D.V. Chernov – Assistant,
Department of Information Security, Tula State University;
Head of Sector of Information Security,
JSC ADC (Tula)
E-mail: cherncib@gmail.com
A.A. Sychugov – Ph.D.(Eng.), Associate Professor, Head of Department of Information Security, Tula State University
E-mail: xru2003@list.ru
The article offers a formalized description of the method for determining the numerical expression of the danger of actions potentially implemented by an information security violator in automated process control systems. The analysis of the most significant destructive impacts on the information security systems of critical objects is carried out. Based on the analysis, it is concluded that it is important to model threats to the information security of industrial facilities. The most common methods of obtaining numerical expressions of the danger of destructive actions of information security violators in the development of threat models are considered. The methods are divided into two groups: verbal and probabilistic. Later in the article, each of the two groups is discussed in more detail. Their positive and negative sides are given. The authors propose a new method for determining the risk factors of destructive actions of an information security violator, which was not previously found in open sources. The article presents 11 numerical expressions that form the basis of the proposed method. Numerical expressions are strictly structured and applicable to each of the 3 levels of automated process control systems. As part of the work, the authors calculate the criticality of information security violations in accordance with the FMEA methodology for analyzing the types and consequences of potential defects. Based on the data obtained when applying FMEA, the risk factor of destructive actions of the information security violator is calculated. In order to check the correctness of the presented method, the authors developed software using the MATLAB programming language. The results of the developed program are presented on two types of graphs. The increase in the values of the hazard coefficient at all levels of the automated process control system, over time, indicates a potential increase in direct losses and uncontrolled consequences for industrial facilities. The method is proposed for use in building models of threats and information security violators in cases of designing and implementing information security tools for automated process control systems.
- Positive Technologies. Aktualnye ugrozy kiberbezopasnosti 2019 goda. Cybersecurity_threatscape-2019_A4.RUS.0005. 2020. S. 5. (In Russian).
- Parfentev A. Issledovanie urovnya bezopasnosti v kompaniyakh Rossii i SNG v 2019 godu. SearchInform Information Security. 2020. S. 16−20. (In Russian).
- Kaspersky ICS CERT. Landshaft ugroz dlya sistem promyshlennoi avtomatizatsii. pervoe polugodie 2019. Moskva. 2019. S. 3−5. (In Russian).
- Drobotun E.V., Tsvetkov O.V. Postroenie modeli ugroz bezopasnosti informatsii v avtomatizirovannoi sisteme upravleniya kriticheski vazhnymi obieektami na osnove stsenariev deistvii narushitelya. Programmnye produkty i sistemy. Tver: NII «Tsentrprogrammsistem». 2016. T. 29. № 3. S. 42−51. (In Russian).
- Skripnik D.A. Obshchie voprosy tekhnicheskoi zashchity informatsii: Ucheb. posobie [Elektronnyi resurs]. Moskva, Saratov: InternetUniversitet Informatsionnykh Tekhnologii (INTUIT). Ai Pi Ar Media. 2020. 424 c. URL = http:// www.iprbookshop.ru/89451.html. EBS «IPRbooks». (In Russian).
- Miroshnikov V.V. Metodicheskii podkhod k otsenke effektivnosti sposobov zashchity informatsii v srede rasprostraneniya signalov lokalnoi vychislitelnoi seti. Izvestiya TRTU. Tematicheskii vypusk. Materialy VII Mezhdunar. nauchno-prakticheskoi konf. «Informatsionnaya bezopasnost». Taganrog: Izd-vo TRTU. 2005. № 4. S. 156−163. (In Russian).
- Egorova G.V., Fedoseeva O.Yu. Upravlenie Informatsionnymi riskami predpriyatiya. Vestnik Volzhskogo universiteta im. V.N. Tatishcheva. 2015. № 2. S. 9−10. (In Russian).
- Sukhanov A.V. Otsenki zashchishchennosti informatsionnykh sistem. Zhurnal nauchnykh publikatsii aspirantov i doktorantov. 2008. № 5. S. 150−157. (In Russian).
- Grechishnikov E.V., Dobryshin M.M. Otsenka effektivnosti destruktivnykh programmnykh vozdeistvii na seti svyazi. Sistemy upravleniya, svyazi i bezopasnosti. SPb.: OOO «Korporatsiya «Intel Grup». 2015. № 2. S. 135−145. (In Russian).
- Chernov D.V., Sychugov A.A. Method of identifying and assessing of automated process control systems vulnerable elements. Proc. of the 12th International Conference on Security of Information and Networks (SIN '19). ACM, New York, NY, USA. Article 19. 4 p. DOI: 10.1145/3357613.3357633.
- Sychev V.M. Osnovnye napravleniya rasshireniya modeli vnutrennego narushitelya informatsionnoi bezopasnosti. Vestnik MGTU im. N.E. Baumana. Ser. «Priborostroenie». 2016. № 2. S. 125−137. (In Russian).
- Chernov D. and Sychugov A. Mathematical modeling of information security threats of automated process control systems. 2019 International Conference on Electrotechnical Complexes and Systems (ICOECS). Ufa, Russia. 2019. P. 1−4. DOI: 10.1109/ICOECS46375.2019.8950023.
- Novikov V.A., Grishin A.I. FMEA-analiz kritichnosti protsessa «Tekhnicheskoe obsluzhivanie tekhnologicheskogo oborudovaniya». Kompetentnost. 2012. № 6(97). S. 37−41. (In Russian).
- Bagal K.N., Kadu C.B., Parvat B.J., Vikhe P.S. PLC Based Real Time Process Control Using SCADA and MATLAB. Fourth Int. Conf. on Computing Communication Control and Automation. 2018. P. 1−5. DOI: 10.1109/ICCUBEA.2018.8697491.
- Song S.H. et al. Developing and Assessing MATLAB Exercises for Active Concept Learning. IEEE Trans. Educ. 2019. V. 62. № 1. P. 2−10. DOI: 10.1109/TE.2018.2811406.
- Brakorenko A.S. Testirovanie i obespechenie kachestva programmno-tekhnicheskikh kompleksov na osnove ispolzovaniya virtualnykh tekhnologicheskikh obieektov. Pribory i metody izmerenii. 2014. № 2. S. 75−79. (In Russian).