The resilience of critical information infrastructure topology in the cyberspace

Authors

DOI:

https://doi.org/10.46299/j.isjea.20250401.09

Keywords:

dynamic systems, critical information infrastructure, cyber resilience, topology, cyberspace, risk assessment, risk categorisation

Abstract

Modern trends in the decentralization and branching of systems that process, store, and transmit information enhance system resilience. Increasingly, technological systems and operational technologies rely on electronic communications from third-party operators and cyberspace. However, these trends introduce new cybersecurity challenges and contradictions. This article presents risk-informed approaches to designing and modernizing the topology of critical information infrastructure (CII). Such approaches involve making decisions and implementing security measures based on a thorough assessment of organizational risks. By evaluating the likelihood and impact of threats, vulnerabilities, and potential consequences, resources are prioritized to achieve a balance between security, functionality, and cost-effectiveness. The recommendations focus on practices for assessing cybersecurity risks, particularly those arising from cyberattacks targeting external (cyberspace) connections of CII. They also emphasize enhancing the protection of critical information assets from such threats. Unlike general cybersecurity measures, these recommendations specifically address risks associated with CII’s cyberspace topology, providing additional or supplementary measures to existing procedures within the information security lifecycle.

References

National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework (CSF) 2.0 (NIST Cybersecurity White Paper No. 29). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.29

On approval of methodological recommendations for the categorization of critical infrastructure facilities. (2021). State Service for Special Communications and Information Protection of Ukraine: Order No. 23. https://zakon.rada.gov.ua/rada/show/v0023519-21#Text

Stouffer, K. (2023). Guide to operational technology (OT) security (NIST Special Publication 800-82r3). https://doi.org/10.6028/nist.sp.800-82r3

Ross, R., Pillitteri, V., Graubart, R., Bodeau, D., & McQuaid, R. (2021). Developing cyber-resilient systems (NIST Special Publication 800-160 Volume 2 Revision 1). https://doi.org/10.6028/nist.sp.800-160v2r12

General provisions on the protection of information in computer systems from unauthorized access (1999). State Service of Special Communications and Information Protection of Ukraine.. ND TZI 1.1-002-99:. Approved by order No. 22, April 28, 1999.

Model regulation on the information protection service in automated systems. (2000). State Service of Special Communications and Information Protection of Ukraine. ND TZI 1.4-001-2000. Approved by order No. 53, December 4, 2000.

The procedure for selecting measures to protect information, the protection requirement of which is established by law and not classified, for information systems (2021). State Service of Special Communications and Information Protection of Ukraine. ND TZI 3.6-006-2021: Approved by order No. 570, July 3, 2024.

On the basic principles of ensuring cybersecurity of Ukraine, Law of Ukraine № 2163-VIII (2024). https://zakon.rada.gov.ua/laws/show/2163-19#Text

Prazian, M. (2023). Resilience for better sustainability: ISO 28000: 2022 vs 2007 comparative analysis. Nuclear and Radiation Safety, 1(97), 67–70. https://doi.org/10.32918/nrs.2023.1(97).08

Derzhspozhyvstandart of Ukraine. (2022). DSTU EN IEC 31010:2022 Risk management – Risk assessment methods (EN IEC 31010:2019, IDT; IEC 31010:2019, IDT). Official edition.

Uptime Institute. (n.d.). Tier certification overview. Retrieved May 12, 2024, from https://uptimeinstitute.com/tier-certification

ISO/IEC. (2021). ISO/IEC 22237: Information technology — Data center facilities and infrastructures — Part 1: General requirements and operational performance (International Standard). International Organization for Standardization. https://www.iso.org/standard/76263.html

European Union Agency for Cybersecurity (ENISA). (n.d.). Cloud computing: Benefits, risks, and recommendations for information security. Retrieved November 11, 2024, from http://www.enisa.europa.eu/media/news-items/cloud-computing-speech

Zubok, V. Yu., and Mohor, V. V. (2022). Cybersecurity of INTERNET topology (1st ed.). Kyiv: IPME im. G.E. Pukhov. https://doi.org/10.5281/zenodo.6795229

Zubok, V 2023 IOP Conf. Ser.: Earth Environ. Sci. 1254 012039ю https://iopscience.iop.org/article/10.1088/1755-1315/1254/1/012039

Downloads

Published

2025-02-01

How to Cite

Dubynskyi, G., & Zubok, V. (2025). The resilience of critical information infrastructure topology in the cyberspace. International Science Journal of Engineering & Agriculture, 4(1), 103–110. https://doi.org/10.46299/j.isjea.20250401.09

Issue

Vol. 4 No. 1 (2025): International Science Journal of Engineering & Agriculture

Section

Information Technology

License

Copyright (c) 2025 Georgii Dubynskyi, Vitalii Zubok

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Similar Articles

<< < 2 3 4 5 6 7 8 9 10 11 > >> 

You may also start an advanced similarity search for this article.