D.V. Chernov – Assistant, Department «Information Security», Tula State University; Head of Sector of Information Security, JSC ADC (Tula)
A.A. Sychugov – Ph.D.(Eng.), Associate Professor, Head of Department «Information Security», Tula State University; Director of Institute of Applied Mathematics and Computer Science of Tula State University
The purpose of the work is a formalized description of the methodology for determining the list of current threats to information security, the implementation of which can lead to a violation of the normal operation of multi-level distributed automated process control systems, as well as a set of information security measures required to minimize the risks of the implementation of current threats. Modern large-scale attacks on objects of critical information infrastructure are considered. The analysis of the process of modeling threats to information security of automated process control systems. The approach to the protection of automated process control systems based on Stackelberg's game in a strategic form is simulated. Abstract mathematical model of information security threats of automated process control systems is developed. Sets of assumptions about the violators of information security of automated process control systems using methods of minimizing logical functions are obtained. The formalized representation of the threat model taking into account the potential of the attacker is described. Implementation of the results obtained in the automated control systems of technological processes will allow to increase fault tolerance, improve the results of fault location of individual units and reduce operating costs of the automated control system of technological processes. The research results are recommended for use in the design of software and hardware information security in automated process control systems.
In the article «Formalized representation of the model of threats to information security of automated process control systems» the authors consider the mathematical description of the process of drawing up a model of threats to information security of automated process control systems. The article is devoted to the study of principles and approaches to information security of industrial systems. Examples of practical implementation of complex attacks on automated control systems are analyzed. Examples of destructive effects of detailed designed attacks on industrial facilities are given. The consequences of such attacks are considered. The authors have modelled the approach to the protection of automated control systems of technological processes on the basis of a Stackelberg game in strategic form. Application of this approach is considered on a concrete example. Abstract mathematical model of information security threats of automated process control systems is developed. Sets of assumptions about the violators of information security of automated process control systems using methods of minimizing logical functions are obtained. The formalized representation of the threat model taking into account the potential of the attacker is described. As an example, a set of current threats representing a potential danger to the information processed in automated process control systems is obtained.
- Chernov D.V., Sychugov A.A. Analiz sovremennykh trebovanii i problem obespecheniya informatsionnoi bezopasnosti avtomatizirovannykh sistem upravleniya tekhnologicheskimi protsessami. Neirokompyutery. Razrabotka, primenenie. 2018. № 8. S. 38−46.
- Federalnyi zakon ot 26.07.2017 № 187 (poslednyaya redaktsiya). O bezopasnosti kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii. URL = http://pravo.gov.ru/proxy/ips/?docbody=&firstDoc=1&lastDoc=1&nd=102439340 (data obrashcheniya: 11.04.2019).
- Nazarov V. Kiberbezopasnost 2018−2019. Itogi i prognozy. URL = https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/ Cybersecurity-2018-2019-rus.pdf (data obrashcheniya: 15.04.2019).
- GOST R 50922-2006. Zashchita informatsii. Osnovnye terminy i opredeleniya. M.: Standartinform. 2008. 8 s.
- Prikaz FSTEK Rossii ot 25.12.2017 № 239. Ob utverzhdenii trebovanii po obespecheniyu bezopasnosti znachimykh ob’ektov kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii. URL = https://fstec.ru/en/53-normotvorcheskaya/akty/prikazy/1592-prikaz-fstek-rossii-ot-25-dekabrya-2017-g-n-239 (data obrashcheniya: 18.04.2019).
- Chernov D.V., Sychugov A.A. Formalizatsiya modeli narushitelya informatsionnoi bezopasnosti ASU TP. Izvestiya tulskogo gosudarstvennogo universiteta. Tekhnicheskie nauki. 2018. № 10. S. 22−27.
- Xiao L., Chen T., Liu J. et al. Antijamming transmission Stackelberg game with observation errors. IEEE Commun. Lett. 2015. V. 19. № 6. P. 949−952.
- Novozhilova M.V., Ovechko K.A. Primenenie teorii igr v zadachakh informatsionnoi zashchity. Kharkov: Radioelektronika i informatika. 2006. № 3. S. 65−68.
- Gatchin Yu.A., Sukhostat V.V. Teoriya informatsionnoi bezopasnosti i metodologiya zashchity informatsii. SPb.: SPbGU ITMO. 2010. 98 s.
- Zhang C., Ge L., Zhong Z., You X. Karnaugh map-aided combinational logic design approach with bistable molecular reactions. Proc. IEEE Intl. Conf. on Digital Signal Proc. (DSP). 2015.