CYBER SECURITY AS A COMPONENT OF NATIONAL SECURITY AND CYBER PROTECTION OF CRITICAL INFRASTRUCTURE OF UKRAINE

Keywords: cyber security, cyber defense, cyber attack, critical infrastructure of Ukraine, cyber risk, phishing

Abstract

The article is devoted to the analysis of features of cyber security as an important component of national security of Ukraine. Also, analyzed legislative and regulatory support of this sphere; implementation of numerous measures by the state during the fight against cyber-attacks on objects of critical infrastructure, objects of civil society. Authors investigated the activities of specialized state structures that provide cyber defense to the country in the face of Russian aggression, using current world practices, in particular NATO and EU. Revealed the features, strategies and actors of cyber-attacks on strategic objects of critical infrastructure of Ukraine, private enterprises and mass media. The international experience of combating cybercrime with the help of complex cyber risk management`s strategies is analyzed. The results of the study of the experience of Ukraine and the world in the fight against cybercrime prove that it is impossible eliminate the risks in the field of cyber security at all. However, in our opinion, the joint efforts of the world community to exchange experience, technologies, achievements of cyber security experts, mutual financial support, coordinated joint systemic response of countries to cybercrime, introduction of new world standards for cyber security and information security, national and international strategies, that responds to new cyber challenges is the key to overcoming the common challenges. The authors considered the urgency of developing a separate comprehensive state program for educational institutions, state institutions, cooperation programs with entrepreneurs, public organizations, in order to cover all categories of the population and teach basic measures of cyber security and information security. It is necessary to familiarize citizens with cyber risks during their activities in cyberspace, to inform about specialized state units that can provide qualified assistance in the event of cybercrime attacks.

References

1. Ukaz Prezydenta Ukrayiny Pro rishennya Rady natsionalʹnoyi bezpeky i oborony Ukrayiny vid 6 travnya 2015 roku Pro Stratehiyu natsionalʹnoyi bezpeky Ukrayiny : pryiniatyi 26 trav. 2015 roku N 287/2015 [Decree of the President of Ukraine on the decision of the National Security and Defense Council of May 6, 2015 on the National Security Strategy of Ukraine 26 2015, N 287/2015]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/287/2015 [in Ukrainian].
2. Ukaz Prezydenta Ukrayiny Pro rishennya Rady natsionalʹnoyi bezpeky i oborony Ukrayiny vid 27 sich. 2016 roku Pro Stratehiyu kiberbezpeky Ukrayiny : pryiniatyi 15 ber. 2016 roku N 96/2016 [Decree of the President of Ukraine on the decision of the National Security and Defense Council of March 15, 2016 on the Cybersecurity Strategy of Ukraine January 27, 2016, N 96/2016]. zakon.rada.gov.ua. Retrieved from https://zakon5.rada.gov.ua/laws/show/96/2016 [in Ukrainian].
3. Spivrobitnyky SBU vzyaly uchastʹ u zasidanni RB OON shchodo zakhystu krytychnoyi infrastruktury vid teroryzmu. 24 lyst. 2016 roku [SBU staff participated in UN Security Council meeting on critical infrastructure protection against terrorism]. November 24, 2016. (n.d.). www.ssu.gov.ua. Retrieved from https://www.ssu.gov.ua/ua/news/1/category/1/view/2335#.LqnEQ3zc.dpbs [in Ukrainian].
4. Za pershyy kvartal 2019 roku v Ukrayini zafiksovano ponad 1,5 mln kiberintsydentiv. 12 serp. 2019 roku [Over the first quarter of 2019, over 1.5 million cyber incidents have been reported in Ukraine]. September 12, 2019. (n.d.). www.unn.com.ua. Retrieved from https://www.unn.com.ua/uk/exclusive/1818458-za-pershiy-kvartal-2019-roku-v-ukrayini-zafiksovano-ponad-1-5-mln-kiberintsidentiv [in Ukrainian].
5. Zakon Ukrayiny Pro informatsiyu : pryiniatyi 2 zhovt. 1992 roku N 2657-XII [Law of Ukraine on Information from October 2, 1992, N 2657-XII]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2657-12 [in Ukrainian].
6. Zakon Ukrayiny Pro zakhyst informatsiyi v informatsiyno-telekomunikatsiynykh systemakh : pryiniatyi 5 lyp. 1994 roku N 80/94-BP [Law of Ukraine on Information Protection in Information and Telecommunication Systems from July 5, 1994, N 80/94-BP]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/80/94-%D0%B2%D1%80 [in Ukrainian].
7. Zakon Ukrayiny Pro ratyfikatsiyu Konventsiyi pro kiberzlochynnistʹ : pryiniatyi 7 ver. 2005 roku N 2824-IV [Law of Ukraine on Ratification of the Convention on Cybercrime from September 7, 2005, N 2824-IV]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2824-15 [in Ukrainian].
8. Zakon Ukrayiny Pro Derzhavnu sluzhbu spetsialʹnoho zv’yazku ta zakhystu informatsiyi : pryiniatyi 23 fev. 2006 roku N 3475-IV [Law of Ukraine on State Service for Special Communication and Information Protection from February 23, 2006 N 3475-IV] zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/3475-15 [in Ukrainian].
9. Zakon Ukrayiny Pro zakhyst personalʹnykh danykh informatsiyi : pryiniatyi 1 cherv. 2010 roku N 2297-VI [Law of Ukraine on Protection of Personal Data from June 1, 2010, N 2297-VI]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2297-17 [in Ukrainian].
10. Zakon Ukrayiny Pro dostup do publichnoyi informatsiyi : pryiniatyi 13 sich.2011 roku N 2939-VI [Law of Ukraine on Access to Public Information from January 13, 2011, N 2939-VI]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2939-17 [in Ukrainian].
11. Ukaz Prezydenta Ukrayiny Pro rishennya Rady natsionalʹnoyi bezpeky i oborony Ukrayiny vid 28 kvit. 2014 roku Pro zakhody shchodo vdoskonalennya formuvannya ta realizatsiyi derzhavnoyi polityky u sferi informatsiynoyi bezpeky Ukrayiny : pryiniatyi 1 trav. 2014 roku N 449 [Decree of the President of Ukraine on the decision of the National Security and Defense Council of April 28, 2014 on Measures to Improve the Formation and Implementation of State Policy in the Field of Information Security of Ukraine from May 1, 2014, N 449]. zakon.rada.gov.ua. Retrieved from https://zakon4.rada.gov.ua/laws/show/449/2014 [in Ukrainian].
12. Ukaz Prezydenta Ukrayiny Pro rishennya Rady natsionalʹnoyi bezpeky i oborony Ukrayiny vid 29 grud. 2016 roku Pro zahrozy kiberbezpetsi derzhavy ta nevidkladni zakhody z yikh neytralizatsiyi : pryiniatyi 13 lyut. 2017 roku N 32 [Decree of the President of Ukraine on the decision of the National Security and Defense Council of December 29, 2016 on Cyber Security Threats to the State and Urgent Measures to Eliminate Them from February 13, 2017, N 32]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/32/2017 [in Ukrainian].
13. Ukaz Prezydenta Ukrayiny Pro Natsionalʹnyy koordynatsiynyy tsentr kiberbezpeky» : pryiniatyi 7 cherv. 2016 roku N 242/2016 [Decree of the President of Ukraine on National Cybersecurity Coordination Center from June 7, 2016, N 242/2016]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/242/2016 [in Ukrainian].
14. Zakon Ukrayiny Pro osnovni zasady zabezpechennya kiberbezpeky Ukrayiny : pryiniatyi 5 zhovt. 2017 roku N 2163-VIII [Law of Ukraine on Basic Principles of Ensuring Cyber Security of Ukraine from October 5, 2017, N 2163-VIII]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2163-19 [in Ukrainian].
15. Ukaz Prezydenta Ukrayiny Pro rishennya Rady natsionalʹnoyi bezpeky i oborony Ukrayiny vid 29 grud. 2016 roku Pro Doktrynu informatsiynoyi bezpeky Ukrayiny : pryiniatyi 25 lyut. 2017 roku N 4/2017 [Decree of the President of Ukraine on the decision of the National Security and Defense Council of December 29, 2016 on the Doctrine of Information Security of Ukraine from February 25, 2017 N4/2017]. www.president.gov.ua. Retrieved from https://www.president.gov.ua/documents/472017-21374 [in Ukrainian].
16. Zakon Ukrayiny Pro natsionalʹnu bezpeku Ukrayiny : pryiniatyi 21 cherv. 2018 roku N 2469-VIII [Law of Ukraine on National Security of Ukraine from June 21, 2018, N 2469-VIII]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/2469-19 [in Ukrainian].
17. Postanova Kabinetu Ministriv Ukrayiny Pro zatverdzhennya Zahalʹnykh vymoh do kiberzakhystu obʺyektiv krytychnoyi infrastruktury : pryiniata 19 cherv. 2019 N 518 [Resolution of the Cabinet of Ministers of Ukraine on Approval of the General Requirements for Cyber Defense of Critical Infrastructure Objects from June 19, 2019 N 518]. zakon.rada.gov.ua. Retrieved from https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF [in Ukrainian].
18. Kiberugroza BlackEnergy2/3. Istoriya atak na kriticheskuyu IT infrastrukturu Ukrainy. Otdel reagirovaniya na intsidenty CyS Centrum (CyS-CERT). 6 sich. 2016 roku [Cyber threat BlackEnergy2/3. History of attacks on critical IT infrastructure in Ukraine. CyS Centrum Incident Response Team (CyS-CERT) from January 6, 2016]. (n.d.). cys-centrum.com. Retrieved from https://cys-centrum.com/ru/news/black_energy_2_3 [in Ukrainian].
19. Minenerhovuhillya maye namir utvoryty hrupu za uchastyu predstavnykiv usikh enerhetychnykh kompaniy, shcho vkhodyatʹ do sfery upravlinnya Ministerstva, dlya vyvchennya mozhlyvostey shchodo zapobihannya nesanktsionovanomu vtruchannyu v robotu enerhomerezh. Ministerstvo enerhetyky ta vuhilʹnoyi promyslovosti. 12 lyut. 2016 roky [Ministry of Energy and Coal intends to form a group with the participation of representatives of all energy companies belonging to the Ministry’s management, to study the possibilities of preventing unauthorized interference in the operation of power grids. Ministry of Energy and Coal Industry. February 12, 2016]. (n.d.). mpe.kmu.gov.ua. Retrieved from
http://mpe.kmu.gov.ua/minugol/control/uk/publish/article?art_id=245086886&cat_id=3510 [in Ukrainian].
20. Na Ukrenerho zdiysnyuyutʹsya novi khakersʹki ataky. Ekonomichna pravda. 20 sich. 2016 roku [New hacker attacks are being carried out at Ukrenergo. Economic truth. January 20, 2016]. (n.d.). www.epravda.com.ua. Retrieved from https://www.epravda.com.ua/news/2016/01/20/577551/ [in Ukrainian].
21. Minenerhovuhillya maye namir utvoryty hrupu za uchastyu predstavnykiv usikh enerhetychnykh kompaniy, shcho vkhodyatʹ do sfery upravlinnya Ministerstva, dlya vyvchennya mozhlyvostey shchodo zapobihannya nesanktsionovanomu vtruchannyu v robotu enerhomerezh. Ministerstvo enerhetyky ta vuhilʹnoyi promyslovosti. 12 lyut. 2016 roku [Ministry of Energy and Coal intends to form a group with the participation of representatives of all energy companies belonging to the Ministry’s management, to study the possibilities of preventing unauthorized interference in the operation of power grids. Ministry of Energy and Coal Industry. February 12, 2016]. (n.d.). mpe.kmu.gov.ua. Retrieved from
http://mpe.kmu.gov.ua/minugol/control/uk/publish/article?art_id=245086886&cat_id=35109 [in Ukrainian].
22. Minenerhovuhillya pratsyuye nad stvorennyam Haluzevoho tsentru z kiberbezpeky. Ministerstvo enerhetyky ta vuhilʹnoyi promyslovosti. 15 serp. 2019 roku [Ministry of Energy and Coal is working on the establishment of the Cyber Security Industry Center. Ministry of Energy and Coal Industry. August 15, 2019]. (n.d.). mpe.kmu.gov.ua. Retrieved from
http://mpe.kmu.gov.ua/minugol/control/uk/publish/article?art_id=245390875 [in Ukrainian].
23. Cobb, St. Trends 2018: Critical infrastructure attacks on the rise. Welivesecurity by ESET. May 30, 2018. www.welivesecurity.com. Retrieved from https://www.welivesecurity.com/2018/05/30/trends-2018-critical-infrastructure-attacks/\.
24. Statement from the Press Secretary. Issued on: February 15, 2018. www.whitehouse.gov. Retrieved from https://www.whitehouse.gov/briefings-statements/statement-press-secretary-25/
25. Dnipropetrovsk region: SBU prevents cyberattack of Russian special services on critical infrastructure facility. July 11, 2018. (n.d.). ssu.gov.ua. Retrieved from
https://ssu.gov.ua/en/news/1/category/301/view/5037#.gkJXke6X.dpbs.
26. SBU has prevented hacking attacks on government bodies involved in the election process. March 6, 2019. (n.d.). ssu.gov.ua. Retrieved from https://ssu.gov.ua/en/news/1/category/301/view/5808#.jxBydNLR.dpbs.
27. SBU prevents hacker attack on Ukrainian information and telecommunication facilities. March 29, 2019. (n.d.). ssu.gov.ua. Retrieved from https://ssu.gov.ua/en/news/1/category/301/view/5916#.HKVce3H5.dpbs.
28. SBU jointly with foreign colleagues blocks activity of powerful hacker group. July 16, 2019. (n.d.). ssu.gov.ua. Retrieved from https://ssu.gov.ua/en/news/1/category/21/view/6281#.ftjINoYP.dpbs.
29. SBU ensures cyber security of the information infrastructure of the Central Election Commission during elections. July 26, 2019. (n.d.). ssu.gov.ua. Retrieved from
https://ssu.gov.ua/en/news/16/category/21/view/6337#.KTO9Yls9.dpbs.
30. Neutze, J. Protecting political campaigns from hacking. May 6, 2019. blogs.microsoft.com. Retrieved from https://blogs.microsoft.com/on-the-issues/2019/05/06/protecting-political-campaigns-from-hacking/.
31. Fortinet Reports Increased YoY Threat Activity for Q2 2019. Threat Research. August 06, 2019. (n.d.). www.fortinet.com. Retrieved from https://www.fortinet.com/blog/threat-research/fortinet-q2-2019-threat-landscape-report.html.
32. Burt, T. New steps to protect Europe from continued cyber threats. February 20, 2019. blogs.microsoft.com. Retrieved from https://blogs.microsoft.com/eupolicy/2019/02/20/accountguard-expands-to-europe/.
33. Rekomendatsiyi shchodo pidvyshchennya rivnya zakhyshchenosti informatsiyno-telekomunikatsiynykh system ta informatsiynykh resursiv derzhavnykh orhaniv i ustanov vid nesanktsionovanykh diy zi storony merezhi Internet. Derzhavna sluzhba spetsialʹnoho zvʺyazku ta zakhystu informatsiyi Ukrayiny Komanda reahuvannya na kompʺyuterni nadzvychayni podiyi Ukrayiny CERT-UA. 18 kvit. 2014 roku [Recommendations on increasing the level of security of information and telecommunication systems and information resources of state bodies and institutions from unauthorized actions by the Internet. State Special Communications and Information Protection Service of Ukraine CERT-UA Computer Emergency Response Team. April 18, 2014]. (n.d.). www.cert.gov.ua. Retrieved from https://www.cert.gov.ua/files/pdf/18042012.pdf [in Ukrainian].
34. Dopomoha trastovykh fondiv NATO Ukrayini [NATO Trust Fund Assistance to Ukraine November 4, 2016]. (n.d.). eesri.org. Retrieved from http://eesri.org/2016/11/nato-trust-funds-assistance-to-ukraine_ukr/ [in Ukrainian].
35. SBU Head inaugurates the Cyber-Security Situation Centre. January 25, 2018. (n.d.). ssu.gov.ua. Retrieved from https://ssu.gov.ua/en/news/2/category/301/view/4318#.duVfjCJM.dpbs.
36. The SSU Cyber Security Situation Centre. (n.d.). ssu.gov.ua. Retrieved from https://ssu.gov.ua/en/pages/330.
37. 2019 Global Cyber Risk Perception Survey. September 2019. (n.d.). www.microsoft.com. Retrieved from https://www.microsoft.com/security/blog/wp-content/uploads/2019/09/Marsh-Microsoft-2019-Global-Cyber-Risk-Perception-Survey.pdf.

Abstract views: 135
PDF Downloads: 70
Published
2019-09-10
How to Cite
Yemelyanov, V., & Bondar, H. (2019). CYBER SECURITY AS A COMPONENT OF NATIONAL SECURITY AND CYBER PROTECTION OF CRITICAL INFRASTRUCTURE OF UKRAINE. Public Administration and Regional Development, (5), 493-523. https://doi.org/10.34132/pard2019.05.02