Abstract
The security of a subject of critical information infrastructure (CII) is one of the key issues of its life support. The current approach (legal and regulatory) regulates solutions to this issue without taking into account the influence of the violator, which can have a destructive effect on the subject of CII. This, in our opinion, leads to significant errors in the analysis of information security of the CII subject, therefore, reduces the effectiveness of declared information security tools for CII objects. The purpose of this work is to develop a model of an information security violator taking into account the parameter “potential of the violator”. At the same time, the activity of the violator is considered in the space of its implementation of destructive effects on the objects of CII. The proposed model for assessing the capabilities of the violator to implement destructive effects on the subject of critical information infrastructure is implemented in the module “categorizing the attacker” of the cognitive model “Assessment of information security of the subject of CII”. The proposed model allows us to assess the level of information security under destructive influences and to predict changes in malicious actions on CII objects in dynamics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yuill, J., et al.: Intrusion-detection for incident-response, using a military battlefield-intelligence process. Comput. Netw. 34(4), 671–697 (2000)
Dawkins, J., Campbeil, C., Hale, J.: Modeling network attacks: extending the attack tree paradigm. In: Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University (2002)
Chi, S.-D., Park, J., Jung, K.-C., Lee, J.-S.: Network security modeling and cyber attack simulation methodology. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 320–333. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-47719-5_26
Model of threats and security violators of personal data processed in mass communications of the Russian Federation. Moscow (2010). https://minsvyaz.ru/common/upload/publication/1410084of.pdf. Accessed 06 Oct 2020
Federal law “on the security of critical information infrastructure of the Russian Federation” dated 26.07.2017 N 187-FZ (latest version) (2017). https://www.consultant.ru/document/cons_doc_LAW_220885. Accessed 05 June 2020
State Technical Commission of Russia. Guidance document. Protection against unauthorized access to information. Terms and definitions. Military Publishing House, Moscow (1992)
FSS guidelines “on the development of regulatory legal acts defining threats to the security of personal data relevant to the processing of personal data in information systems of personal data used in the implementation of relevant activities” dated March 31, No. 149/7/2/6-432. Approved by the FSS (2015)
Boyarintsev, A.V., Nichikov, A.V., Redkin, V.B.: General approach to the development of models of violators. Security Systems, no. 4, pp. 50–53 (2007)
Spivak, A.I.: Evaluating the effectiveness of an attacker’s attacks in the process of building its model. Scientific and technical Bulletin of the Saint Petersburg state University of information technologies, mechanics and optics, no. 2, pp. 108–112 (2010)
Zhukov, V.G., Zhukova, M.N., Stepanov, A.P.: Model of access rights violator in an automated system. Software products and systems, no. 2, pp. 45–54 (2012)
Savchenko, S.O., Kapchuk, N.V.: Algorithm for constructing the intruder model in the information security system using game theory. Dynamics of systems, mechanisms and machines, no. 4, pp. 84–49 (2017)
Khafizov, R.M., Ahmadzade, S.A.: Development of a model of a wireless network. Innovations in science, no. 2, pp. 10–12 (2018)
Maksimova, E.A.: Study of algorithms for secure transmission of data between the objects of critical information infrastructure. In a Collection of papers of the XXIII plenary FUMO IN IB and all-Russian scientific conference “Fundamental problems of information security in the age of digital transformation” (INFOBEZOPASNOST 2019). Reports of the XXIII Plenum of the FUMO IN the IB and the all-Russian scientific conference. Editor: V. I. Petrenko, pp. 157–163 (2019)
Maksimova, E.A., Shahverdiev, A.S.: Management of operation of objects of critical information infrastructure. Management of large systems. Materials of the XVI all-Russian school-conference of young scientists, pp. 392–397 (2019)
Maximova, E.A., Baranov, V.V., Lauta, O.S.: Analysis of the model of information support of processes and systems in the implementation of multi-agent intellectual interaction. Devices and systems. Management, monitoring, diagnostics, no. 4, pp. 32–41 (2019)
Tishchenko, E.N.: Analysis of security of economic information systems. Monograph: M-vo obrazovaniya ROS. Confederations. Growth. State economy. UN-t, 191 p. (2018)
Gromov, Yu.Y., Eliseev, A.I., Minin, Yu.V., Sumin, V.I.: Reliability analysis in network information systems. Bulletin the Voronezh Institute of the Federal penitentiary service of Russia, vol. 1, pp. 33–41 (2018)
Azhmukhamedov, I.M.: Management of weakly formalized sociotechnical systems based on fuzzy cognitive modeling (on the example of integrated information security systems). Dissertation for the degree of doctor of technical Sciences, Astrakhan (2014)
Sadovnikova, N.P., Zhidkova, N.P.: Selection of territorial development strategies based on cognitive analysis and scenario modeling. In Internet-Vestnik VolgSASU, no. 7, vol. 21, pp. 4–10 (2012)
Roberts, F.S.: Discrete mathematical models with applications to social, biological and environmental problems. In TRANS. from English. Nauka, Moscow, 496 p. (1986)
“On approval of Rules for categorization of objects of critical informational infrastructure of the Russian Federation and the list of indicators of criteria of significance of the objects of critical informational infrastructure of the Russian Federation and their meanings (as amended on April 13 (2019)
Drobotun, E.B., Tsvetkov, O.V.: Building a model of information security threats in an automated system for managing critical objects based on scenarios of intruder actions//Software products and systems. Publishing house: ZAO research Institute “Center program system” (Tver), no. 3, pp. 42–50 (2016)
Acknowledgments
The reported study was funded by Russian Ministry of Science (Information security, project № 3).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Maksimova, E.A., Baranov, V.V. (2021). Predicting Destructive Malicious Impacts on the Subject of Critical Information Infrastructure. In: Singh, P.K., Veselov, G., Vyatkin, V., Pljonkin, A., Dodero, J.M., Kumar, Y. (eds) Futuristic Trends in Network and Communication Technologies. FTNCT 2020. Communications in Computer and Information Science, vol 1395. Springer, Singapore. https://doi.org/10.1007/978-981-16-1480-4_8
Download citation
DOI: https://doi.org/10.1007/978-981-16-1480-4_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-1479-8
Online ISBN: 978-981-16-1480-4
eBook Packages: Computer ScienceComputer Science (R0)