IMPLEMENTATION OF NEW TOOLS AND METHODS FOR INCREASING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE OBJECTS

Authors

  • Andrii Davydiuk department of security of information technologies of the National Aviation University; G.E. Pukhov IMEE NAS of Ukraine, Technical researcher NATO CCDCOE https://orcid.org/0000-0003-1238-2598

DOI:

https://doi.org/10.18372/2410-7840.25.17937

Keywords:

vulnerability management, SCAP, description of a pattern-based cyber-attack with a man-aged system behavior trajectory, risk assessment, visual analytics, anti-phishing infrastructure, knowledge and experience sharing system

Abstract

Existing methods and means of ensuring cyber security of critical information infrastructure objects, developed on the basis of international standards and best practices, are quite effective in peacetime conditions, but do not take into account the hybrid nature of war, in which new threats appear, in particular, such as physical destruction , capture by the enemy, the lack of possibility of constant monitoring and control, limitations in defense resources and available personnel, problems in the supply of recovery equipment, interruptions in information exchange processes, the need for frequent changes in operating conditions, dynamic growth in the number and quality of cyber-attacks, etc., due to which their efficiency drops significantly. In view of this, there is a need to develop new and improve existing methods and means of cyber protection in order to increase the level of cyber security of critical infrastructure. The safety of the population and the performance of combat tasks by the troops depend on ensuring the cyber security of critical information infrastructure facilities as an integral part of critical infrastructure facilities.

References

OWASP Top Ten | OWASP Foundation. OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. URL: https:// owasp.org/www-project-top-ten/ (date of access: 31. 07.2023).

Souppaya M., Scarfone K. Guide to enterprise patch management technologies. National Institute of Standards and Technology, 2013. URL: https://doi. org/10.6028/ nist.sp.800-40r3 (дата звернення: 26. 02.2023).

Palmaers T. Implementing a vulnerability management process. Egnyte. URL: https://sansorg.egnyte. com/dl/2IL7fioFhM (date of access: 31.07.2023).

The technical specification for the security content automation protocol (SCAP) version 1.3 / D. Waltermire et al. Gaithersburg, MD : National Institute of Standards and Technology, 2018. URL: https://doi. org/10.6028/nist.sp.800-126r3 (date of access: 10.09. 2023).

The cyber kill chain. www.lockheedmartin.com. URL: https:// www.lockheedmartin.com / en-us / capabilities/cyber/cyber-kill-chain.html (date of access: 25. 02.2023).

Yakoviv I. The base model of informational processes of management and safety criteria for cybernetic systems. Collection "Information technology and security". 2015. Vol. 3, no. 1. P. 68–74. URL: https://doi. org/10.20535/2411-1031.2015.3.1.57735 (date of access: 10.09.2023).

Davydiuk A., Yakoviv I. Criteria of cybernetic systems safety. Наука і молодь в XXI сторіччі : Збірник тез доповідей, Полтава, 1 Грудня 2016. Полтава, 2016. С. 356-357.

Давидюк А. Модель управління ризиками як артефакт процесу проєктування систем критичного призначення. XII Міжнародна науково-практична конференція молодих вчених Інформаційні технології: економіка, техніка, освіта ‘2021 : Зб. тез конф., м. Київ, 2021 р. Київ, 2021. С. 162–163.

Зубок В., Давидюк А. Використання топологічного простору для оцінювання рівня забезпечення функцій кібербезпеки в критичній інфраструктурі. Інформаційні технології та безпека матеріали XХII міжнародної науково-практичної конференції : Зб. тез доп., Київ, 2022. С. 22–30.

Downloads

Published

2023-10-19

How to Cite

Davydiuk, A. (2023). IMPLEMENTATION OF NEW TOOLS AND METHODS FOR INCREASING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE OBJECTS. Ukrainian Information Security Research Journal, 25(3), 122–132. https://doi.org/10.18372/2410-7840.25.17937

Issue

Vol. 25 No. 3 (2023): Ukrainian Scientific Journal of Information Security

Section

Articles

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.