Model for determining the criticality of sectoral information and telecommunication systems
information and telecommunication systems (ITS), critical infrastructure, critical infrastructure object, criticality, criticality rank, functional security profileAbstract
Global trends towards an increase in the number and complexity of cyber-attacks led to the actualization of the issue of information and telecommunication systems (ITS) protection. In particular, sectoral ITS, which are critically important for the functioning of society, the socio-economic development of the state and ensuring the informational component of national security. Taking into account the needs of national security and the need to introduce a system approach to solving the problem of protecting critical infrastructure, at the national level, creating a system for protecting such infrastructure is one of the priorities in the reform of the defense and security sector of Ukraine. Thus, there is a need to develop methods and models for the including of ITS to critical information infrastructure to ensure the national security of Ukraine. The paper presents a model for calculating the level of criticality of sectoral ITS, which, due to the use of a structural-logical and functional model for determining the functional profile of the security of a sectoral ITS, as well as a functional model for calculating the quantitative criterion for assessing the security of ITS, made it possible to increase the accuracy of the decision to assign ITS to the critical category. The use of the developed model makes it possible to make a decision to assign ITS to the category of critical, taking into account the properties of information, such as confidentiality, integrity, availability, observability. In addition, an experimental study of the proposed method was carried out on the example of the ITS of the National Confidential Communication System (NCCS), which verified the adequacy of the method's response to changes in input data. Using the model of calculating the criticality of branch ITs, the calculation of the criticality ranks of malfunctioning of components, subsystems and systems of NCCS was carried out, the calculation of the quantitative indicator of the severity factor of the consequences of the malfunctioning of NCCS, as well as the quantitative indicator of the rank of criticality of NCCS was calculated and, based on this, a conclusion was made regarding the criticality of NCCS.
