MODIFICATION OF THE MODEL FOR CALCULATING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE FACILITIES

Authors

DOI:

https://doi.org/10.28925/2663-4023.2025.29.943

Keywords:

cybersecurity, critical infrastructure, critical infrastructure facilities, critical information infrastructure facilities, assessment model, system of criteria

Abstract

The growing intensity of cyber threats and cyber attacks, especially from the Russian Federation, poses an unprecedented danger to critical infrastructure and critical information infrastructure. The consequences of such incidents can be catastrophic, causing massive economic damage, social destabilization, and a direct threat to life. This increase in the number of cyberattacks requires continuous improvement of approaches to cybersecurity and an objective assessment of their level of protection. In view of this need, a model for calculating the level of cyber protection was developed. During the testing of the model, certain shortcomings were identified, in particular the inadequacy of the criteria systems and the ambiguity of the integral indicator, which limited its relevance and accuracy, especially in the context of dynamic changes in Ukrainian legislation. This led to the modification of the model by expanding the number of criteria systems and their indicators in accordance with current national regulations and the specific characteristics of each critical infrastructure sector. The key change is the expansion of the set of criteria for assessing cyber protection. A new, seventh system of criteria, “Sectoral Component” has been added to the six mandatory groups of measures (Government, Identification, Protection, Detection, Response, Recovery). This system allows for the integration of industry (sectoral) characteristics of different critical infrastructure sectors. The modified model has a hierarchical structure and presents the result in the form of a single integrated quantitative indicator, interpreted on a five-level percentage scale, consistent with international maturity models, enabling an objective assessment of the maturity level of cyber protection for critical information infrastructure facilities and the development of targeted strategies to improve it.

Downloads

Download data is not yet available.

References

State Center for Cyber Protection of the State Service for Special Communications and Information Protection of Ukraine. (2025). WAR AND CYBER: THREE YEARS OF STRUGGLE AND LESSONS FOR GLOBAL SECURITY. SSSCIP & ICE TASK FORCE. https://cip.gov.ua/services/cm/api/attachment/download?id=69131

State Center for Cyber Protection of the State Service for Special Communications and Information Protection of Ukraine. (2024). Russian Cyber Operations H2’2024. https://cip.gov.ua/services/cm/api/attachment/download?id=68768

National Security and Defense Council of Ukraine. (2024). Annual Analytical Review (October 2023 – September 2024). https://www.rnbo.gov.ua/files/2024/NATIONAL_CYBER_SCC/20250109/Year%20in%20review_UKR_upd.pdf?fbclid=IwY2xjawI-fZRleHRuA2FlbQIxMAABHcaZdkgcVIlSJ0eGnBO78x5xRCDcoBwcJ1GKrT4SAVS5reEAtY5u8ssd4w_aem_0xN1oMO3-toIy6vpuA27mA

President of Ukraine. (2021). Decree No. 447/2021 of August 26, 2021, “On the Decision of the National Security and Defense Council of Ukraine of May 14, 2021, ”On the Cybersecurity Strategy of Ukraine." https://www.president.gov.ua/documents/4472021-40013

ISO/IEC. (2022). 27001:2022. Information technology — Security techniques — Information security management systems — Requirements.

National Institute of Standards and Technology. (2024) NIST Cybersecurity Framework, version 2.0. https://www.nist.gov/cyberframework

CMMI Institute. (2023). Capability Maturity Model Integration (CMMI) for Development, Version 3.0. https://cmmiinstitute.com/cmmi

U.S. Department of Energy. (2022). Cybersecurity Capability Maturity Model (C2M2), version 2.1. https://www.energy.gov/sites/default/files/2022-06/C2M2%20Version%202.1%20June%202022.pdf

Carnegie Mellon University's Software Engineering Institute (SEI). (2012). Smart Grid Maturity Model, version 1.2. https://www.sei.cmu.edu/library/smart-grid-maturity-model-assets-collection-version-12/

Cybersecurity and Infrastructure Security Agency. (2023). CISA Cybersecurity Performance Goals. https://www.cisa.gov/sites/default/files/2023-03/CISA_CPG_REPORT_v1.0.1_FINAL.pdf

Cabinet of Ministers of Ukraine. (2019). Resolution No. 518 of June 19, 2019, “On Approval of General Requirements for Cyber Protection of Critical Infrastructure Facilities.”

Administration of the State Service for Special Communications and Information Protection of Ukraine. (2021). Order No. 601 of October 6, 2021, “On Approval of Methodological Recommendations for Improving the Level of Cyber Protection of Critical Information Infrastructure.”

Administration of the State Service for Special Communications and Information Protection of Ukraine. (2025). Order No. 54 of January 30, 2025, “On Approval of Basic Cyber Security Measures and Methodological Recommendations for the Implementation of Basic Cyber Security Measures.”

Ministry of Energy of Ukraine. (2024). Order No. 285 of 05.08.2024 “On Approval of the Methodology for Assessing the Cybersecurity Status of Electrical Networks and Cybersecurity Practices for Electrical Networks.”

Bakalynskyi, Oleksandr & Pakholchenko, Dmytro. (2022). Some issues of ensuring cyber protection of automated process control systems. https://www.researchgate.net/publication/362112446_Deaki_pitanna_zabezpecenna_kiberzahistu_avtomatizovanih_sistem_upravlinna_tehnologicnimi_procesami

Yudina, D. (2025). Model for Calculating the Level of Cyber Security of Critical Infrastructure Objects. Electronic professional scientific publication “Cybersecurity: Education, Science, Technology,” 4(28), 586–598. https://doi.org/10.28925/2663-4023.2025.28.829

National Institute of Standards and Technology. (2018) NIST Cybersecurity Framework, version 1.1. https://www.nist.gov/cyberframework

Khudyntsev, M. M., & Palazhchenko, I. L. (2024). Cybersecurity maturity models for cybersecurity assessment in critical infrastructure. Environmental Safety and Natural Resources, 52(4), 122–134. https://doi.org/10.32347/2411-4049.2024.4.122-134

Carnegie Mellon University. (2010). CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW. https://www.sei.cmu.edu/documents/4622/2010_016_102_67772.pdf

Cabinet of Ministers of Ukraine. (2021). Resolution No. 1426 of December 29, 2021, “On Approval of the Regulations on the Organizational and Technical Model of Cyber Security.”

Verkhovna Rada of Ukraine. (2025). Law of Ukraine “On Amendments to Certain Laws of Ukraine Regarding Information Protection and Cyber Protection of State Information Resources and Critical Information Infrastructure Facilities” No. 4336-IX of 27.03.2025.

Cabinet of Ministers of Ukraine. (2020). Resolution No. 1109 of October 9, 2020, “Certain Issues of Critical Infrastructure Facilities.”

Downloads


Abstract views: 19

Published

2025-09-26

How to Cite

Yudina, D. (2025). MODIFICATION OF THE MODEL FOR CALCULATING THE LEVEL OF CYBER SECURITY OF CRITICAL INFRASTRUCTURE FACILITIES. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(29), 818–836. https://doi.org/10.28925/2663-4023.2025.29.943

Issue

Vol. 1 No. 29 (2025): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2025 Діана Юдіна

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.