ВПРОВАДЖЕННЯ НОВИХ ЗАСОБІВ І МЕТОДІВ ПІДВИЩЕННЯ РІВНЯ КІБЕРБЕЗПЕКИ ОБ’ЄКТІВ КРИТИЧНОЇ ІНФРАСТРУКТУРИ

Andrii Davydiuk

doi:10.18372/2410-7840.25.17937

Authors

Andrii Davydiuk department of security of information technologies of the National Aviation University; G.E. Pukhov IMEE NAS of Ukraine, Technical researcher NATO CCDCOE https://orcid.org/0000-0003-1238-2598

DOI:

https://doi.org/10.18372/2410-7840.25.17937

Keywords:

vulnerability management, SCAP, description of a pattern-based cyber-attack with a man-aged system behavior trajectory, risk assessment, visual analytics, anti-phishing infrastructure, knowledge and experience sharing system

Abstract

Existing methods and means of ensuring cyber security of critical information infrastructure objects, developed on the basis of international standards and best practices, are quite effective in peacetime conditions, but do not take into account the hybrid nature of war, in which new threats appear, in particular, such as physical destruction , capture by the enemy, the lack of possibility of constant monitoring and control, limitations in defense resources and available personnel, problems in the supply of recovery equipment, interruptions in information exchange processes, the need for frequent changes in operating conditions, dynamic growth in the number and quality of cyber-attacks, etc., due to which their efficiency drops significantly. In view of this, there is a need to develop new and improve existing methods and means of cyber protection in order to increase the level of cyber security of critical infrastructure. The safety of the population and the performance of combat tasks by the troops depend on ensuring the cyber security of critical information infrastructure facilities as an integral part of critical infrastructure facilities.

References

OWASP Top Ten | OWASP Foundation. OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. URL: https:// owasp.org/www-project-top-ten/ (date of access: 31. 07.2023).

Souppaya M., Scarfone K. Guide to enterprise patch management technologies. National Institute of Standards and Technology, 2013. URL: https://doi. org/10.6028/ nist.sp.800-40r3 (дата звернення: 26. 02.2023).

Palmaers T. Implementing a vulnerability management process. Egnyte. URL: https://sansorg.egnyte. com/dl/2IL7fioFhM (date of access: 31.07.2023).

The technical specification for the security content automation protocol (SCAP) version 1.3 / D. Waltermire et al. Gaithersburg, MD : National Institute of Standards and Technology, 2018. URL: https://doi. org/10.6028/nist.sp.800-126r3 (date of access: 10.09. 2023).

The cyber kill chain. www.lockheedmartin.com. URL: https:// www.lockheedmartin.com / en-us / capabilities/cyber/cyber-kill-chain.html (date of access: 25. 02.2023).

Yakoviv I. The base model of informational processes of management and safety criteria for cybernetic systems. Collection "Information technology and security". 2015. Vol. 3, no. 1. P. 68–74. URL: https://doi. org/10.20535/2411-1031.2015.3.1.57735 (date of access: 10.09.2023).

Davydiuk A., Yakoviv I. Criteria of cybernetic systems safety. Наука і молодь в XXI сторіччі : Збірник тез доповідей, Полтава, 1 Грудня 2016. Полтава, 2016. С. 356-357.

Давидюк А. Модель управління ризиками як артефакт процесу проєктування систем критичного призначення. XII Міжнародна науково-практична конференція молодих вчених Інформаційні технології: економіка, техніка, освіта ‘2021 : Зб. тез конф., м. Київ, 2021 р. Київ, 2021. С. 162–163.

Зубок В., Давидюк А. Використання топологічного простору для оцінювання рівня забезпечення функцій кібербезпеки в критичній інфраструктурі. Інформаційні технології та безпека матеріали XХII міжнародної науково-практичної конференції : Зб. тез доп., Київ, 2022. С. 22–30.

IMPLEMENTATION OF NEW TOOLS AND METHODS FOR INCREASING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE OBJECTS

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Language