ANALYSIS OF THE CONCEPT OF CYBER RESILIENCE OF CRITICAL INFRASTRUCTURE
DOI:
https://doi.org/10.18372/2410-7840.25.18228Keywords:
cyber security, cyber resilience, critical infrastructure, information protection, cyberattack, cyberrisks, cyberthreat, cyberincidentsAbstract
Due to the increase in the number of cyber-attacks and incidents on critical infrastructure facilities, specialists face the problem of improving the effectiveness of security measures that will be able to ensure reliable and uninterrupted operation of critical infrastructure facilities as a whole. Therefore, the concepts of cyber resilience, cyber resilience management, cyber resilience provision, and cyber resilience assessment are gaining further relevance. The concept of cyber resilience, in addition to security, includes a number of tasks and processes related to information technology (e.g., backup and recovery after failures) and brand protection. Moreover, the issue of stability and continuity of services in this concept refers both to the company itself and to external contractors who provide such services. The prerequisite for the emergence of cyber resilience as a direction of corporate cyber security was the acceptance by companies of the fact that a cyber-attack is inevitable. The concept of cyber resilience also includes the ability to prepare for an attack, ensure effective operations and countermeasures during an attack, and reduce the possible consequences of an attack on a company. It is important for enterprises to assess the cyber resilience of their critical infrastructures to plan investments that enable them to provide the required level of cyber resilience. However, in order to implement the evaluation process, it is necessary to clearly understand what is behind this concept. Therefore, the analysis of the concept of cyber resilience of critical infrastructure is an urgent task. The purpose of the article is to analyse the concept of cyber resilience for critical information infrastructures. To achieve this goal, it is necessary to define a set of criteria characterizing the concept of cyber resilience. This will make it possible to formulate definitions of "cyber resilience" for its further use in solving the tasks of cyber security and information protection. The article analyses the concept of cyber resilience, which is based on the formed set of criteria consisting of 31 components. This makes it possible to formulate definitions related to cyber resilience for its further use in solving cybersecurity and information protection problems. Based on the subsequent definition of the concept of cyber resilience, it is possible, for example, to develop methods and models for assessing its level.
References
SPILNO [Electronic resource] spilno.org//Mode of access:// https: // spilno.org /article/kiberstiikist-sc¬ho-tse-yak-zabezpechyty-ta-yak-upravlyaty //(date of access: 20.12.2023).
INTRACOM-UKRAINE [Electronic resource] intracom-ukraine.com//Mode of access:// https:// www.intracom-ukraine.com/cyber-security-cyber-re-silience//(date of access: 20.12.2023).
EGA [Electronic resource] ega.ee// Mode of access://https://ega.ee/uk/publication/ncsi-pidvish-hennya-natsionalnoyi-kiberstijkosti//(date of access: 20.12.2023).
ПЛАТФОРМА ЛІГА:ЗАКОН [Electronic resource] ips.ligazakon.net//Mode of access: //https:// ips.ligazakon.net / document / TM065903 / (date of access: 20.12.2023).
Онищенко С.В., Глушко А.Д., Маслій О.А. Кібе-рстійкість як основа національної безпеки Украї-ни / Innovations and prospects of world science : Proceedings of XI International Scientific and Practical Conference, Vancouver, Canada, 22-24 June 2022. Vancouver: Perfect Publishing, 2022. С. 551-556.
ts2 [Electronic resource] ts2.space // Mode of ac-cess://https://ts2.space/uk/%D0%BA%D1%96 %D0%B1%D0%B5%D1%80%D1%81%D1%82%D1%96%D0%B9%D0%BA%D1%96%D1%81%D1%82%D1%8C//(date of access: 20.12.2023).
Мальцева І. Р., Черниш Ю. О., Овсянніков В. В. Аналіз методик оцінки кіберстійкості критичної інфраструктури. Кібербезпека: освіта, наука, тех-ніка :електронне наукове видання. 2021. N 12. С. 29-35. Режим доступу: http://ek.kubg.edu.ua/cgi-bin/irbis64r_17/cgiirbis_64.exe?LNG=&Z21ID=&I21DBN=KUBG&P21DBN=KUBG&S21STN=1&S21REF=3&S21FMT=fullwebr&C21COM=S&S21CNR=20&S21P01=0&S21P02=0&S21LOG=1&S21P03=K=&S21STR=%D0%BA%D1%96%D0%B1%D0%B5%D1%80%D1%81%D1%82%D1%96%D0%B9%D0%BA%D1%96%D1%81%D1%82%D1%8C//(date of access: 20.12.2023).
ECB [Electronic resource] ecb.europa.eu// Mode of access://https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html#:~:text=Cyber%20 resilience%20refers%20to%20the,case%20of%20a%20successful%20attack//(date of access: 20.12.2023).
NIST [Electronic resource] csrc.nist.gov//Mode of access: // https: // csrc.nist.gov / glossary/term/ cy¬ber_resiliency//(date of access: 20.12.2023).
Спеціальна публікація NIST 800-53В "NIST Cybersecurity Framework [Electronic resource] csrc.nist.gov // Mode of access: //https://csrc.nist. gov/projects/cprt/catalog#/cprt/framework/version/ SP_800_53_5_1_1 /home// (date of access: 20. 12.2023).
SPLUNK [Electronic resource] splunk.com // Mode of access:// https://www.splunk.com/en_us/blog/ learn/ cyber-resilience.html // (date of access: 20.12. 2023).
itgovernance [Electronic resource] itgovernance. co.uk //Mode of access: // https: //www.itgover-nance.co.uk/(date of access: 20.12.2023).
CISCO [Electronic resource] www.cisco.com//Mode of access: // https: // www.cisco.com / c / en / us/ solutions/hybrid-work/what-is-cyber-resilience.html // (date of access: 20.12.2023).
PNNL [Electronic resource] pnnl.gov//Mode of access://https: // www.pnnl.gov /explainer-articles/ cyber-resilience(date of access: 20.12.2023).
MIMECAST [Electronic resource] mimecast.com// Mode of access://https://www.mimecast.com/con-tent/cyber-resilience/(date of access: 20.12.2023).
SPRINGER LINK [Electronic resource] link. springer.com// Mode of access: // https:// link. spri-nger.com/chapter/10.1007/978-3-319-16486-1_31 //(date of access: 20.12.2023).
Deborah, B., Graubart, R. (2011), “Cyber Resiliency Engineering Framework”, MITRE Report, p. 37.
COHESITY [Electronic resource] cohesity.com// Mode of access:// https://www.cohesity.com/glossary/cyber-resilience//(date of access: 20.12.2023).
THALESGROUP [Electronic resource] thalesgro-up.com // Mode of access:// https://www.thalesgroup.com/en/cyber-resilience//(date of access: 20. 12.2023).
FSB [Electronic resource] fsb.org // Mode of ac-cess:// https://www.fsb.org/work-of-the-fsb/financial-innovation-and-structural-change/cyber-resilience//(date of access: 20.12.2023).
DELOITTE [Electronic resource] deloitte.com // Mode of access: // https://www.deloitte.com/ ru/ en/pages/risk/solutions/cyberresilience.html//(date of access: 20.12.2023).
ISO/IEC 27032:2012 [Electronic resource] iso.org //Mode of access:// https://www.iso.org/ru/standard/76070.html (date of access: 20.12.2023).
ENISA [Electronic resource] enisa.europa // Mode of access:// www.enisa.europa.eu (date of access: 20. 12.2023).
CyberResilienceReview [Electronic resource] cisa.gov //Mode of access:// https://www.cisa.gov/resources-tools/services / cyber-resilience-review-crr (date of access: 20.12.2023).
Шиповський В. Система показників оцінювання кіберстійкості інформаційних систем об’єктів критичної інфраструктури. Захист Інформації, Том 25, № 1, Січень-Березень 2023. С. 37-45.
Juan F. Carías, SaioaArrizabalaga, LeireLabaka and JosuneHernantes. Cyber Resilience Progression Model. Applied Scitnces. 2020. Vol.10(21), 7393.
R.S. Ross, R. Graubart, D. Bodeau, R. McQuaid, SystemsSecurityEngineering: CyberResiliencyCon-siderationsfortheEngineeringofTrustworthySecureSystems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, 2019, Vol. 2. // Mode of access://https: //doi.org/10.6028/NIST.SP.800-160v2. (date of access: 20.12.2023).
Brian West. Data Breach Preparation and Response. Breaches Are Certain, Impact Is Not. 2016, pp. 167-185. //Mode of access://https://doi.org/10.1016/ B978-0-12-803451-4.00007-1 (date of access: 20.12. 2023).
Benoît Dupont, Clifford Shearinga, Marilyne Bernier, Rutger Leukfeldt. The tensions of cyber-resilience: From sensemaking to practice. Computers & Securi-ty Volume 132, September 2023, 103372//Mode of access: // https:// doi.org/10.1016/j.cose.2023.103372 //(date of ac-cess: 20.12.2023).
Carlos Espinoza-Zelaya, Young Bai Moon. Frame-work for enhancing the operational resilience of cyber-manufacturing systems against cyber-attacks. Manufacturing Letters. Volume 35, Supplement, Au-gust 2023, pp 843-850. //Mode of access: //https: // doi.org / 10.1016/j.mfglet.2023.07.004// (date of access: 20.12.2023).
UPGUARD [Electronic resource] upguard.com// Mode of access://https://www.upguard.com/blog/ cyber-resilience//(date of access: 20.12.2023).
ZERTO [Electronic resource] zerto.com //Mode of access://https://www.zerto.com/resources/a-to-ze-rto/cyber-resilience (date of access: 20.12.2023).
DRUVA [Electronic resource] druva.com //Mode of access:// https://www.druva.com/glossary/what-is-cyber-resilience//(date of access: 20.12.2023).
TECHTARGET [Electronic resource] techtarget. com // Mode of access: // https: //www.techtarget. com/whatis / definition / cyber-resilience // (date of access: 20.12.2023).
MICROSOFT [Electronic resource] microsoft.com // Mode of access://https://www.microsoft.com/ uk-ua /security / business/ microsoft-digital-defense-report-2022-cyber-resilience (date of access: 20.12. 2023).
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
