THE PROBLEM OF ENSURING THE FUNCTIONAL STABILITY OF CRITICAL INFRASTRUCTURE SYSTEMS

Abstract

The article discusses the problems
of ensuring the functional resilience of key information management and information and
telecommunications systems that belong to critical infrastructure. An analysis of current threats and national
and international regulatory approaches is conducted, gaps in the national regulatory and legal framework
are identified, and the research problem and objectives are formulated. The main directions of state policy
and scientific and technical priorities for improving the resilience of key information infrastructure systems
(KII) are presented.
The relevance of the research is determined by the increasing complexity of modern control and
communication systems, the deep integration of KII into industrial, energy, transport, and governmental
processes, as well as the rising number of cyber incidents with real physical consequences.
It is shown that the main challenges in critical infrastructure are related to cascade effects, where a
failure in one component or sector triggers a chain reaction in others. In Ukraine, this problem is aggravated
by the lack of unified legal regulation, the absence of a national register of critical systems, inconsistent
interagency response procedures, and limited monitoring mechanisms. The paper presents a systematization
of key problems in ensuring the resilience of KII, including technical, organizational, and personnel aspects.
The main contribution of this research lies in combining theoretical and applied approaches to
enhancing the resilience of critical infrastructure. The developed risk modeling methodology, analytical
problem systematization, and proposed policy framework form the basis for an integrated national strategy
to improve the reliability and security of Ukraine’s critical infrastructure under hybrid threat conditions.
Keywords: functional resilience, critical infrastructure, information security, cascading failures, risk
modeling, national security policy

References
1. Леоненко Г.П., Юдін А.Ю. Проблеми забезпечення інформаційної безпеки систем
критично важливої інформаційної інфраструктури України. // Information Technology and
Security, № 1(3), 2013. С. 5–16.
2. Лісецький В.І., Строганов І.В., Чеканов Є.П. Кіберзахист об’єктів критичної
інфраструктури: сучасний стан і напрямки розвитку в Україні. // Збірник наукових праць
НУОУ, № 4 (53), 2023. С. 45–58.
3. Довгань О.Д., Криворучко О.В. Функціональна стійкість критичних інформаційних
систем як об’єкт державного регулювання. // Інформаційна безпека, № 2, 2021. С. 23–32.
4. ISO/IEC 27001:2022. Information Security, Cybersecurity and Privacy Protection.
Information Security Management Systems. Requirements. International Organization for
Standardization, Geneva, 2022.
5. IEC 62443-3-3:2019. Industrial Communication Networks. Network and System Security
System Security Requirements and Security Levels. International Electrotechnical Commission,
Geneva, 2019.
6. ISA/IEC 62443 Series. Security for Industrial Automation and Control Systems. International
Society of Automation, 2018.
7. NIST SP 800-82 Rev.3. Guide to Industrial Control Systems (ICS) Security. National Institute
of Standards and Technology, Gaithersburg, 2023.
8. NIST SP 800-30 Rev.1. Guide for Conducting Risk Assessments. NIST, Gaithersburg, 2012.