Cybersecurity maturity models for cybersecurity assessment in critical infrastructure

Authors

  • Mykola M. Khudyntsev Candidate of Physical and Mathematic Science, Associated Professor, Institute of Telecommunications and Global Information Space of the National Academy of Sciences of Ukraine, Kyiv, Ukraine https://orcid.org/0000-0002-9324-6901
  • Igor L. Palazhchenko Postgraduate, Institute of Telecommunications and Global Information Space of the National Academy of Sciences of Ukraine, Kyiv, Ukraine https://orcid.org/0009-0000-0491-7068

DOI:

https://doi.org/10.32347/2411-4049.2024.4.122-134

Keywords:

information security, cyber security, maturity models, indicators of cybersecurity maturity

Abstract

The paper includes a list of existing maturity models (cybersecurity maturity) and an analysis of the application of these models for assessing cybersecurity, the level, and maturity of cyber security, the maturity of systems and processes for ensuring cybersecurity in critical infrastructure sectors, in the national cybersecurity system, the development of indicators and indices of the state of security (network, information security, cybersecurity).
The paper substantiates and proposes a hierarchy of models for assessing the maturity of cyber security in the national cyber security ecosystem (in the national cyber security system, critical infrastructure, particularly the fuel and energy sector). The investigation's main goal is to intensify the implementation of existing assessment models using multi-level cyber security assessment models (cybersecurity maturity), accumulating statistical data on cyber incidents, cyber-attacks, and countermeasures for further use in predictive analysis and modeling.
The tasks of the research are the analysis, comparative analysis of existing models for evaluating the maturity of cyber security, formulation of evaluation models using indicators of cyber security and maturity of cyber security defined by existing normative documents, as well as in the construction of a hierarchy of models for evaluating cyber security in the national system of cyber security, critical infrastructure, fuel and energy sector, development of methodological bases for assessment using cyber security indices. A draft of the methodology for assessing the cyber security of electrical networks, suitable for use in critical infrastructure, has been developed.

References

Cybersecurity Strategy of Ukraine (2016). President of Ukraine. Decree of 15.03.2016 No. 96/2016. Retrieved from https://www.president.gov.ua/documents/96201619836

On the Basic Principles of Ensuring Cybersecurity of Ukraine (2017). Verkhovna Rada of Ukraine. Law of Ukraine of 05.10.2017 No. 2163VIII. Retrieved from https://zakon.rada.gov.ua/laws/show/216319#Text

On Critical Infrastructure (2021). Verkhovna Rada of Ukraine. Law of Ukraine of 16.11.2021 No. 1882IX. Retrieved from https://zakon.rada.gov.ua/laws/show/188220#Text

Some issues of critical infrastructure facilities (2020). Cabinet of Ministers of Ukraine. Resolution of 09.10.2020 No. 1109. Retrieved from https://zakon.rada.gov.ua/laws/show/11092020%D0%BF#Text

Some issues of critical information infrastructure facilities (2020). Cabinet of Ministers of Ukraine. Resolution of 09.10.2020 No. 943. Retrieved from https://zakon.rada.gov.ua/laws/show/9432020%D0%BF#Text

Methodological recommendations for increasing the level of cyber protection of critical information infrastructure (2021). Administration of the State Service for Special Communications and Information Protection of Ukraine. Order dated 06.11.2021 No. 601. Retrieved from https://cip.gov.ua/ua/news/nakazad20211006601

On Approval of General Requirements for Cybersecurity of Critical Infrastructure Facilities (2019). Cabinet of Ministers of Ukraine. Resolution dated 19.06.2019 No. 518. Retrieved from https://zakon.rada.gov.ua/laws/show/5182019%D0%BF#Text

On approval of the Regulation on the organizational and technical model of cyber defense (2021). Cabinet of Ministers of Ukraine. Resolution of 29.12.2021 No. 1426. Retrieved from https://zakon.rada.gov.ua/laws/show/14262021%D0%BF#Text

Cybersecurity Strategy of Ukraine (2021). President of Ukraine. Decree of 26.08.2021 No. 447/20. Retrieved from https://www.president.gov.ua/documents/447202140013

Zharikova, A. (November, 21, 2022). The number of cyberattacks on energy infrastructure has increased by a third since the beginning of the war – Ministry of Energy. Kyiv. Retrieved from https://www.epravda.com.ua/news/2022/11/21/694084/

Cybersecurity and Sustainability of Energy Sector Facilities in Society and the State in Normal, Critical and Emergency Circumstances (2022). IPME. Energy Crisis & Cybersecurity, H2020 Electronic International Event, Baku, Azerbaijan, 0507.12.2022. Retrieved from https://electronproject.eu/blog/cybersecurityandsustainabilityofenergysectorfacilitiesinsocietyandthestateinnormalcriticalandemergencycircumstances/#

Evensen, D., Sovakul, B., Dalton, N., Glebova, K. (2022). Energy Security, Climate Change and the Future Reconstruction of Ukraine. Institute for Global Sustainability, Boston University, Boston, Massachusetts, USA. 20 p. Retrieved from https://www.bu.edu/igs/2022/10/20/energysecurityclimatechangeandthefutureofukrainereconstruction/

Safarov, F., Vladimirov, E., Brakko, S., Kharkovyna, O., Dzyadek, D. (2022). Cybersecurity in the Energy Sector: What Challenges Face Ukraine’s Critical Infrastructure? Energy Security Forum: Postwar Reconstruction of Ukraine’s Energy Sector, 2125.11.2022, Kyiv. Retrieved from https://iclub.energy/energysecurityforum2022#!/tab/5051989621

Development of conceptual principles and scientific and methodological basis for assessing the state of cybersecurity and the level of security of information assets and resources of cybersecurity entities of Ukraine (2021). Registration card R&D 0121U112396, registration date: 29072021, Public organization "International University of Cybersecurity".

Development of a list, processing methods for publications of statistical data on cyber incidents/cyberattacks (2023). Registration card R&D 0123U102272, registration date: 19042023, Institute of Modeling Problems in Energy named after G. E. Pukhov of the National Academy of Sciences of Ukraine.

Khudyntsev, M.M. (2023). Conceptual provisions for ensuring cybersecurity of the energy sector of Ukraine. Electronic modeling, 45, 1, 8097. Retrieved from https://www.emodel.org.ua/images/em/451/4516.pdf

Khudyntsev, M., Lebid, O., Bychenok, M., Zhylin, A., Davydiuk, A. (2023). Network Monitoring Index in the Information Security Management System of Critical Information Infrastructure Objects. In: Dovgyi, S., Trofymchuk, O., Ustimenko, V., Globa, L. (eds) Information and Communication Technologies and Sustainable Development. ICT&SD 2022. Lecture Notes in Networks and Systems, vol 809. Springer, Cham. Retrieved from https://doi.org/10.1007/9783031468803_17

Khudintsev, M.M., Zhilin, A.V., Davydyuk, A.V. (2021). World Cybersecurity Indices: Overview and Formation Methods (Global Report / Catalog). Kyiv: International Cybersecurity University, Institute of Modeling Problems in Energy named after G.E. Pukhov NAS of Ukraine. ISBN 9789661368872. 240 p.

Sukhodolya, O.M., Kharazishvili, Y.M., Bobro, D.G., Smenkovsky, A.Yu., Ryabtsev, G.L., Zavgorodnya, S.P. (2020). Energy Security of Ukraine: Methodology of System Analysis and Strategic Planning: Analytical Supplement. Kyiv: NISD.

Sukhodolya, O.M. et al. (2021). Determining the level of energy security of Ukraine: analytical supplement. Kyiv: NISD.

Sukhodolya, O. et al. (2022). Assessment of the stability of the energy infrastructure of Ukraine: analytical report. Kyiv: NGO "Dixie Group".

Gulak, G.M., Skeeter, I.S., Gulak, E.G. (2021). Methodological principles for the creation and functioning of a cybersecurity center for information infrastructure of nuclear power facilities. “Cybersecurity: education, science, technology”, 4(12), 172186.

Cybersecurity of energy. (2021). In Scientific and practical conference of the Institute of Modeling Problems in Energy named after G.E. Pukhov of the National Academy of Sciences of Ukraine: invitation, program and materials, May 28, 2021. Kyiv: IPME named after G.E. Pukhov of the National Academy of Sciences of Ukraine.

Cybersecurity of energy. (2022). In Scientific and practical conference of the Institute of Modeling Problems in Energy named after G.E. Pukhov of the NASU: invitation, program and materials, May 27, 2022. Kyiv: IPME named after G.E. Pukhov of the NASU.

Concepts of implementation of "smart grids" in Ukraine to 2035 (2022). Cabinet of Ministers of Ukraine. Order of October 14, 2022 No. 908р. Retrieved from https://zakon.rada.gov.ua/laws/show/9082022%D1%80#Text

Methodological recommendations for ensuring cyber protection of automated technological process control systems (2023). Administration of the State Service for Special Communications and Information Protection of Ukraine. Order of 05/29/2023 No. 463. Retrieved from https://cip.gov.ua/ua/news/nakazadministraciyiderzhspeczvyazkuvid29052023463prozatverdzhennyametodichnikhrekomendaciishodozabezpechennyakiberzakhistuavtomatizovanikhsistemupravlinnyatekhnologichnimiprocesami

Requirements for cybersecurity of the fuel and energy sector of critical infrastructure (2022). Ministry of Energy of Ukraine. Order of 12/15/2022 No. 417. Retrieved from https://zakon.rada.gov.ua/laws/show/z024923#Text

Procedure for reviewing the state of cybersecurity of the fuel and energy sector of critical infrastructure (2023). Ministry of Energy of Ukraine. Order dated 16.01.2023. Retrieved from https://mev.gov.ua/sites/default/files/202301/%D0%9D%D0%B0%D0%BA%D0%B0%D0%B7%20%D0%9F%D0%BE%D1%80%D1%8F%D0%B4%D0%BE%D0%BA%20%281%29.pdf

Procedure for conducting a review of the state of cyber protection of critical information infrastructure, state information resources and information, the requirement for protection of which is established by law (2020). Cabinet of Ministers of Ukraine, Resolution dated 11.11.2020 No. 1176.

Downloads

Published

2024-12-26

How to Cite

Khudyntsev, M. M., & Palazhchenko, I. L. (2024). Cybersecurity maturity models for cybersecurity assessment in critical infrastructure. Environmental Safety and Natural Resources, 52(4), 122–134. https://doi.org/10.32347/2411-4049.2024.4.122-134

Issue

Section

Information technology and mathematical modeling