Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects

Mokhor, Volodymyr; Honchar, S.F.; Onyskova, Alla

doi:10.1109/picst51311.2020.9467957

Cited by 5 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They identify a broad set of attack vectors and attack scenarios that threaten the security of power networks for which they propose to employ a defensively in-depth strategy that includes measures for device and application security, network security, physical security, and ultimately policies, procedures, and information sharing. The common basis for these analyses is the implementation of risk analysis as indicated by V. Mokhor from Pukhov Institute for Modelling in Energy Engineering [ 11 , 12 ], respectively, in the article “Intelligent System for Risk Identification of Cybersecurity Violations in Energy Facility”. Both articles are connected by the detailed concept of complex cyber security risks of information systems of critical infrastructure objects, in the form of a vector risk model, including similarly developed options for calculating the overall risk, based on the structural decision of an autonomous computer system for calculating the cyber security risk of such systems Using the published approaches, it is then possible to assess the risks as a whole, including the consideration of the human subjective factor in risk assessment, which is extremely important for critical infrastructure, especially in the energy sector.…”

Section: Cyber Security In Substation Automation Systemsmentioning

confidence: 99%

Security Baseline for Substation Automation Systems

Horálek

Soběslav

2023

Sensors

View full text Add to dashboard Cite

The use of information technology and the automation of control systems in the energy sector enables a more efficient transmission and distribution of electricity. However, in addition to the many benefits that the deployment of intelligent and largely autonomous systems brings, it also carries risks associated with information and cyber security breaches. Technology systems form a specific and critical communication infrastructure, in which powerful control elements integrating IoT principles and IED devices are present. It also contains intelligent access control systems such as RTU, IDE, HMI, and SCADA systems that provide communication with the data and control center on the outer perimeter. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. To establish rules, procedures, and techniques to ensure the cyber security of smart grid control systems in the energy sector, it is necessary to understand the security threats and bring appropriate measures to ensure the security of energy distribution. Given the use of a wide range of information and industrial technologies, it is difficult to protect energy distribution systems using standard constraints to protect common IT technologies and business processes. Therefore, as part of a comprehensive approach to cyber security, specifics such as legislative framework, technological constraints, international standards, specialized protocols or company processes, and many others need to be considered. Therefore, the key question is how to comprehensively protect these specialized systems and how to approach security implementation projects in this area. In this article, a basic security concept for control systems of power stations, which are part of the power transmission and distribution system, is presented based on the Smart Grid domain model with emphasis on substation intelligence, according to the Purdue model. The main contribution of the paper is the comprehensive design of mitigation measures divided into mandatory and recommended implementation based on the standards defined within the MITRE ATT&CK matrix specified, concerning the specifications of intelligent distribution substations. The proposed and industry-tested solution is mapped to meet the international security standards ISO 27001 and national legislation reflecting the requirements of NIS2. This ensures that the security requirements will be met when implementing the proposed Security Baseline.

show abstract

Section: Cyber Security In Substation Automation Systemsmentioning

confidence: 99%

Security Baseline for Substation Automation Systems

Horálek

Soběslav

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Artificial neural networks used to assess and predict of information security risks during the audit not only allows you to effectively select countermeasures to protect OBI IS, but in general to build an effective ISMS adaptable to new threats. The cost reduction was at least 15% in comparison with the methods of risk assessment in the course of information security audit, which are described in the works [29,[32][33][34].…”

Section: Computational Experimentsmentioning

confidence: 99%

International Journal of Electronics and Telecommunications

Akhmetov,

Lakhno,

Chubaievskyi

et al. 2022

View full text Add to dashboard Cite

An information security audit method (ISA) for a distributed computer network (DCN) of an informatization object (OBI) has been developed. Proposed method is based on the ISA procedures automation by using Bayesian networks (BN) and artificial neural networks (ANN) to assess the risks. It was shown that such a combination of BN and ANN makes it possible to quickly determine the actual risks for OBI information security (IS). At the same time, data from sensors of various hardware and software information security means (ISM) in the OBI DCS segments are used as the initial information. It was shown that the automation of ISA procedures based on the use of BN and ANN allows the DCN IS administrator to respond dynamically to threats in a real time manner, to promptly select effective countermeasures to protect the DCS.

show abstract

“…In the conditions of the growing energy crisis on the European continent, caused by global geopolitical processes, which concern the international security system in general and the defense capability of individual countries in particular, the issue of ensuring the stable and safe functioning of critical infrastructure objects becomes especially relevant [1][2][3][4]. The basis of the management of technological processes (TP) of production activity is the Industrial Control Systems (ICS).…”

mentioning

confidence: 99%

Recommendations for Ensuring Cyber Protection of Industrial Control Systemsof Energy Sector

Komarov¹,

Honchar²,

Onyskova³

et al. 2022

Èlektron. model.

View full text Add to dashboard Cite

One of the factors of the state's ability to ensure the security of its own resources and assets in the conditions of an international political crisis and an ongoing hybrid war is the ability to provide cyber protection of critical information infrastructure facilities, such as enterprises of the energy industry, chemical industry, industrial production, etc. Therefore, the cyber security of a critical structure consists primarily in ensuring the protection of technological processes from any unauthorized informational influences that cause incorrect execution of technological processes. On the basis of NIST (National Institute of Standards and Technology) Special Publication 800-53, basic recommendations for ensuring cyber protection of automated technological process control systems are provided.

show abstract

Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects

Cited by 5 publications

References 9 publications

Security Baseline for Substation Automation Systems

Security Baseline for Substation Automation Systems

International Journal of Electronics and Telecommunications

Recommendations for Ensuring Cyber Protection of Industrial Control Systemsof Energy Sector

Contact Info

Product

Resources

About