Methodological foundations of protection in socio-cyber-physical systems
DOI: 10.31673/2409-7292.2024.040002
DOI:
https://doi.org/10.31673/2409-7292.2024.040002Abstract
The subject of the article is the methodological foundations of information protection in socio-cyber-physical systems (SCFS), which integrate physical, digital and social components operating in critical infrastructure. The principles of ensuring security and the principles of effective security management in socio-cyber-physical systems are considered, the use of which is necessary to reduce the risks of attacks and increase the resilience of systems to modern threats. Existing models of building cyber-physical systems protection systems are studied, in particular multi-level approaches to security, protection structures taking into account threats to the internal and external contours of socio-cyber-physical systems. The main vulnerabilities of SCFS at the physical, cybernetic and social levels are analyzed, with an emphasis on the risks of social engineering attacks, data compromise, information interception and insufficient resistance to multi-vector attacks. The Pyramid of Pain model of compromise indicator classification is considered, consisting of six levels and demonstrating the relationship between the types of indicators used to detect the attacker’s activity. Modern methods and technologies of cyber defense in SCFS are studied. It is proven that a multi-level approach to protecting socio-cyber-physical systems is the most effective in modern conditions, as it takes into account the complexity of integrating physical, cybernetic and social components. The implementation of adaptive security models based on big data analysis, machine learning and threat prediction significantly increases the resistance of systems to modern cyber threats. Therefore, a comprehensive approach to protection, taking into account the specifics of each component (social, cybernetic or physical), helps reduce the risks of attacks and ensures the continuity of critical infrastructure.
Keywords: socio-cyber-physical system, information resources, multi-level approach, protection models, vulnerabilities.
