6 research outputs found
SYNERGY OF BUILDING CYBERSECURITY SYSTEMS
Get PDFThe development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies.
The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter.
The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter.
The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account.
In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed.
ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print)
------------------------------------------------------------------------------------------------------------------
How to Cite: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: Π Π‘ Π’ΠΠ‘HNOLOGY Π‘ΠNTΠR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2
------------------------------------------------------------------------------------------------------------------
Indexing:
Π ΠΎΠ·Π²ΠΈΡΠΎΠΊ ΡΡΡΠ°ΡΠ½ΠΎΡ ΡΠ²ΡΡΠΎΠ²ΠΎΡ ΡΠΏΡΠ»ΡΠ½ΠΎΡΠΈ ΡΡΡΠ½ΠΎ ΠΏΠΎΠ²βΡΠ·Π°Π½ΠΈΠΉ Π· Π΄ΠΎΡΡΠ³Π½Π΅Π½Π½ΡΠΌΠΈ Π² ΠΎΠ±Π»Π°ΡΡΡ ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
ΡΠ΅ΡΡΡΡΡΠ² Ρ ΠΊΡΠ±Π΅ΡΠΏΡΠΎΡΡΠΎΡΡ. Π€ΠΎΡΠΌΡΠ²Π°Π½Π½Ρ ΡΠ° ΡΠΎΠ·ΡΠΈΡΠ΅Π½Π½Ρ Π°ΡΠΎΡΡΠΈΠΌΠ΅Π½ΡΡ ΠΏΠΎΡΠ»ΡΠ³ Π±Π°Π·ΡΡΡΡΡΡ Π½Π° Π΄ΠΎΡΡΠ³Π½Π΅Π½Π½ΡΡ
Π»ΡΠ΄ΡΡΠ²Π° Ρ Π³Π°Π»ΡΠ·Ρ Π²ΠΈΡΠΎΠΊΠΈΡ
ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΡΠΉ. ΠΠ΄Π½Π°ΠΊ ΡΡΡΡΠΌΠΊΠ΅ Π·ΡΠΎΡΡΠ°Π½Π½Ρ ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
ΡΠ΅ΡΡΡΡΡΠ², ΠΏΠΎΡΠ²Π° ΠΏΠΎΠ²Π½ΠΎΠΌΠ°ΡΡΡΠ°Π±Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏβΡΡΠ΅ΡΠ° ΠΏΠΎΡΠΈΠ»ΡΡ Π²ΠΈΠΌΠΎΠ³ΠΈ Π΄ΠΎ ΡΠΈΡΡΠ΅ΠΌ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ Π½Π΅ ΡΡΠ»ΡΠΊΠΈ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎ-ΠΊΠΎΠΌΡΠ½ΡΠΊΠ°ΡΡΠΉΠ½ΠΈΡ
, Π°Π»Π΅ Ρ Π΄ΠΎ ΠΊΡΠ±Π΅ΡΡΡΠ·ΠΈΡΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ Ρ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΡΠΉ.
Π£ ΠΏΠ΅ΡΡΠΎΠΌΡ ΡΠΎΠ·Π΄ΡΠ»Ρ ΠΎΠ±Π³ΠΎΠ²ΠΎΡΡΡΡΡΡΡ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡΠ½Ρ ΠΎΡΠ½ΠΎΠ²ΠΈ ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΡΠΈΡΡΠ΅ΠΌ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ Π΄Π»Ρ ΠΎΠ±'ΡΠΊΡΡΠ² ΠΊΡΠΈΡΠΈΡΠ½ΠΎΡ ΡΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Ρ ΠΌΠΎΠ΄Π΅Π»ΡΠ²Π°Π½Π½Ρ ΠΏΡΠΎΡΠ΅ΡΡΠ² ΠΏΠΎΠ²Π΅Π΄ΡΠ½ΠΊΠΈ Π°Π½ΡΠ°Π³ΠΎΠ½ΡΡΡΠΈΡΠ½ΠΈΡ
Π°Π³Π΅Π½ΡΡΠ² Ρ ΡΠΈΡΡΠ΅ΠΌ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ.
Π£ Π΄ΡΡΠ³ΠΎΠΌΡ ΡΠΎΠ·Π΄ΡΠ»Ρ ΠΏΡΠΎΠΏΠΎΠ½ΡΡΡΡΡΡ ΠΊΠΎΠ½ΡΠ΅ΠΏΡΡΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎΡ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ Π² ΡΠΎΡΡΠ°Π»ΡΠ½ΠΈΡ
ΠΌΠ΅ΡΠ΅ΠΆΠ°Ρ
, ΡΠΊΠ° Π·Π°ΡΠ½ΠΎΠ²Π°Π½Π° Π½Π° ΠΌΠ°ΡΠ΅ΠΌΠ°ΡΠΈΡΠ½ΠΈΡ
ΠΌΠΎΠ΄Π΅Π»ΡΡ
Π·Π°Ρ
ΠΈΡΡΡ Π΄Π°Π½ΠΈΡ
, Π· ΡΡΠ°Ρ
ΡΠ²Π°Π½Π½ΡΠΌ Π²ΠΏΠ»ΠΈΠ²Ρ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΠΈΡ
ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΡΠ² ΡΠΎΡΡΠ°Π»ΡΠ½ΠΎΡ ΠΌΠ΅ΡΠ΅ΠΆΡ ΡΠ° Π½Π°ΡΠ»ΡΠ΄ΠΊΡΠ² Π΄Π»Ρ Π½Π΅Ρ.
ΠΡΠ°Ρ
ΠΎΠ²ΡΡΡΡΡΡ Π½Π΅Π»ΡΠ½ΡΠΉΠ½Ρ Π²Π·Π°ΡΠΌΠΎΠ·Π²'ΡΠ·ΠΊΠΈ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΡΠ² ΡΠΈΡΡΠ΅ΠΌΠΈ Π·Π°Ρ
ΠΈΡΡΡ, Π°ΡΠ°ΠΊ, ΡΠΎΡΡΠ°Π»ΡΠ½ΠΈΡ
ΠΌΠ΅ΡΠ΅ΠΆ, Π° ΡΠ°ΠΊΠΎΠΆ Π²ΠΏΠ»ΠΈΠ² ΡΠ½Π΄ΠΈΠ²ΡΠ΄ΡΠ°Π»ΡΠ½ΠΈΡ
Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΡΡΠΈΠΊ ΠΊΠΎΡΠΈΡΡΡΠ²Π°ΡΡΠ² Ρ Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΡ Π²Π·Π°ΡΠΌΠΎΠ²ΡΠ΄Π½ΠΎΡΠΈΠ½ ΠΌΡΠΆ Π½ΠΈΠΌΠΈ.
Π£ ΡΡΠ΅ΡΡΠΎΠΌΡ ΡΠΎΠ·Π΄ΡΠ»Ρ ΡΠΎΠ·Π³Π»ΡΠ΄Π°ΡΡΡΡΡ ΠΏΡΠ°ΠΊΡΠΈΡΠ½Ρ Π°ΡΠΏΠ΅ΠΊΡΠΈ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡ ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΠΏΠΎΡΡΠΊΠ²Π°Π½ΡΠΎΠ²ΠΈΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΡΠ² Π΄Π»Ρ Π°ΡΠΈΠΌΠ΅ΡΡΠΈΡΠ½ΠΈΡ
ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌ ΠΠ°ΠΊ-ΠΠ»ΡΡΠ° ΡΠ° ΠΡΠ΄Π΅ΡΡΠ΅ΠΉΡΠ΅ΡΠ° Π½Π° Π°Π»Π³Π΅Π±ΡΠ°ΡΡΠ½ΠΈΡ
ΠΊΠΎΠ΄Π°Ρ
(Π΅Π»ΡΠΏΡΠΈΡΠ½ΠΈΡ
ΡΠ° ΠΌΠΎΠ΄ΠΈΡΡΠΊΠΎΠ²Π°Π½ΠΈΡ
Π΅Π»ΡΠΏΡΠΈΡΠ½ΠΈΡ
ΠΊΠΎΠ΄Π°Ρ
), ΡΡ
ΠΌΠ°ΡΠ΅ΠΌΠ°ΡΠΈΡΠ½Ρ ΠΌΠΎΠ΄Π΅Π»Ρ ΡΠ° ΠΏΡΠ°ΠΊΡΠΈΡΠ½Ρ Π°Π»Π³ΠΎΡΠΈΡΠΌΠΈ. ΠΠ°ΠΏΡΠΎΠΏΠΎΠ½ΠΎΠ²Π°Π½ΠΎ Π³ΡΠ±ΡΠΈΠ΄Π½Ρ ΠΊΠΎΠ½ΡΡΡΡΠΊΡΡΡ ΠΊΡΠΈΠΏΡΠΎΠΊΠΎΠ΄Ρ ΠΠ°ΠΊ-ΠΠ»ΡΡΠ° ΡΠ° ΠΡΠ΄Π΅ΡΡΠ΅ΠΉΡΠ΅ΡΠ° Π½Π° Π΄Π΅ΡΠ΅ΠΊΡΠ½ΠΈΡ
ΠΊΠΎΠ΄Π°Ρ
. ΠΠΎΠ½ΠΈ Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡΡΡ ΡΡΡΠΎΡΠ½ΠΎ Π·Π½ΠΈΠ·ΠΈΡΠΈ Π΅Π½Π΅ΡΠ³Π΅ΡΠΈΡΠ½Ρ Π²ΠΈΡΡΠ°ΡΠΈ Π½Π° ΡΠ΅Π°Π»ΡΠ·Π°ΡΡΡ, Π·Π°Π±Π΅Π·ΠΏΠ΅ΡΡΡΡΠΈ ΠΏΡΠΈ ΡΡΠΎΠΌΡ Π½Π΅ΠΎΠ±Ρ
ΡΠ΄Π½ΠΈΠΉ ΡΡΠ²Π΅Π½Ρ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΡΠ½ΠΎΡ ΡΡΡΠΉΠΊΠΎΡΡΡ ΡΠΈΡΡΠ΅ΠΌΠΈ Π² ΡΡΠ»ΠΎΠΌΡ. ΠΠ°ΠΏΡΠΎΠΏΠΎΠ½ΠΎΠ²Π°Π½ΠΎ ΠΊΠΎΠ½ΡΠ΅ΠΏΡΡΡ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ ΠΊΠΎΡΠΏΠΎΡΠ°ΡΠΈΠ²Π½ΠΈΡ
ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΈΡ
ΡΠ° ΠΎΡΠ²ΡΡΠ½ΡΡ
ΡΠΈΡΡΠ΅ΠΌ, ΡΠΊΡ Π·Π°ΡΠ½ΠΎΠ²Π°Π½Ρ Π½Π° ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²Ρ Π°Π΄Π°ΠΏΡΠΈΠ²Π½ΠΎΡ ΡΠΈΡΡΠ΅ΠΌΠΈ Π·Π°Ρ
ΠΈΡΡΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΡ.
ISBN 978-617-7319-31-2 (on-line)ISBN 978-617-7319-32-9 (print)
------------------------------------------------------------------------------------------------------------------
Π―ΠΊ ΡΠΈΡΡΠ²Π°ΡΠΈ: Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O., Korol, O., Milevskyi, S. et. al.; Yevseiev, S., Ponomarenko, V., Laptiev, O., Milov, O. (Eds.) (2021). Synergy of building cybersecurity systems. Kharkiv: Π Π‘ Π’ΠΠ‘HNOLOGY Π‘ΠNTΠR, 188. doi: http://doi.org/10.15587/978-617-7319-31-2
------------------------------------------------------------------------------------------------------------------
ΠΠ½Π΄Π΅ΠΊΡΠ°ΡΡΡ:
 
The concept of building security of the network with elements of the semiotic approach
Get PDFThe object of research: First, to identify and discuss the security problems of cyber-physical systems associated with the emergence of qualitatively new technologies and qualitatively new affordable artificial intelligence software. Secondly, building the concept of the security structure of a cyber-physical system based on the Zero Trust Security approach. Creation of a new secure load transfer structure based on the semiotic approach.
Investigated problem: Information system security problems continue to cause significant costs and damage to organizations. Sustainability requires comprehensive and integrated security platforms that reach customers, whether they work at headquarters, in a branch office, or individually from random touchpoints.
The main scientific results: the concept of a structured protection system with the Zero Trust Security approach has been developed. The structure of the semiotic analysis of the segmentation of the transmitted load on the blocks is proposed. Blocks by signs are subjected to individual analysis. According to the features, the blocks are transformed by the selected representation into an object/groups of objects. Groups for transmission in the load are tagged, have different coding severity (depth), depending on the risk assessment. Groups are transmitted through the network in different ways (paths) β VPN (different ESP), unencrypted tunnel, open access, etc.
This solution improves the throughput of malicious load analysis prior to transmission. The performance overhead for encoding/decoding the load and encapsulating/de-encapsulating during transmission is reduced. The transmission bandwidth is increased.
The area of practical use of the research results: businesses requiring secure access to on-premise resources and mission-critical cloud environments. Organizations using employees in distributed networks. Specialists in the deployment and analysis of the protection of cyber-physical systems.
Innovative technological product: The semiotic security concept extends the zero-trust security model, which focuses on protecting network traffic within and between organizations. This concept uses load traffic segmentation, which combines an advanced analysis and transfer load transformation framework.
This concept provides for integration with other cybersecurity technologies such as endpoint discovery and response (EDR) and security information and event management (SIEM) to provide a more comprehensive security solution.
This solution improves the throughput of malicious load analysis prior to transmission. Reduced performance resources for encode/decode load and encapsulate/deencapsulate in transit.
Scope of the innovative technological product: this concept can be applied to enterprises that already have some elements of zero trust in their corporate infrastructure, but cannot strictly control the state of the requested assets, are limited in implementing security policies for certain classes of users. This deployment model can also be applied to enterprises that use cloud services for individual business processes.
It can be useful for researchers and administrators in the development of corporate cybersecurity plans, which uses the concepts of zero-trust and covers relationships between components, workflow planning, and access policies
Π ΠΎΠ·ΡΠΎΠ±ΠΊΠ° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡΠ½ΠΈΡ ΠΎΡΠ½ΠΎΠ² ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΠΎΡΡ Π·Π°Π³ΡΠΎΠ· ΠΊΡΠ±Π΅ΡΡΡΠ·ΠΈΡΠ½ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ
No full textThe emergence of a full-scale quantum computer questions the stability of almost all symmetric and asymmetric cryptography algorithms. At the same time, the rapid growth of computing resources of IT and βGβ technologies contributes to an increase in attacks on information and communication (ICS) and cyberphysical systems (CPS). These systems are the core of modern critical cybernetic information systems (CCIS). In such conditions, the primary task of maintaining the required level of security is the classification of modern threats that are integrated with social engineering methods and acquire signs of synergy and hybridity. The paper proposes a synergistic model of threats to ICS/CPS, which takes into account the focus of threats on synergy and hybridity, and the combined impact of security components: information security (IS), cybersecurity (CS), security of information (SI). This approach allows developing methodological foundations for building a unified classifier of threats to cyberphysical systems, forming sets of critical threats, critical points in the ICS/CPS infrastructure elements, based on minimal computing, human and economic costs. The developed methodology for determining the category of an attacker allows systematizing an attacker and, based on the analysis of weighting factors, forming a matrix of correspondence between the capabilities of attackers of various categories and technical means of information security (TMIS). These actions significantly reduce the risk of an attack by certain categories of attackers and allow for planning in the formation of both the IS policy and the corresponding protection profiles.Π ΡΡΠ»ΠΎΠ²ΠΈΡΡ
ΠΏΠΎΡΠ²Π»Π΅Π½ΠΈΡ ΠΏΠΎΠ»Π½ΠΎΠΌΠ°ΡΡΡΠ°Π±Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΡΡΠ°Π²ΠΈΡΡΡ ΠΏΠΎΠ΄ ΡΠΎΠΌΠ½Π΅Π½ΠΈΠ΅ ΡΡΠΎΠΉΠΊΠΎΡΡΡ ΠΏΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈ Π²ΡΠ΅Ρ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΠΉ ΠΈ Π½Π΅ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΠΈ. ΠΡΠΈ ΡΡΠΎΠΌ Π±ΡΡΠ½ΡΠΉ ΡΠΎΡΡ Π²ΡΡΠΈΡΠ»ΠΈΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅ΡΡΡΡΠΎΠ² ΠΠ’ ΠΈ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΠΈΠΉ βGβ ΡΠΏΠΎΡΠΎΠ±ΡΡΠ²ΡΠ΅Ρ ΡΠ²Π΅Π»ΠΈΡΠ΅Π½ΠΈΡ ΡΠΎΡΡΠ° Π°ΡΠ°ΠΊ Π½Π° ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎ-ΠΊΠΎΠΌΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΠΎΠ½Π½ΡΠ΅ (ICS) ΠΈ ΠΊΠΈΠ±Π΅ΡΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ (CPS). ΠΡΠΈ ΡΠΈΡΡΠ΅ΠΌΡ ΡΠ²Π»ΡΡΡΡΡ ΡΠ΄ΡΠΎΠΌ ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎ-ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΊΠΈΠ±Π΅ΡΠ½Π΅ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ (CCIS). Π ΡΠ°ΠΊΠΈΡ
ΡΡΠ»ΠΎΠ²ΠΈΡΡ
ΠΏΠ΅ΡΠ²ΠΎΠΎΡΠ΅ΡΠ΅Π΄Π½ΠΎΠΉ Π·Π°Π΄Π°ΡΠ΅ΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠ°Π½ΠΈΡ ΡΡΠ΅Π±ΡΠ΅ΠΌΠΎΠ³ΠΎ ΡΡΠΎΠ²Π½Ρ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΠ²Π»ΡΠ΅ΡΡΡ ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
ΡΠ³ΡΠΎΠ·, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΡΡΡΡΡ Ρ ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ ΡΠΎΡΠΈΠ°Π»ΡΠ½ΠΎΠΉ ΠΈΠ½ΠΆΠ΅Π½Π΅ΡΠΈΠΈ, ΠΈ ΠΏΡΠΈΠΎΠ±ΡΠ΅ΡΠ°ΡΡ ΠΏΡΠΈΠ·Π½Π°ΠΊΠΈ ΡΠΈΠ½Π΅ΡΠ³ΠΈΠΈ ΠΈ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΠΈ. Π ΡΠ°Π±ΠΎΡΠ΅ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ ΡΠΈΠ½Π΅ΡΠ³Π΅ΡΠΈΡΠ΅ΡΠΊΠ°Ρ ΠΌΠΎΠ΄Π΅Π»Ρ ΡΠ³ΡΠΎΠ· Π½Π° ICS/CPS, ΠΊΠΎΡΠΎΡΠ°Ρ ΡΡΠΈΡΡΠ²Π°Π΅Ρ Π½Π°ΠΏΡΠ°Π²Π»Π΅Π½Π½ΠΎΡΡΡ ΡΠ³ΡΠΎΠ· Π½Π° ΡΠΈΠ½Π΅ΡΠ³ΠΈΡ ΠΈ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΡ, ΠΈ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ΅ Π²ΠΎΠ·Π΄Π΅ΠΉΡΡΠ²ΠΈΠ΅ ΡΠΎΡΡΠ°Π²Π»ΡΡΡΠΈΡ
Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ: ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΡΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ (ΠΠ), ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ (ΠΠ), Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ (ΠΠ). Π’Π°ΠΊΠΎΠΉ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠ°ΡΡ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΠΎΡΠ½ΠΎΠ²Ρ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΡΠ½ΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ° ΡΠ³ΡΠΎΠ· ΠΊΠΈΠ±Π΅ΡΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠΈΡΡ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΠΌΠ½ΠΎΠΆΠ΅ΡΡΠ² ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠ³ΡΠΎΠ·, ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠΎΡΠ΅ΠΊ Π² ΡΠ»Π΅ΠΌΠ΅Π½ΡΠ°Ρ
ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΡ ICS/CPS, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»ΡΠ½ΡΡ
Π²ΡΡΠΈΡΠ»ΠΈΡΠ΅Π»ΡΠ½ΡΡ
, Π»ΡΠ΄ΡΠΊΠΈΡ
ΠΈ ΡΠΊΠΎΠ½ΠΎΠΌΠΈΡΠ΅ΡΠΊΠΈΡ
Π·Π°ΡΡΠ°Ρ. Π Π°Π·ΡΠ°Π±ΠΎΡΠ°Π½Π½Π°Ρ ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠ° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ° ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΡΠΈΡΡΠ΅ΠΌΠ°ΡΠΈΠ·ΠΈΡΠΎΠ²Π°ΡΡ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ° ΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π°Π½Π°Π»ΠΈΠ·Π° Π²Π΅ΡΠΎΠ²ΡΡ
ΠΊΠΎΡΡΡΠΈΡΠΈΠ΅Π½ΡΠΎΠ² ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°ΡΡ ΠΌΠ°ΡΡΠΈΡΡ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΠΈΡ ΠΌΠ΅ΠΆΠ΄Ρ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠΎΠ² ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΠΉ ΠΈ ΡΠ΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΡΡΠ΅Π΄ΡΡΠ²Π°ΠΌΠΈ Π·Π°ΡΠΈΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ (Π’Π‘ΠΠ). ΠΡΠΈ Π΄Π΅ΠΉΡΡΠ²ΠΈΡ ΡΡΡΠ΅ΡΡΠ²Π΅Π½Π½ΠΎ ΡΠ½ΠΈΠΆΠ°ΡΡ ΡΡΠΎΠ²Π΅Π½Ρ ΡΠΈΡΠΊΠ° ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π°ΡΠ°ΠΊΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΡΠΌΠΈ ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΡΠΌΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠΎΠ² ΠΈ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠΈΡΡ ΠΏΠ»Π°Π½ΠΎΠ²ΠΎΡΡΡ Π² ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΠΈ ΠΊΠ°ΠΊ ΠΏΠΎΠ»ΠΈΡΠΈΠΊΠΈ ΠΠ, ΡΠ°ΠΊ ΠΈ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΡΡΠΈΡ
ΠΏΡΠΎΡΠΈΠ»Π΅ΠΉ Π·Π°ΡΠΈΡΡΠ ΡΠΌΠΎΠ²Π°Ρ
ΠΏΠΎΡΠ²ΠΈ ΠΏΠΎΠ²Π½ΠΎΠΌΠ°ΡΡΡΠ°Π±Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏ'ΡΡΠ΅ΡΠ° ΡΡΠ°Π²ΠΈΡΡΡΡ ΠΏΡΠ΄ ΡΡΠΌΠ½ΡΠ² ΡΡΡΠΉΠΊΡΡΡΡ ΠΏΡΠ°ΠΊΡΠΈΡΠ½ΠΎ Π²ΡΡΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΡΠ² ΡΠΈΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΡ Ρ Π½Π΅ΡΠΈΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΡ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΡ. ΠΡΠΈ ΡΡΠΎΠΌΡ Π±ΡΡΡ
Π»ΠΈΠ²Π΅ Π·ΡΠΎΡΡΠ°Π½Π½Ρ ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
ΡΠ΅ΡΡΡΡΡΠ² ΠΠ’ Ρ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΡΠΉ "G" ΡΠΏΡΠΈΡΡ Π·Π±ΡΠ»ΡΡΠ΅Π½Π½Ρ Π·ΡΠΎΡΡΠ°Π½Π½Ρ Π°ΡΠ°ΠΊ Π½Π° ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎ-ΠΊΠΎΠΌΡΠ½ΡΠΊΠ°ΡΡΠΉΠ½Ρ (ICS) Ρ ΠΊΡΠ±Π΅ΡΡΡΠ·ΡΡΠ½Ρ ΡΠΈΡΡΠ΅ΠΌΠΈ (CPS). Π¦Ρ ΡΠΈΡΡΠ΅ΠΌΠΈ Ρ ΡΠ΄ΡΠΎΠΌ ΡΡΡΠ°ΡΠ½ΠΈΡ
ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎ-ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
ΠΊΡΠ±Π΅ΡΠ½Π΅ΡΠΈΡΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ (CCIS). Π ΡΠ°ΠΊΠΈΡ
ΡΠΌΠΎΠ²Π°Ρ
ΠΏΠ΅ΡΡΠΎΡΠ΅ΡΠ³ΠΎΠ²ΠΈΠΌ Π·Π°Π²Π΄Π°Π½Π½ΡΠΌ ΠΏΡΠ΄ΡΡΠΈΠΌΠΊΠΈ Π½Π΅ΠΎΠ±Ρ
ΡΠ΄Π½ΠΎΠ³ΠΎ ΡΡΠ²Π½Ρ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ Ρ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΡΡ ΡΡΡΠ°ΡΠ½ΠΈΡ
Π·Π°Π³ΡΠΎΠ·, ΡΠΊΡ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΡΡΡΡΡ Π· ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ ΡΠΎΡΡΠ°Π»ΡΠ½ΠΎΡ ΡΠ½ΠΆΠ΅Π½Π΅ΡΡΡ Ρ Π½Π°Π±ΡΠ²Π°ΡΡΡ ΠΎΠ·Π½Π°ΠΊ ΡΠΈΠ½Π΅ΡΠ³ΡΡ Ρ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΠΈ. Π£ ΡΠΎΠ±ΠΎΡΡ ΠΏΡΠΎΠΏΠΎΠ½ΡΡΡΡΡΡ ΡΠΈΠ½Π΅ΡΠ³Π΅ΡΠΈΡΠ½Π° ΠΌΠΎΠ΄Π΅Π»Ρ Π·Π°Π³ΡΠΎΠ· Π½Π° ICS/CPS, ΡΠΊΠ° Π²ΡΠ°Ρ
ΠΎΠ²ΡΡ ΡΠΏΡΡΠΌΠΎΠ²Π°Π½ΡΡΡΡ Π·Π°Π³ΡΠΎΠ· Π½Π° ΡΠΈΠ½Π΅ΡΠ³ΡΡ Ρ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΡ, Ρ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΡΡΠΎΠ²Π°Π½ΠΈΠΉ Π²ΠΏΠ»ΠΈΠ² ΡΠΊΠ»Π°Π΄ΠΎΠ²ΠΈΡ
Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ: ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½Ρ Π±Π΅Π·ΠΏΠ΅ΠΊΡ (ΠΠ), ΠΊΡΠ±Π΅ΡΠ±Π΅Π·ΠΏΠ΅ΠΊΡ (ΠΠ), Π±Π΅Π·ΠΏΠ΅ΠΊΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΡ (ΠΠ). Π’Π°ΠΊΠΈΠΉ ΠΏΡΠ΄Ρ
ΡΠ΄ Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡ ΡΠΎΠ·ΡΠΎΠ±ΠΈΡΠΈ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡΠ½Ρ ΠΎΡΠ½ΠΎΠ²ΠΈ ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΡΠ½ΡΡΡΠΊΠΎΠ²Π°Π½ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΠΎΡΠ° Π·Π°Π³ΡΠΎΠ· ΠΊΡΠ±Π΅ΡΡΡΠ·ΠΈΡΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ, Π·Π°Π±Π΅Π·ΠΏΠ΅ΡΠΈΡΠΈ ΡΠΎΡΠΌΡΠ²Π°Π½Π½Ρ ΠΌΠ½ΠΎΠΆΠΈΠ½ ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
Π·Π°Π³ΡΠΎΠ·, ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
ΡΠΎΡΠΎΠΊ Π² Π΅Π»Π΅ΠΌΠ΅Π½ΡΠ°Ρ
ΡΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠΈ ICS/CPS, Π½Π° ΠΎΡΠ½ΠΎΠ²Ρ ΠΌΡΠ½ΡΠΌΠ°Π»ΡΠ½ΠΈΡ
ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
, Π»ΡΠ΄ΡΡΠΊΠΈΡ
Ρ Π΅ΠΊΠΎΠ½ΠΎΠΌΡΡΠ½ΠΈΡ
Π²ΠΈΡΡΠ°Ρ. Π ΠΎΠ·ΡΠΎΠ±Π»Π΅Π½Π° ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠ° Π²ΠΈΠ·Π½Π°ΡΠ΅Π½Π½Ρ ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΡ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΠ° Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡ ΡΠΈΡΡΠ΅ΠΌΠ°ΡΠΈΠ·ΡΠ²Π°ΡΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΠ° Ρ Π½Π° ΠΎΡΠ½ΠΎΠ²Ρ Π°Π½Π°Π»ΡΠ·Ρ Π²Π°Π³ΠΎΠ²ΠΈΡ
ΠΊΠΎΠ΅ΡΡΡΡΡΠ½ΡΡΠ² ΡΡΠΎΡΠΌΡΠ²Π°ΡΠΈ ΠΌΠ°ΡΡΠΈΡΡ Π²ΡΠ΄ΠΏΠΎΠ²ΡΠ΄Π½ΠΎΡΡΡ ΠΌΡΠΆ ΠΌΠΎΠΆΠ»ΠΈΠ²ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΡΠ² ΡΡΠ·Π½ΠΈΡ
ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΠΉ Ρ ΡΠ΅Ρ
Π½ΡΡΠ½ΠΈΠΌΠΈ Π·Π°ΡΠΎΠ±Π°ΠΌΠΈ Π·Π°Ρ
ΠΈΡΡΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΡ (Π’Π‘ΠΠ). Π¦Ρ Π΄ΡΡ ΡΡΡΠΎΡΠ½ΠΎ Π·Π½ΠΈΠΆΡΡΡΡ ΡΡΠ²Π΅Π½Ρ ΡΠΈΠ·ΠΈΠΊΡ ΡΠ΅Π°Π»ΡΠ·Π°ΡΡΡ Π°ΡΠ°ΠΊΠΈ ΠΏΠ΅Π²Π½ΠΈΠΌΠΈ ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΡΠ² Ρ Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡΡ Π·Π°Π±Π΅Π·ΠΏΠ΅ΡΠΈΡΠΈ ΠΏΠ»Π°Π½ΠΎΠ²ΡΡΡΡ Ρ ΡΠΎΡΠΌΡΠ²Π°Π½Π½Ρ ΡΠΊ ΠΏΠΎΠ»ΡΡΠΈΠΊΠΈ ΠΠ, ΡΠ°ΠΊ Ρ Π²ΡΠ΄ΠΏΠΎΠ²ΡΠ΄Π½ΠΈΡ
ΠΏΡΠΎΡΡΠ»ΡΠ² Π·Π°Ρ
ΠΈΡΡ
Π ΠΎΠ·ΡΠΎΠ±ΠΊΠ° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡΠ½ΠΈΡ ΠΎΡΠ½ΠΎΠ² ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΠΎΡΡ Π·Π°Π³ΡΠΎΠ· ΠΊΡΠ±Π΅ΡΡΡΠ·ΠΈΡΠ½ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ
No full textThe emergence of a full-scale quantum computer questions the stability of almost all symmetric and asymmetric cryptography algorithms. At the same time, the rapid growth of computing resources of IT and βGβ technologies contributes to an increase in attacks on information and communication (ICS) and cyberphysical systems (CPS). These systems are the core of modern critical cybernetic information systems (CCIS). In such conditions, the primary task of maintaining the required level of security is the classification of modern threats that are integrated with social engineering methods and acquire signs of synergy and hybridity. The paper proposes a synergistic model of threats to ICS/CPS, which takes into account the focus of threats on synergy and hybridity, and the combined impact of security components: information security (IS), cybersecurity (CS), security of information (SI). This approach allows developing methodological foundations for building a unified classifier of threats to cyberphysical systems, forming sets of critical threats, critical points in the ICS/CPS infrastructure elements, based on minimal computing, human and economic costs. The developed methodology for determining the category of an attacker allows systematizing an attacker and, based on the analysis of weighting factors, forming a matrix of correspondence between the capabilities of attackers of various categories and technical means of information security (TMIS). These actions significantly reduce the risk of an attack by certain categories of attackers and allow for planning in the formation of both the IS policy and the corresponding protection profiles.Π ΡΡΠ»ΠΎΠ²ΠΈΡΡ
ΠΏΠΎΡΠ²Π»Π΅Π½ΠΈΡ ΠΏΠΎΠ»Π½ΠΎΠΌΠ°ΡΡΡΠ°Π±Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΡΡΠ°Π²ΠΈΡΡΡ ΠΏΠΎΠ΄ ΡΠΎΠΌΠ½Π΅Π½ΠΈΠ΅ ΡΡΠΎΠΉΠΊΠΎΡΡΡ ΠΏΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈ Π²ΡΠ΅Ρ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΠΉ ΠΈ Π½Π΅ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΠΈ. ΠΡΠΈ ΡΡΠΎΠΌ Π±ΡΡΠ½ΡΠΉ ΡΠΎΡΡ Π²ΡΡΠΈΡΠ»ΠΈΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅ΡΡΡΡΠΎΠ² ΠΠ’ ΠΈ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΠΈΠΉ βGβ ΡΠΏΠΎΡΠΎΠ±ΡΡΠ²ΡΠ΅Ρ ΡΠ²Π΅Π»ΠΈΡΠ΅Π½ΠΈΡ ΡΠΎΡΡΠ° Π°ΡΠ°ΠΊ Π½Π° ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎ-ΠΊΠΎΠΌΠΌΡΠ½ΠΈΠΊΠ°ΡΠΈΠΎΠ½Π½ΡΠ΅ (ICS) ΠΈ ΠΊΠΈΠ±Π΅ΡΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ (CPS). ΠΡΠΈ ΡΠΈΡΡΠ΅ΠΌΡ ΡΠ²Π»ΡΡΡΡΡ ΡΠ΄ΡΠΎΠΌ ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎ-ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΊΠΈΠ±Π΅ΡΠ½Π΅ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ (CCIS). Π ΡΠ°ΠΊΠΈΡ
ΡΡΠ»ΠΎΠ²ΠΈΡΡ
ΠΏΠ΅ΡΠ²ΠΎΠΎΡΠ΅ΡΠ΅Π΄Π½ΠΎΠΉ Π·Π°Π΄Π°ΡΠ΅ΠΉ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠ°Π½ΠΈΡ ΡΡΠ΅Π±ΡΠ΅ΠΌΠΎΠ³ΠΎ ΡΡΠΎΠ²Π½Ρ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΠ²Π»ΡΠ΅ΡΡΡ ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
ΡΠ³ΡΠΎΠ·, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΡΡΡΡΡ Ρ ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ ΡΠΎΡΠΈΠ°Π»ΡΠ½ΠΎΠΉ ΠΈΠ½ΠΆΠ΅Π½Π΅ΡΠΈΠΈ, ΠΈ ΠΏΡΠΈΠΎΠ±ΡΠ΅ΡΠ°ΡΡ ΠΏΡΠΈΠ·Π½Π°ΠΊΠΈ ΡΠΈΠ½Π΅ΡΠ³ΠΈΠΈ ΠΈ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΠΈ. Π ΡΠ°Π±ΠΎΡΠ΅ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ ΡΠΈΠ½Π΅ΡΠ³Π΅ΡΠΈΡΠ΅ΡΠΊΠ°Ρ ΠΌΠΎΠ΄Π΅Π»Ρ ΡΠ³ΡΠΎΠ· Π½Π° ICS/CPS, ΠΊΠΎΡΠΎΡΠ°Ρ ΡΡΠΈΡΡΠ²Π°Π΅Ρ Π½Π°ΠΏΡΠ°Π²Π»Π΅Π½Π½ΠΎΡΡΡ ΡΠ³ΡΠΎΠ· Π½Π° ΡΠΈΠ½Π΅ΡΠ³ΠΈΡ ΠΈ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΡ, ΠΈ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ΅ Π²ΠΎΠ·Π΄Π΅ΠΉΡΡΠ²ΠΈΠ΅ ΡΠΎΡΡΠ°Π²Π»ΡΡΡΠΈΡ
Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ: ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΡΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ (ΠΠ), ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ (ΠΠ), Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ (ΠΠ). Π’Π°ΠΊΠΎΠΉ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠ°ΡΡ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΠΎΡΠ½ΠΎΠ²Ρ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΡΠ½ΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΠ° ΡΠ³ΡΠΎΠ· ΠΊΠΈΠ±Π΅ΡΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠΈΡΡ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΠΌΠ½ΠΎΠΆΠ΅ΡΡΠ² ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠ³ΡΠΎΠ·, ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΡΠΎΡΠ΅ΠΊ Π² ΡΠ»Π΅ΠΌΠ΅Π½ΡΠ°Ρ
ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΡ ICS/CPS, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ ΠΌΠΈΠ½ΠΈΠΌΠ°Π»ΡΠ½ΡΡ
Π²ΡΡΠΈΡΠ»ΠΈΡΠ΅Π»ΡΠ½ΡΡ
, Π»ΡΠ΄ΡΠΊΠΈΡ
ΠΈ ΡΠΊΠΎΠ½ΠΎΠΌΠΈΡΠ΅ΡΠΊΠΈΡ
Π·Π°ΡΡΠ°Ρ. Π Π°Π·ΡΠ°Π±ΠΎΡΠ°Π½Π½Π°Ρ ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠ° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ° ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΡΠΈΡΡΠ΅ΠΌΠ°ΡΠΈΠ·ΠΈΡΠΎΠ²Π°ΡΡ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ° ΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π°Π½Π°Π»ΠΈΠ·Π° Π²Π΅ΡΠΎΠ²ΡΡ
ΠΊΠΎΡΡΡΠΈΡΠΈΠ΅Π½ΡΠΎΠ² ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°ΡΡ ΠΌΠ°ΡΡΠΈΡΡ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΠΈΡ ΠΌΠ΅ΠΆΠ΄Ρ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠΎΠ² ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΠΉ ΠΈ ΡΠ΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΡΡΠ΅Π΄ΡΡΠ²Π°ΠΌΠΈ Π·Π°ΡΠΈΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ (Π’Π‘ΠΠ). ΠΡΠΈ Π΄Π΅ΠΉΡΡΠ²ΠΈΡ ΡΡΡΠ΅ΡΡΠ²Π΅Π½Π½ΠΎ ΡΠ½ΠΈΠΆΠ°ΡΡ ΡΡΠΎΠ²Π΅Π½Ρ ΡΠΈΡΠΊΠ° ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π°ΡΠ°ΠΊΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΡΠΌΠΈ ΠΊΠ°ΡΠ΅Π³ΠΎΡΠΈΡΠΌΠΈ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠΎΠ² ΠΈ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠΈΡΡ ΠΏΠ»Π°Π½ΠΎΠ²ΠΎΡΡΡ Π² ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΠΈ ΠΊΠ°ΠΊ ΠΏΠΎΠ»ΠΈΡΠΈΠΊΠΈ ΠΠ, ΡΠ°ΠΊ ΠΈ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΡΡΡΠΈΡ
ΠΏΡΠΎΡΠΈΠ»Π΅ΠΉ Π·Π°ΡΠΈΡΡΠ ΡΠΌΠΎΠ²Π°Ρ
ΠΏΠΎΡΠ²ΠΈ ΠΏΠΎΠ²Π½ΠΎΠΌΠ°ΡΡΡΠ°Π±Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏ'ΡΡΠ΅ΡΠ° ΡΡΠ°Π²ΠΈΡΡΡΡ ΠΏΡΠ΄ ΡΡΠΌΠ½ΡΠ² ΡΡΡΠΉΠΊΡΡΡΡ ΠΏΡΠ°ΠΊΡΠΈΡΠ½ΠΎ Π²ΡΡΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΡΠ² ΡΠΈΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΡ Ρ Π½Π΅ΡΠΈΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΡ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΡΡ. ΠΡΠΈ ΡΡΠΎΠΌΡ Π±ΡΡΡ
Π»ΠΈΠ²Π΅ Π·ΡΠΎΡΡΠ°Π½Π½Ρ ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
ΡΠ΅ΡΡΡΡΡΠ² ΠΠ’ Ρ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΡΠΉ "G" ΡΠΏΡΠΈΡΡ Π·Π±ΡΠ»ΡΡΠ΅Π½Π½Ρ Π·ΡΠΎΡΡΠ°Π½Π½Ρ Π°ΡΠ°ΠΊ Π½Π° ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎ-ΠΊΠΎΠΌΡΠ½ΡΠΊΠ°ΡΡΠΉΠ½Ρ (ICS) Ρ ΠΊΡΠ±Π΅ΡΡΡΠ·ΡΡΠ½Ρ ΡΠΈΡΡΠ΅ΠΌΠΈ (CPS). Π¦Ρ ΡΠΈΡΡΠ΅ΠΌΠΈ Ρ ΡΠ΄ΡΠΎΠΌ ΡΡΡΠ°ΡΠ½ΠΈΡ
ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½ΠΎ-ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
ΠΊΡΠ±Π΅ΡΠ½Π΅ΡΠΈΡΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ (CCIS). Π ΡΠ°ΠΊΠΈΡ
ΡΠΌΠΎΠ²Π°Ρ
ΠΏΠ΅ΡΡΠΎΡΠ΅ΡΠ³ΠΎΠ²ΠΈΠΌ Π·Π°Π²Π΄Π°Π½Π½ΡΠΌ ΠΏΡΠ΄ΡΡΠΈΠΌΠΊΠΈ Π½Π΅ΠΎΠ±Ρ
ΡΠ΄Π½ΠΎΠ³ΠΎ ΡΡΠ²Π½Ρ Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ Ρ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΡΡ ΡΡΡΠ°ΡΠ½ΠΈΡ
Π·Π°Π³ΡΠΎΠ·, ΡΠΊΡ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΠΈΡΡΡΡΡΡ Π· ΠΌΠ΅ΡΠΎΠ΄Π°ΠΌΠΈ ΡΠΎΡΡΠ°Π»ΡΠ½ΠΎΡ ΡΠ½ΠΆΠ΅Π½Π΅ΡΡΡ Ρ Π½Π°Π±ΡΠ²Π°ΡΡΡ ΠΎΠ·Π½Π°ΠΊ ΡΠΈΠ½Π΅ΡΠ³ΡΡ Ρ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΠΈ. Π£ ΡΠΎΠ±ΠΎΡΡ ΠΏΡΠΎΠΏΠΎΠ½ΡΡΡΡΡΡ ΡΠΈΠ½Π΅ΡΠ³Π΅ΡΠΈΡΠ½Π° ΠΌΠΎΠ΄Π΅Π»Ρ Π·Π°Π³ΡΠΎΠ· Π½Π° ICS/CPS, ΡΠΊΠ° Π²ΡΠ°Ρ
ΠΎΠ²ΡΡ ΡΠΏΡΡΠΌΠΎΠ²Π°Π½ΡΡΡΡ Π·Π°Π³ΡΠΎΠ· Π½Π° ΡΠΈΠ½Π΅ΡΠ³ΡΡ Ρ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΡΡΡ, Ρ ΠΊΠΎΠΌΠΏΠ»Π΅ΠΊΡΡΡΠΎΠ²Π°Π½ΠΈΠΉ Π²ΠΏΠ»ΠΈΠ² ΡΠΊΠ»Π°Π΄ΠΎΠ²ΠΈΡ
Π±Π΅Π·ΠΏΠ΅ΠΊΠΈ: ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΠΉΠ½Ρ Π±Π΅Π·ΠΏΠ΅ΠΊΡ (ΠΠ), ΠΊΡΠ±Π΅ΡΠ±Π΅Π·ΠΏΠ΅ΠΊΡ (ΠΠ), Π±Π΅Π·ΠΏΠ΅ΠΊΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΡ (ΠΠ). Π’Π°ΠΊΠΈΠΉ ΠΏΡΠ΄Ρ
ΡΠ΄ Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡ ΡΠΎΠ·ΡΠΎΠ±ΠΈΡΠΈ ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ»ΠΎΠ³ΡΡΠ½Ρ ΠΎΡΠ½ΠΎΠ²ΠΈ ΠΏΠΎΠ±ΡΠ΄ΠΎΠ²ΠΈ ΡΠ½ΡΡΡΠΊΠΎΠ²Π°Π½ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΠΈΡΡΠΊΠ°ΡΠΎΡΠ° Π·Π°Π³ΡΠΎΠ· ΠΊΡΠ±Π΅ΡΡΡΠ·ΠΈΡΠ½ΠΈΡ
ΡΠΈΡΡΠ΅ΠΌ, Π·Π°Π±Π΅Π·ΠΏΠ΅ΡΠΈΡΠΈ ΡΠΎΡΠΌΡΠ²Π°Π½Π½Ρ ΠΌΠ½ΠΎΠΆΠΈΠ½ ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
Π·Π°Π³ΡΠΎΠ·, ΠΊΡΠΈΡΠΈΡΠ½ΠΈΡ
ΡΠΎΡΠΎΠΊ Π² Π΅Π»Π΅ΠΌΠ΅Π½ΡΠ°Ρ
ΡΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠΈ ICS/CPS, Π½Π° ΠΎΡΠ½ΠΎΠ²Ρ ΠΌΡΠ½ΡΠΌΠ°Π»ΡΠ½ΠΈΡ
ΠΎΠ±ΡΠΈΡΠ»ΡΠ²Π°Π»ΡΠ½ΠΈΡ
, Π»ΡΠ΄ΡΡΠΊΠΈΡ
Ρ Π΅ΠΊΠΎΠ½ΠΎΠΌΡΡΠ½ΠΈΡ
Π²ΠΈΡΡΠ°Ρ. Π ΠΎΠ·ΡΠΎΠ±Π»Π΅Π½Π° ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠ° Π²ΠΈΠ·Π½Π°ΡΠ΅Π½Π½Ρ ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΡ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΠ° Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡ ΡΠΈΡΡΠ΅ΠΌΠ°ΡΠΈΠ·ΡΠ²Π°ΡΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΠ° Ρ Π½Π° ΠΎΡΠ½ΠΎΠ²Ρ Π°Π½Π°Π»ΡΠ·Ρ Π²Π°Π³ΠΎΠ²ΠΈΡ
ΠΊΠΎΠ΅ΡΡΡΡΡΠ½ΡΡΠ² ΡΡΠΎΡΠΌΡΠ²Π°ΡΠΈ ΠΌΠ°ΡΡΠΈΡΡ Π²ΡΠ΄ΠΏΠΎΠ²ΡΠ΄Π½ΠΎΡΡΡ ΠΌΡΠΆ ΠΌΠΎΠΆΠ»ΠΈΠ²ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΡΠ² ΡΡΠ·Π½ΠΈΡ
ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΠΉ Ρ ΡΠ΅Ρ
Π½ΡΡΠ½ΠΈΠΌΠΈ Π·Π°ΡΠΎΠ±Π°ΠΌΠΈ Π·Π°Ρ
ΠΈΡΡΡ ΡΠ½ΡΠΎΡΠΌΠ°ΡΡΡ (Π’Π‘ΠΠ). Π¦Ρ Π΄ΡΡ ΡΡΡΠΎΡΠ½ΠΎ Π·Π½ΠΈΠΆΡΡΡΡ ΡΡΠ²Π΅Π½Ρ ΡΠΈΠ·ΠΈΠΊΡ ΡΠ΅Π°Π»ΡΠ·Π°ΡΡΡ Π°ΡΠ°ΠΊΠΈ ΠΏΠ΅Π²Π½ΠΈΠΌΠΈ ΠΊΠ°ΡΠ΅Π³ΠΎΡΡΡΠΌΠΈ Π·Π»ΠΎΠ²ΠΌΠΈΡΠ½ΠΈΠΊΡΠ² Ρ Π΄ΠΎΠ·Π²ΠΎΠ»ΡΡΡ Π·Π°Π±Π΅Π·ΠΏΠ΅ΡΠΈΡΠΈ ΠΏΠ»Π°Π½ΠΎΠ²ΡΡΡΡ Ρ ΡΠΎΡΠΌΡΠ²Π°Π½Π½Ρ ΡΠΊ ΠΏΠΎΠ»ΡΡΠΈΠΊΠΈ ΠΠ, ΡΠ°ΠΊ Ρ Π²ΡΠ΄ΠΏΠΎΠ²ΡΠ΄Π½ΠΈΡ
ΠΏΡΠΎΡΡΠ»ΡΠ² Π·Π°Ρ
ΠΈΡΡ
SYNERGY OF BUILDING CYBERSECURITY SYSTEMS
Full text linkThe development of the modern world community is closely related to advances in computing resources and cyberspace. The formation and expansion of the range of services is based on the achievements of mankind in the field of high technologies. However, the rapid growth of computing resources, the emergence of a full-scale quantum computer tightens the requirements for security systems not only for information and communication systems, but also for cyber-physical systems and technologies.
The methodological foundations of building security systems for critical infrastructure facilities based on modeling the processes of behavior of antagonistic agents in security systems are discussed in the first chapter.
The concept of information security in social networks, based on mathematical models of data protection, taking into account the influence of specific parameters of the social network, the effects on the network are proposed in second chapter.
The nonlinear relationships of the parameters of the defense system, attacks, social networks, as well as the influence of individual characteristics of users and the nature of the relationships between them, takes into account.
In the third section, practical aspects of the methodology for constructing post-quantum algorithms for asymmetric McEliece and Niederreiter cryptosystems on algebraic codes (elliptic and modified elliptic codes), their mathematical models and practical algorithms are considered. Hybrid crypto-code constructions of McEliece and Niederreiter on defective codes are proposed. They can significantly reduce the energy costs for implementation, while ensuring the required level of cryptographic strength of the system as a whole. The concept of security of corporate information and educational systems based on the construction of an adaptive information security system is proposed
