Assessing the resilience of critical information infrastructures  to information security threats

Andrey E. Krasnov; Alexander S. Mosolov; Nataliya A. Feoktistova

doi:10.26583/bit.2021.1.09

Безопасность информационных технологий (Jan 2021)

Assessing the resilience of critical information infrastructures to information security threats

Andrey E. Krasnov,
Alexander S. Mosolov,
Nataliya A. Feoktistova

Affiliations

Andrey E. Krasnov: Russian State Social University
Alexander S. Mosolov: D. Mendeleev University of Chemical Technology of Russia
Nataliya A. Feoktistova: Russian Academy of Education

DOI: https://doi.org/10.26583/bit.2021.1.09
Journal volume & issue: Vol. 28, no. 1
pp. 106 – 120

Abstract

Read online

This paper describes the methodology for comprehensive assessment of the vulnerability of critical information infrastructure (CII) and its critical elements at hazardous production facilities, including those of the fuel and energy production. The elements of CII at such enterprises, first of all, include automated control systems for technological processes. The smooth operation of complex technological and production processes based on critical elements depends on the normal functioning of the CII. Therefore, the assessment of vulnerabilities in the information security system, as well as the study of the security system stability at the facilities as a whole, will allow taking preventive measures against various types of threats. The following methods were used in this study. Methods of system analysis (decomposition and synthesis): when assessing the resilience of an information system as a whole, its hierarchical structure is considered using the example of a graph with possible structural connections of the components (assets) of the system. Four types of asset relationships are considered (their complete independence, weak dependence, strong dependence, feedback). Assessing the resilience of the system as a whole is based on calculating the resilience of its paired assets and information technology of recurrent recalculation when new components are connected. The method of simulation modeling, in particular, for modeling the impact of information security risks on CII in conditions of incomplete and ambiguous data on their components, logical and probabilistic methods - for assessing the impact of risks both on the components (assets) of the information system, and the system as a whole, taking into account the hierarchical relationship of these assets. The Monte Carlo method was used to assess the impact of the basic threat of "technical impact" (information security and physical protection systems) on the security risks of production facilities. The implementation of measures to assess the resilience of information systems and the security systems stability is focused on critical objects in medicine, education, industry, and public administration.

threat, risk, resilience, stability, graph, relationships, independence, weak dependence, strong dependence, feedback.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords