Безопасность информационных технологий (Feb 2023)
Functionality of the critical information infrastructure cybersecurity network
Abstract
The analysis of modern approaches to countering computer attacks on critical information infrastructure (CII), presented in the form of distributed information resources, shows that there is an objective need for technological development of this direction. In this aspect, the most promising solution to this problem seems to be the use of the concept of "Cybersecurity Mesh" (cybersecurity networks), introduced by Gartner without precise instructions on practical implementation and possible technological solutions. This paper presents the results of a study of functional requirements for systems implemented in accordance with the above concept, on the basis of which a new architecture of CII cybersecurity will be set in the future. The features of its application proposed by the authors of the concept are considered in detail, on the basis of which the requirements for the functional structure of possible technological requirements have been developed. It consists of four basic levels that allow you to respond flexibly to emerging integration and security challenges. These levels include: intelligent information security and analytics, distributed identity structure, consolidated policy and state management, consolidated interactive dashboard. To meet the specified functional requirements, a technological model for building a cybersecurity network is proposed in the form of an organic combination of three fairly heterogeneous technologies: 5G mobile communications, Secure Access Edge (SASE - Secure Access Service Edge) and advanced detection and response (XDR) into a consolidated cloud platform. The results of the studies of the functionality of the concept of a cybersecurity network can be considered as a methodology for ensuring the security of CII, implying a transition from building a single secure digital perimeter around all its devices or nodes to point protection of each remote access point. This publication can be useful for experts in the security forces of CII facilities, as well as to employees of educational institutions in the implementation of appropriate training, retraining and advanced training programs for such specialists.
Keywords