Правові аспекти формування системи безпеки об’єктів критично важливої інформаційної інфраструктури в Україні

The emergence of the new types of crimes in the field of using electronic counting machines (computers), computer systems and networks and telecommunication networks makes the problem of protecting critically important information infrastructure relevant, and the development of information technologies and systems and the improvement of communication technologies, transfers these problems from the technical plane to the legal one.Critical information infrastructure acts as a set of territorially distributed state and corporate information systems, communication networks, switching facilities and information flow management, organizational structures and has a regulatory and legal regulation mechanism that ensures their effective functioning. A special place of critically important information infrastructure determines their key role in ensuring the normal functioning of practically all spheres of life of society and the state - political, economic, social, environmental, military and informational.The content of the security system operation for a critical information infrastructure includes the formation and management of the security system. The purpose of the security system for objects of critical information infrastructure is to ensure the proper functioning of the relevant facilities, including the cases of real threats to security system. When ensuring the security of objects of critical information infrastructure, the balance of interests of the state and society and the interests of the owners of objects must be achieved.In the article from the point of methodology of system analysis, the legal aspects of forming the security system of objects of critical information infrastructure are considered. On the basis of the analysis, the content of the security system of critical information infrastructure, the content of the security system, the necessity of elaboration of the draft law of Ukraine “On the objects of critical information infrastructure” and departmental normative acts on administrative procedures in the field of information security have been characterized.Поява нових видів злочинів у сфері використання електронно-обчислювальних машин (комп’ютерів), систем та комп’ютерних мереж і мереж електрозв’язку робить проблему захисту критично важливої інформаційної інфраструктури актуальною, а розвиток інформаційних технологій і систем та удосконалення комунікаційних технологій переносить ці проблеми з площини технічної у площину юридичну.Критично важлива інформаційна інфраструктура виступає як сукупність територіально розподілених державних і корпоративних інформаційних систем, мереж зв’язку, засобів комутації та управління інформаційними потоками, організаційних структур, має нормативно-правовий механізм регулювання, що забезпечує їх ефективне функціонування. Особливе місце критично важливої інформаційної інфраструктури зумовлює їх ключову роль в забезпеченні нормального функціонування практично всіх сфер життєдіяльності суспільства і держави – політичної, економічної, соціальної, екологічної, військової та інформаційної.Зміст функціонування системи забезпечення безпеки критично важливої інформаційної інфраструктури включає формування системи забезпечення безпеки і управління системою забезпечення безпеки. Метою системи забезпечення безпеки об’єктів критично важливої інформаційної інфраструктури є забезпечення належного функціонування відповідних об’єктів, в тому числі, в разі реалізації загроз безпеці. При забезпеченні безпеки об’єктів критично важливої інформаційної інфраструктури повинен досягатися баланс інтересів держави та суспільства і інтересів власників об’єктів.У статті з позиції методології системного аналізу розглянуто правові аспекти формування системи безпеки об’єктів критично важливої інформаційної інфраструктури. На основі аналізу охарактеризовано зміст функціонування системи забезпечення безпеки критично важливої інформаційної інфраструктури, складові системи забезпечення безпеки, необхідність розробки проекту Закону України «Про об’єкти критично важливої інформаційної інфраструктури» та відомчих нормативних актів щодо адміністративних процедур у сфері інформаційної безпеки

Fostering active network management through SMEs’practises

Managing the electricity network through ‘smart grid’ systems is a key strategy to address challenges of energy security, low carbon transitions and the replacement of ageing infrastructure networks in the UK. Small and medium enterprises (SMEs) have a significant role in shaping patterns of energy consumption. Understanding how their activities interrelate with changes in electricity systems is critical for active network management. A significant challenge for the transformation of electricity systems involves comprehending the complexity that stems from the variety of commercial activities and diversity of social and organizational practises among SMEs that interact with material infrastructures. We engage with SMEs to consider how smart grid interventions ‘fit’ into everyday operational activities. Drawing on analysis of empirical data on electricity use, smart metre data, surveys, interviews and ‘energy tours’ with SMEs to understand lighting, space heating and cooling, refrigeration and IT use, this paper argues for experimenting with the use of practise theory as a framework for bringing together technical and social aspects of energy use in SMEs. This approach reveals that material circumstances and temporal factors shape current energy demand among SMEs, with ‘connectedness’ an emergent factor

Cross-disciplinary lessons for the future internet

There are many societal concerns that emerge as a consequence of Future Internet (FI) research and development. A survey identified six key social and economic issues deemed most relevant to European FI projects. During a SESERV-organized workshop, experts in Future Internet technology engaged with social scientists (including economists), policy experts and other stakeholders in analyzing the socio-economic barriers and challenges that affect the Future Internet, and conversely, how the Future Internet will affect society, government, and business. The workshop aimed to bridge the gap between those who study and those who build the Internet. This chapter describes the socio-economic barriers seen by the community itself related to the Future Internet and suggests their resolution, as well as investigating how relevant the EU Digital Agenda is to Future Internet technologists

Desktop security as a three-dimensional problem

In this paper we argue against viewing computer desktop security solely as a technical issue. Instead, we propose a perspective that combines three related dimensions: technical infrastructure, usability and user engagement. In this light, we suggest that a viable approach to desktop security should embrace these three key dimensions of the end-user context. An example desktop application is described that has been engineered to embody these dimensions in support of the desktop user

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Limits and opportunities of risk analysis application in railway systems

Risk Analysis is a collection of methods widely used in many industrial sectors. In the transport sector it has been particularly used for air transport applications. The reasons for this wide use are well-known: risk analysis allows to approach the safety theme in a stochastic - rather than deterministic - way, it forces to break down the system in sub-components, last but not least it allows a comparison between solutions with different costs, introducing de facto an element of economic feasibility of the project alternatives in the safety field. Apart from the United Kingdom, in Europe the application of this tool in the railway sector is relatively recent. In particular Directive 2004/49/EC (the "railway safety directive") provides for compulsory risk assessment in relation to the activities of railway Infrastructure Managers (IMs) and of Railway Undertakings (RUs). Nevertheless the peculiarity of the railway system - in which human, procedural, environmental and technological components have a continuous interchange and in which human responsibilities and technological functions often overlap - induced the EC to allow wide margins of subjectivity in the interpretation of risk assessment. When enacting Commission Regulation (EC) No 352/2009 which further regulates this subject, a risk assessment is considered positive also if the IM or RU declare to take safety measures widely used in normal practice. The paper shows the results of a structured comparative analysis of the rail sector and other industrial sectors, which illustrate the difficulties, but also the opportunities, of a transfer towards the railway system of the risk analysis methods currently in use for the other systems

Social Aspects of New Technologies - the CCTV and Biometric (Framing Privacy and Data Protection) in the Case of Poland

The purpose of this paper is to review the institution responsible for the protection of personal data within the European Union and national example - Polish as a country representing the new Member States. The analysis of institutional system - providing legal security of communication and information institutions, companies and citizens against the dangers arising from the ongoing development of innovative new technologies in the European Union and Poland. This article is an attempt to analyze the possibility of using security systems and Biometry CTTV in Poland in terms of legislation. The results of the analysis indicate that, in terms of institutions Poland did not do badly in relation to the risks arising from the implementation of technology. The situation is not as good when it comes to the awareness of citizens and small businesses. This requires that facilitate greater access to free security software companies from data leakage or uncontrolled cyber-terrorist attacks. With regard to the use of security systems, CCTV and biometrics, Poland in legal terms is still early in the process of adapting to EU Directive. The continuous development of technology should force the legislature to establish clear standards and regulations for the application of CCTV technology and biometrics, as it is of great importance in ensuring the fundamental rights and freedoms of every citizen of the Polish Republic.Wyniki analizy wskazują, że pod względem instytucji Polska nie wypada źle w odniesieniu do zagrożeń wynikających z wdrożenia technologii. Sytuacja nie jest tak dobra, jeśli chodzi o świadomość obywateli i mniejszych firm. Wymaga to ułatwiania szerszego dostępu do darmowych programów zabezpieczających firmy przed wyciekiem danych lub niekontrolowanych cyber-ataków terrorystycznych. W odniesieniu do stosowania systemów zabezpieczeń CCTV oraz biometrii, Polska pod względem prawnym jest wciąż na początku procesu dostosowania do dyrektywy UE. Ciągły rozwój technologii powinien zmusić ustawodawcę do stworzenia jednoznacznych standardów i przepisów obowiązujących w zakresie stosowania technologii CCTV oraz biometrii, gdyż ma to ogromne znaczenie w zapewnieniu podstawowych praw i wolności każdego obywatela Rzeczypospolitej Polskiej