A.N. Stadnik1, V.S. Antonov2, A.O. Karetskiy3, A.A. Petlevanniy4, V.I. Terekhov5, K.E. Amelina6, T.F. Babaev7

1–4 Krasnodar Higher Military School named after the general of the Army S.M. Shtemenko (Krasnodar, Russia)
5, 6 Bauman Moscow State Technical University (Moscow, Russia)
7 Naval Military Training and Research Centre ‘Naval Academy named after Admiral of the Fleet
of the Soviet Union N.G. Kuznetsov’ (St. Petersburg, Russia)
1 alstaff@yandex.ru, 2 valerij.antonov.85@bk.ru, 3 Kaolegovich888@mail.ru, 4 t911sr@mail.ru, 5 terekchow@bmstu.ru, 6 amelina@bmstu.ru, 7 babaevi@list.ru

Abstract. This article is the first in a series of publications on using the methodological tools of functional modeling to understand how attackers can access information in specialized automated control systems without permission. It explains why it is important to study these threats from both a conceptual and practical perspective.

Target. Our goal is to show how functional modelling can help us understand the steps attackers might take to get into a special-purpose automated control system (SPACS) and access sensitive information.

Results. Based on the information threat model created by AT&K, we considered how to break down the goal of gaining unauthorized access to information in a special-purpose automated control system into smaller steps. We then divided these steps into smaller tactics. We also described the basic principles of how to represent functional models using the IDEF0 methodology. Then, using IDEF0, we created functional diagrams for the goal of gaining unauthorized access and its stages: studying information processes in the system, introducing a fake trusted object, and causing damage to the information.

Practical significance. The obtained results allow us to create a formal description of the steps an intruder takes to gain initial access to the operating environment of the system, escalate their privileges, explore the environment, avoid detection, hide their activity, move within the nodes of the system's computer network, organize control, collect data, and export it. Additionally, we can identify any information security breaches that may occur in a special-purpose automated control system.

Stadnik A.N., Antonov V.S., Karetskiy A.O., Petlevanniy A.A., Terekhov V.I., Amelina K.E., Babaev T.F. The formal representation of the target function for the threat of unauthorized access to information in special-purpose automated control systems. Highly Available Systems. 2025. V. 21. № 4. P. 61−70. DOI: https://doi.org/10.18127/j20729472-202504-06 (in Russian)

1. Il`in N.I., Demidov N.N., Popovich P.N. Razvitie sistem special`nogo informacionnogo obespecheniya gosudarstvennogo upravleniya. M.: MediaPress. 2009. 287 c.
2. O bezopasnosti kriticheskoj informacionnoj infrastruktury` Rossijskoj Federacii: federal`ny`j zakon Rossijskoj Federacii ot 26 iyulya 2017 g. № 187-FZ / Sobr. zakonodatel`stva RF. 2017. № 31. St. 4736.
3. Starichenko B.E. Teoreticheskie osnovy` informatiki: Uchebnik dlya vuzov: 3-e izd. pererab. i dop. M.: Goryachaya liniya – Telekom. 2016. 400 s.
4. Kozichev V.N., Protasov A.A., Shirmanov A.V. Avtomatizirovanny`e sistemy` upravleniya special`nogo naznacheniya: monografiya. M.: PRIPP «Novy`e avtory`». 2019. 448 s.
5. Stadnik A.N., Alpeev E.V. Issledovanie voprosov kiberbezopasnosti, ee riski i e`lementy`. Sb. statej II Vseros. nauchno-texn. konf. «Sostoyanie i perspektivy` razvitiya sovremennoj nauki po napravleniyu «Informacionnaya bezopasnost`». Anapa: VIT «E`RA». 2020. S. 270–277.
6. Al Tabash K., Happa J. Insider-threat detection using Gaussian Mixture Models and Sensitivity Profiles. Computers & Security. 2018.
   № 77. P. 838–859.
7. Drobotun E.B. Sintez sistemy` zashhity` avtomatizirovanny`x sistem upravleniya ot razrushayushhix programmny`x vozdejstvij. Programmny`e produkty` i sistemy`. 2016. № 3. P. 51–59.
8. Abulencia J. Insider attacks: human-factors attacks and mitigation. Computer Fraud & Security. 2021. № 5. P. 14–17.
9. Triplett W.J. Addressing Human Factors in Cybersecurity Leadership. Cybersecurity and Privacy. 2022. № 2 (3). P. 573–586.
10. Hong W., Yin J., You M., Wang H., Cao J., Li J., Liu M., Man C. A graph empowered insider threat detection framework based on daily activities. ISA Transaction. 2023. № 141. P. 84–92.
11. Sy`chev M.P., Vajcz E.V., Sy`chev A.M., Skry`l` K.S., Litvinov D.V. Protivodejstvie prestupleniyam v sfere komp`yuternoj informacii: organizacionno-pravovy`e i kriminalisticheskie aspekty`: Uchebnoe posobie. M.: RUSAJNS. 2022. 288 s.
12. Vostreczova E.V. Osnovy` informacionnoj bezopasnosti: Uchebnoe posobie dlya studentov vuzov. Ekaterinburg: Izd-vo Ural. un-ta. 2019. 204 s.
13. Skiba V.Yu., Kurbatov V.A. Rukovodstvo po zashhite ot vnutrennix ugroz informacionnoj bezopasnosti. SPb.: Piter, 2008. 320 s.
14. Skry`l` S.V., Sy`chev M.P., Gajfulin V.V. i dr. Kiberustojchivost` informacionnoj sredy`: modeli issledovaniya: Monografiya / pod red. S.V. Skry`lya. M.: Rusajns. 2021. 254 s.
15. MITRE ATT&CK. URL: https://attack.mitre.org/ (data obrashheniya 01.04.2024).
16. Skry`l` S.V., Shelupanov A.A. Osnovy` sistemnogo analiza v zashhite informacii. Tomsk: Mashinostroenie. 2008. 138 s.
17. Bezopasnost` operacionny`x sistem: Ucheb. posobie dlya stud. uchrezhdenij vy`ssh. obrazovaniya / pod red. S.V. Skry`lya. M.: Aka-demiya. 2021. 256 s.
18. R 50.1.028-2001. Metodologiya funkcional`nogo modelirovaniya: Rekomendacii po standartizacii. M.: IPK Izdatel`stvo standartov. 2001. 50 s.
19. Metodika ocenki ugroz bezopasnosti informacii: Metodicheskij dokument (utv. FSTE`K Rossii 05.02.2021). M.: FSTE`K. 2021. 83 s.
20. Derbyshire R., Green B., Hutchison D. Talking a different Language: Anticipating adversary attack cost for cyber risk assessment. Computers & Security. 2021. № 103.