2. Home
  3. ARCHIVE
  4. 2023
  5. VOL 45, NO 1 (2023)
  6. pp. 80-97

CONCEPTUAL PROVISIONS FOR INSURING CYBERSECURITY OF THE ENERGY INDUSTRY OF UKRAINE

M.M. Khydyntsev

Èlektron. model. 2023, 45(1):80-97

https://doi.org/10.15407/emodel.45.01.080

ABSTRACT

The spheres of cybersecurity (ensuring cybersecurity), as well as the functioning and protection of critical infrastructure and its objects in Ukraine, are defined by the Cybersecurity Strategy of Ukraine (2016), the laws of Ukraine "On the Basic Principles of Cybersecurity of Ukraine" (2017) and "About Critical Infrastructure" (2021). The formation and implementation of state policy in the mentioned spheres, and planning and execution of related measures by cybersecurity entities and critical infrastructure facilities take place at the regulatory, organizational, and technical levels. The work is devoted to the analysis of the state of regulatory provision of information security, cybersecurity, cyber protection, the creation and functioning of the national system of critical infrastructure in Ukraine, the practice of applying the provisions of the relevant regulatory and administrative documents by the subjects of cybersecurity, as well as the development of the main conceptual provisions of cybersecurity, which systematize the use of forces (means) and the implementation of security measures at the regulatory, organizational and technical levels, in energy (fuel and energy) sector of the state’s critical infrastructure for 3 years and determining the principles of forming priority approaches and measures to increase the level of cybersecurity of the energy industry.

KEYWORDS

cybersecurity, critical infrastructure, energy sector, conceptual provisions, organizational and technical model.

REFERENCES

  1. President of Ukraine (2016), “Cybersecurity strategy of Ukraine”, Decree 15.03.2016 no. 96/2016, available at: https://www.president.gov.ua/documents/962016-19836 (accessed September 13, 2022).
  2. Verkhovna Rada of Ukraine (2017), “About the main principles of ensuring cyber security of Ukraine”, Low of Ukraine 10.2017 no. 2163-VIII, available at: https://zakon.rada. gov.ua/laws/show/2163-19#Text (accessed September 13, 2022]).
  3. Verkhovna Rada of Ukraine (2021), “About critical infrastructure”, Low of Ukraine 11.2021 no. 1882-IX., available at: https://zakon.rada.gov.ua/laws/show/1882-20#Text (accessed September 13, 2022).
  4. Cabinet of Ministers of Ukraine (2020), “Some issues of critical infrastructure facilities”, Decree 09.10.2020 no. 1109, available at: https://zakon.rada.gov.ua/laws/show/1109-2020-%D0%BF#Text (accessed September 13, 2022).
  5. Cabinet of Ministers of Ukraine (2020), “Some issues of objects of critical information infrastructure”, Decree 09.10.2020 no. 943, available at: https://zakon.rada.gov.ua/laws/ show/943-2020-%D0%BF#Text (accessed September 13, 2022).
  6. Administration of State Service of Special Communication and Information Protection of Ukraine (2021), “Methodological recommendations for increasing the level of cyber protection of critical information infrastructure”, Order 11.2021 no. 601, available at: https://cip.gov.ua/ua/news/nakaz-ad-2021-10-06-601 (accessed September 13, 2022).
  7. Cabinet of Ministers of Ukraine (2019), “On the approval of General requirements for cyber protection of critical infrastructure objects”, Decree 06.2019 no. 518, available at: https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF#Text (accessed September 13, 2022).
  8. Cabinet of Ministers of Ukraine (2021), “On the approval of the Regulation on the organizational and technical model of cyber protection”, Decree 12.2021 no. 1426, available at: https://zakon.rada.gov.ua/laws/show/1426-2021-%D0%BF#Text (accessed September 13, 2022).
  9. President of Ukraine (2021), “Cybersecurity strategy of Ukraine”, Decree 26.08.2021 no. 447/20, available at: https://www.president.gov.ua/documents/4472021-40013 (accessed September 13, 2022).
  10. europa.eu (2017), “EECSP Report: Cyber Security in the Energy Sector”, available at: https://ec.europa.eu/energy/sites/ener/files/documents/eecsp_report_final.pdf (accessed September 13, 2022).
  11. Cabinet of Ministers of Ukraine (2017), “On the approval of the Energy Strategy of Ukraine for the period until 2035 “Safety, energy efficiency, competitiveness”, Order 18.08.2017 no. 605-р, available at: https://zakon.rada.gov.ua/laws/show/605-2017-%D1%80#Text (accessed September 13, 2022).
  12. Blueprint Energy Solutions GmbH (2019), Final Report: Study on cyber security in the energy sector of the Energy Community, fvailable at: https://enc-author-prd.batmen.at/ dam/jcr:db8e479d-b423-40c9-9ff9-998c7d9045ef/Blueprint_cyber_122019.pdf (accessed: February 11, 2023).
  13. Zharikova, A. (2022), “The number of cyber attacks on energy infrastructure has increased by a third since the beginning of the war – the Ministry of Energy” (November, 21), available at: https://www.epravda.com.ua/news/2022/11/21/694084/ (accessed: February 11, 2023).
  14. IPME (2022), “Cybersecurity and sustainability of energy sector facilities in society and the state in normal, critical and emergency circumstances”, Energy Crisis & Cybersecurity, H2020 Electron International Event, Baku, Azerbaijan, 05-07.12.2022, available at: https://electron-project.eu/blog/cybersecurity-and-sustainability-of-energy-sector-facilities-in-society-and-the-state-in-normal-critical-and-emergency-circumstances/# (accessed: February 11, 2023).
  15. Evensen, D., Sovacool, B., Dalton, N., Glebova, K. (2022), “Energy Security, Climate Change, and the Future of Ukraine Reconstruction”, Boston University, Institute for Global Sustainability, Boston, MA, USA Available at: https://www.bu.edu/igs/2022/10/20/energy-security-climate-change-and-the-future-of-ukraine-reconstruction/. (Accessed: February 11, 2023).
  16. Safarov, F., Vladimrov, Ye., Bracco, S., Kharkovina, O., Dzyadek, D. (2022), “Cybersecurity in the energy sector: what are the challenges facing the critical infrastructure of Ukraine? Energy Security Forum Post-war recovery of the energy sector of Ukraine” (November, 21-25), available at: https://iclub.energy/energysecurityforum2022#!/tab/ 505198962-1 (accessed: February 11, 2023).
  17. Ministry of Energy of Ukraine (2022), “Cybersecurity requirements of the fuel and energy sector of critical infrastructure”, Order 12.2022 no. 417, available at: https://ips.ligazakon.net/document/MN026435 (accessed Fefruary 13, 2023).
  18. President of Ukraine (2023), “Regarding the state of implementation of the decisions of the National Security and Defense Council of Ukraine on energy security and urgent measures to ensure the operation of the national economy during the autumn-winter period of 2022/23 in the conditions of a special period”, Decree 01.2023 no. 18/2023, available at: https://www.president.gov.ua/documents/182023-45581 (accessed September 13, 2022).
  19. Potii, O.V., Semenchenko, A.I., Dubov, D.V., Bakalynsky, O.O., Myalkovsky, D.V. (2021), “Conceptual principles of implementation the organizational and technical model of cyber defence of Ukraine”, Zakhyst Informatsii, Vol. 23, no. 1, pp. 47-60. DOI: https://doi.org/ 10.18372/2410-7840.23.15434 available at: https://jrnl.nau.edu.ua/index.php/ZI/article/ view/15434 (accessed: February 11, 2023).
  20. Boyarchuk, R., Khudyntsev, M., Lebid O., Trofymchuk, O. (2021), “Organizational and Technical Model of National Cybersecurity and Cyber Protection”, CPITS’2021, CEUR Workshop Proceedings, Vol. 2923, pp. 37–46.
  21. Cabinet of Ministers of Ukraine (2022), “The Ministry of Energy is working on the creation of an industry operational center for cybersecurity”, available at: http://mpe.kmu.gov.ua/ minugol/control /publish/article?art_id=245542980 (accessed: February 11, 2023).
  22. Khudyntsev, M., Zhylin, A., Davydiuk, A. (2021), Svitovi indeksy kiberbezpeky: oglyad ta metodyky formuvannya (Global`ny zvit / Katalog) [World Cyber Security Indices: A Review and Formation Methods (Global Report / Catalog)], International Cybersecurity University, E. Pukhov Institute for Modelling in Energy Engineering, Kyiv, Ukraine, ISBN 978-966-136-887-2.
  23. President of USA (2013), “Presidential Policy Directive - Critical Infrastructure Security and Resilience: President of the USA, PPD-21”, The White House Office of the Press Secretary, Washington, USA, available at: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil (accessed: February 11, 2023).
  24. Sukhodolia, O., Kharazishvili, Yu., Bobro, D., Smenkovs`ky, A., Ryabtsev, G., Zavgorodnya, S. (2020), Energetychna bezpeka Ukrainy: metodologiya systemnogo analizu ta strategichnogo planuvannya [Energy security of Ukraine: methodology of system analysis and strategic planning], National Institute of Strategic Studies, Kyiv, Ukraine.
    https://doi.org/10.15407/economyukr.2020.06.020
  25. Sukhodolia, O., Ryabtsev, G., Kharazishvili, Yu., Bobro, D., Zavgorodnya, S. (2022), Vyz­nachennya rivnya ta otsinyuvannya zagros energetychniy bezpetsi [Determination of the level and estimation of energy security threats], National Institute of Strategic Studies, Kyiv,
  26. Sukhodolia, O., Pavlenko, O., Antonenko, A., Nitsovych, R., Yevtushok, S. (2022), Otsinka stiykosti energetychnoyi infrastruktury Ukrayiny [Assessment of the sustainability of the energy infrastructure of Ukraine], Diksi Grup NGO, Kyiv, Ukraine.
  27. Hulak, H., Skiter, I., Hulak, Y. (2021), “Methodological principles of the creation and functioning of the cyber security center of the information infrastructure of nuclear energy facilities”, Electronic professional scientific edition Kiberbezpeka: osvita, nauka, tekhnika, Vol. 4(12), pp. 172-186. doi: 10.28925/2663-4023.2021.12.172186.
  28. IPME (2021), Kiberbezpeka energetyky, Naukovo-praktychna konferentsiya Instytutu problem modelyuvannya v energetytsi imeni G.Ye. Pukhova Natsional`noyi akademiyi nauk Ukrainy, 28 travnya 2021 roku [Energy cyber security, Scientific and practical conference of the G.E. Pukhov Institute for Modelling in Energy Engineering], Kyiv, May 28, 2021.
  29. IPME (2022), Kiberbezpeka energetyky, Naukovo-praktychna konferentsiya Instytutu problem modelyuvannya v energetytsi imeni G.Ye. Pukhova Natsional`noyi akademiyi nauk Ukrainy, 27 travnya 2022 roku [Energy cyber security, Scientific and practical conference of the G.E. Pukhov Institute for Modelling in Energy Engineering], Kyiv, May 27, 2022.
  30. Gregory, T., Johansmeyer, (2017), “PCS Strategy and Development (Verisk Analytics), PCS global cyber TM: An overview of our global loss index suite”, available at: https://www.verisk.com/siteassets/media/pcs/pcs-global-cyber-index.pdf (accessed: February 11, 2023).
  31. BitSight Technology LTD (2022), “Policy Rewiew Board : How BitSight Calculates Security Ratings”, available at: https://www.bitsight.com/sites/default/files/2022-02/How%20 BitSight%20Calculates%20Security%20Ratings.pdf (accessed: February 13, 2023).
  32. Tyas Tunggal, A. (2022), “What are Security Ratings?”, UpGuard, Inc., available at: https://www.upguard.com/blog/what-are-security-ratings (accessed: February 13, 2023).

Full text: PDF