security. The second reflects the degree of realization of the potential created by existing regulations and norms. It is substantiated that the strengthening of the influence of the vertical implementation of the centralized national cyber security policy to compensate for the excessive differentiation of the organizational and resource conditions of cyber protection activity, caused by the specificity of the resource capabilities and organizational solutions of a certain state institution, is a significant source of reserves for approaching the normative level of cyber security in Ukraine. In particular, the lack of a continuous chain of management signals’ transmission and ensuring the circulation of information between objects and subjects of management from the center of development the cyber security policy in state authorities to the departments of their implementation and considering the specifics of the relevant industry makes it impossible to achieve the normative level of cyber security in the state authorities of Ukraine and critical infrastructure objects.