Научная статья на тему 'Методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур'

Методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур Текст научной статьи по специальности «Компьютерные и информационные науки»

CC BY
225
57
i Надоели баннеры? Вы всегда можете отключить рекламу.
Ключевые слова
АППАРАТНО-ПРОГРАММНАЯ ПЛАТФОРМА / ЗАЩИТА ИНФРАСТРУКТУРЫ / ИМПОРТОНЕЗАВИСИМОСТЬ / ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ / КРИТИЧЕСКАЯ ИНФОРМАЦИОННАЯ ИНФРАСТРУКТУРА / ТЕХНОЛОГИЧЕСКАЯ НЕЗАВИСИМОСТЬ

Аннотация научной статьи по компьютерным и информационным наукам, автор научной работы — Михалевич Игорь Феодосьевич

К критическим информационным инфраструктурам стран и их союзов относятся информационные системы, телекоммуникационные сети, автоматизированные системы управления, функционирующие в сферах здравоохранения, науки, транспорта, связи, энергетики, промышленности, финансового рынка, государственного и муниципального управления, государственной безопасности, обороны страны, правосудия, правопорядка и в других общественно значимых областях. Поэтому элементы критических информационных инфраструктур и их информация должны быть надежно защищены с учетом требований национальных и/или союзных документов. Платформы, на которых создаются и будут функционировать элементы критических информационных инфраструктур, должны также соответствовать этим требованиям. Ошибки, допущенные при создании платформ для критических информационных инфраструктур, создают угрозы непоправимого ущерба для стран и их союзов. Изложены методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур, удовлетворяющих нормативным требованиям по информационной безопасности, общим и функциональным требованиям владельцев элементов критических информационных инфраструктур. Сформулированы принципы, соблюдение которых обеспечивает создание платформ с заданными специальными свойствами. Обобщен опыт создания российской защищенной аппаратно-программной платформы "Синтез-АПП", сертифицированной по требованиям информационной безопасности, обладающей высокой функциональностью, обеспечивающей технологическую и импортонезависимость критической информационной инфраструктуры Российской Федерации, который может быть применен другими странами.

i Надоели баннеры? Вы всегда можете отключить рекламу.

Похожие темы научных работ по компьютерным и информационным наукам , автор научной работы — Михалевич Игорь Феодосьевич

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

Текст научной работы на тему «Методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур»

COMPUTER SCIENCE

METHODOLOGICAL FOUNDATIONS OF CREATION OF NATIONAL PROTECTED HARDWARE-SOFTWARE PLATFORMS FOR CRITICAL INFORMATION INFRASTRUCTURES

DOI 10.24411/2072-8735-2018-10056

Igor F. Mikhalevich,

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia, [email protected]

Keywords: critical information infrastructure, hardware-software platform, independence on import, information security, protection of infrastructure, technological independence.

Critical information infrastructures of countries and they unions means information systems, telecommunication network, automated control systems operating in the spheres of health care, science, transport, telecommunications, energy, industry, financial market, of state and municipal administration, state security, the country's defense capacity, justice, law and order and other sensitive areas for the public. Therefore, the elements of critical information infrastructures and their information should be reliably protected, taking into account the requirements of national and / or union documents. Platforms on which elements of critical information infrastructures are created and will function must also meet these requirements. Mistakes in the creation of platforms for critical information infrastructures create threats of irreparable damage to countries and their unions. The article describes the methodological foundations for the creation of national protected hardware and software platforms for critical information infrastructures that meet the regulatory requirements for information security, the general and functional requirements of the owners of elements of critical information infrastructures.

The principles were formulated, compliance with which ensures the creation of platforms with specified special properties.

Generalized the experience of creating a Russian protected hardware and software platform "Sintez-HSP", certified for information security requirements, with high functionality, providing technological and import independence of the critical information infrastructure of the Russian Federation, which can be applied by other countries.

Information about author:

Igor F. Mikhalevich, PhD, senior researcher, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia

Для цитирования:

Михалевич И.Ф. Методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур // T-Comm: Телекоммуникации и транспорт. 2018. Том 12. №3. С. 75-81.

For citation:

Mikhalevich I.F. (2018). Methodological foundations of creation of national protected hardware-software platforms for critical information infrastructures. T-Comm, vol. 12, no.3, pр. 75-81.

-e-

Introduction

Security and improving protection of critical information infrastructure (Gil) is a priority both in the Russian Federation | l-4| and abroad [5-7], In accordance with the Doctrine of Information Security of the Russian Federation [2], the Strategy of the Information Society Development in the Russian Federation for 2017-2030 [3], the Digital Economy of the Russian Federation Program [41 security and improving protection of critical information infrastructure of the Russian Federation (CIIRF) arc inextricably linked with the elimination of the dependence of domestic industry on foreign information technologies and information security tools, improving the security of functioning of information infrastructure elements, ensuring the security of information processed in automated and information systems and transmitted over telecommunication networks of CIIRF.

The most important feature of Gils is that they often processed open information, access to which can't be limited, and information with a different of levels of confidentiality, including information that constitutes a state see ret, unauthorized access to which must be guaranteed to be excluded.

This has a significant impact on the choice of the hardware and software platform (HSP) designed to create and support the operation of the elements of CII, and this should be taken into account in the development and application of HSPs in order to protect national Clls.

1. Requirements and principles for the creation of protected hardware-software platforms tor national critical information infrastructures

Based on the author's experience in fulfillment the national requirements in the work on the creation and operation of the elements of the CI Is, the HSP for the CII should have the following basic properties and meet the following basic requirements [8, 9|:

■ full scale and full functionality — is properties that reflects the completeness of the composition and technologies of the platform that provide the creation (modernization) and operation of elements of CII of different types, different security classes, and levels of topological and of architectural complexity;

• import and technological independence - is properties of the platform to preserve the full scale and the ful! functionality, the declared characteristics, to develop, to be supported regardless of foreign policy and foreign economic factors, without the use of import components, without foreign participation, without forced updating of components and management from abroad, without information transfer, including technological, outside the country;

• enterprise level - is the properly of the platform to preserve performance, fault tolerance and other declared characteristics of the elements of the CII of complex topology and arelntcc-ture, with high loads and large volumes of data throughout the life of the system;

• nivcrsality - is the property of the platform to provide on Ihe basis of its own basic components the creation (modernization) of elements of CII of different types, different classes of protection and levels of topological and architectural complexity;

• guarantees of development and support - is the property of Ihe platform to evolve and provide operation, maintenance and modernization created on basis platform of the elements of the CII throughout the life time.

In the functional plane, the following are the most important requirements for the Clls:

• platform should be ensured the creation (modernization) and operation of the elements of the Cll of different protection classes, the safe departmental, interdepartmental interaction of the ohjects of the Cll and their interaction with the registered users;

• platform should create a protected (trusted) environment for the operation of special software developed for a specific sector (sub-sector) of the critical infrastructure, ensure the security of information of all levels of confidentiality. The variety of levels (categories, degrees) of confidentiality of information that can be processed (transmitted) in Clls is reflected in Tabic 1.

Tabic 1

The possible levels of confidentiality of information in the Clls

Highest degree (if confidentiality Designation Sign of level

Higher Top Secret HTS 1

Top Secret TS 2

Sec ret s 3

Confidential CI 4

Unclassified uc 5

• platform should provide for a "soft" stage-by-stage modernization of the elements of the I1C, which assumes their operation w hen replacing equipment with a newer one;

• platform should provide a "soft" stage-by-stage modernization of the special software, assuming the use in the upgraded elements of the CII of the previously commissioned of special software;

• platform should provide for the organization of a productive, sustainable, scalable computing proccss, reliable storage of large amounts of information, maintaining confidentiality, accessibility and integrity of information;

• platform should support the main network services of the system and user levels;

• platform should provide for the collection, processing and storage of data in of geographically distributed segments of the Cll, the possibility of secure remote access to this data, support of technologies of the integration of computing resources and storage systems, provide development (modernization) and operation of data centers;

• platform should support the multi-level and correct of simultaneous work of a large number of users w ith the common data in databases, publication and retrieval of data, content management, data backup and archiving, synchronization of updaLes;

• platform should provide control and management of the operation of all devices, automation systems, software and hardw are complexes, etc., which are pan of the pi at form-based elements of the Cll;

• platform should provide a backup of basic components;

• platform should support the work of complexes of information-computational, analytical, forecasting tasks, including using Web-technologies for processing geospatial data and multi-screen mode, text, graphic editors, processing of multimedia information, artificial intelligence technologies;

T-Comm Tom 12. #3-2018

-e-

• platform should support the trusted development environment of special software.

The main principles that should be observed when creating national protected EISP for Clls include the following:

1. The principle of software modularity.

In the structure of the software, complete functional modules intended for wide (repealed) use, providing subsequent unification of programs, should be allocated.

2. The principle of unification of software.

The software should make maximum use of the applicable general and special purpose software modules.

3. The principle of localization.

The programs (packages, modules) borrowed in the development of platform should be localized. "Localization" means the following activities:

check of borrowed packages, modules, programs on compliance with their functional purpose;

check of borrowed packages, modules, programs on the lack of vulnerabilities;

check of borrowed packages, modules, programs on the lack of undeclared capabilities;

check of the compatibility of borrowed programs and the means of information protection which are applied in 1 ISP and in CII;

check of the absence of the influence of borrowed packages, modules, programs on functioning of the means of information protection which are applied in HSI1 and in CII;

improvements and other measures to bring the software into compliance with the requirements of national standards and norms in the field of information technology and information security;

fixing the code of the scanned packages, modules, programs; execution of documentation;

creation of conditions for training specialists and technical support of the HSP and the elements of the CII which are created on its basis.

4. Principle of typitieation of technical solutions.

The platform should provide the creation of typical technical solutions (typical configurations) for elements of CII for various purposes, different protection classes and levels of topological and architectural complexity with to using various combinations of a limited number of components of HSP.

5. Scalability Principle.

The platform should provide scalability of technical solutions, their integration into typical configurations of elements of CI!. The platform should not be sensitive to the topological and architectural complexity of the elements of CII, the number of users, the volumes of information processed in the CII.

6. The principle of universality of software means of protecting information.

The platform should provide the ability to change the protection class of the element ofCU by changing the settings of software means of protecting information without replacing them.

7. The principle of optimizing resources (customization). The platform should provide the ability to combine technical

solutions and changc the settings of the applied components to the objectives of a particular element of the CM to reduce the cost of their creation, modernization, ownership.

K. The principle of software trust and inheritance of special software.

The platform should provide the opportunity to "dive" into its entrusted functioning environment of application programs and special software, declared by the owner (customer) of the clement of the CD, including "inherited" from the upgraded elements of the CII.

9. The principle of "soft" modernization.

The platform should allow a "soft" modernization of elements of Clls by replacing obsolete equipment and gradual transfer of existing elements of the CII to a new platform without "stopping" the functioning of elements of the CII and user services.

10. The principle of hardware trust.

The platform should contain lists of recommended equipment for the appropriate protection classes and levels of complexity of elements of the Cil.

11. The principle of dynamic scicntific and technological potential.

With regard to the platform, there should be opportunities for rapid growth in the number of specialists in its components, adaptation (customization) of platform solutions to the tactical and technical characteristics of elements of the CII being created (modernized).

2. An example of creating a protection hardware and software platform for I lie critical information infrastructure of the Russian Federation

In accordance with the tactical and technical tasks for the initiative development work of the "Sintcz" series, agreed with the Russian regulators in the field of information security, in 2012-2013 years the Russian protected hardware and software platform "Sintez-HSP" was created [8, 9], conclusions about its compliance with information security requirements and permitting documents for use in the creation of CII Rf facilities with the highest level of confidentiality of information were received [8-10], the trademark of the platform products -"SintezalTiS" was registered [11].

Since 2013, elements of the C1IRF have been successfully created on the platform "Sintez-HSP", user training and training have been conducted, a technical support system has been crcated, and conditions for the development of the platform have been ensured.

Solutions on ensure of the full scale and full functionality of the platform "Sintez-HSP"

To ensure the full scale and full functionality of the platform "Sintez-HSP" the basic set of programs includes a family of protected operating systems, a protected database management system, an application server, built-in software of protection of information and integration with external means of information protection used in the CltRF, tools of administration, development, office package and other programs listed in Table 2,

Solutions on ensure of the import and technological independence of the platform "Sintez-HSP"

A. Independence on import of the platform "Sintez-HSP " is provided by the use of own development tools and certified means of Russian companies, as well as localized Software means of borrowed open source software.

-e-

-е-

78

ff

-e-

In 2012, with the participation of the author, an agreement was signed with Red Hat [12J. The platform "Sintez-lISP" was allowed the integration of modules and programs that have undergone internal certification of Red Hat, access to databases and knowledge banks about the compatibility of programs and hardware, errors and vulnerabilities identified by Red Hat in the internal certification of programs and their further exploitation, ways of eliminating problems.

This ensured the rapid development of the required scientific and technical potential by the developer company, the operational localization of the borrowed software, the development of proprietary software for protecting information and means of interaction with external information protection means, carrying out complex load and functional tests, compatibility testing with hardware, compliance with Russian information security requirements, the creation of a technical support system and specialists, the formation of their own databases and data banks on the products of the platform "Sintez-HSP".

As a basis for the development of a protected data base management system "Sintez-DBMS", data base management system PostgreSQL was adopted, which has additional highly skilled support in Russia [13].

Solutions on ensure of the universality of the platform "Sintez-HSP"

The universality of the platform is achieved through the use of sccurc virtual i zat i on technologies, the creation on their basis of the family of protcctcd operating systems "Sintez-OS" (see table 1).

Measures to protect the virtual ¡zat i on environment exclude unauthorized access to information processed in the virtual infrastructure and to components of the virtual infrastructure, as well as the impact on information and components, including virtual infrastructure management means, virtual machine monitor (hypcrvisor), data storage system including a system for storing images of virtual infrastructure), data networks through elements of the virtual and physical infrastructure, guest operating systems, virtual machines, system and network replication, terminal and virtual devices, as well as the backup system and the copies it creates, as required by documents of regulators.

In the basic mode for the platform "Sintez-HSP", information processing is performed on virtual machines deployed on protected servers. The interaction of the user with the virtual machine is carried out through the terminal ARM "Sintez-T". It has high security, low weight and dimensions, low power consumption, does not require uninterruptible power supply for operation on virtual machine. The terminal does not contain its own means of storing information, which excludes the loss of protected information in the event of a power outage or theft of the terminal.

With the help of the protected operating systems of the "Sintez-OS" family, together with other components of the platform, a full-fledged protected ecosystem "Sintez" is created.

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.

be composition of modules of the main modifications of the operating system "Sintez-OS", providing the universality of the platform, is shown in Fig. 2.

rratzr

- *

.ItSUI] .

it Lin j. Uv.-^Il

AiDE 4wdi[

* hole, it a *imllcd <>..'1 in I he oí Ehr

Fig. 2. Modular scheme of the main modi 11 cations of the operating system "Sintez-OS"

Solutions on ensure of the guarantees of development and support of the platform "Sintez-HSP"

The design, deployment, technical support and qualification support (certification) of the training and maintenance staff of elements of the CI1 on the hardware and software components of the platform are provided by national developers who also have access to the resources of open source software communities.

The general scheme of the organization of technical support of the platform "Sintez-HSP" in Table 3.

The basic guarantees for the development and support of the platform "Sintez-HSP" and elements of the CM created on it are ensured by the following.

The own scientific and technical potential of the developer of the platform "Sintez-HSP", the author's support of objects of the CH, created on the platform "Sintez-I ISP".

2. The developer of the platform "Sintez-HSP" are keeps databases and knowledge banks about incidents connected with the functioning of the general and special software of the of the platform "Sintez-HSP",

3. The developer of the platform "Sintez-HSP" are keeps databases and knowledge banks about incidents related to the functioning of software means to protect the information of the platform "Sintez-HSP".

4. The developer of the platform "Sintez-HSP" are keeps databases and knowledge bases on the errors and vulnerabilities of non-localized open sourcc software identified by the open source community and Red Hat in the process of internal certification.

5. The developer of the platform "Sintez-HSP" are keeps databases on the results of the internal certification of Red Hat on the compatibility of software and hardware, the performance and fault tolerance of various test implementations of technical solutions.

6. The developer of the platform "Sintez-HSP" are keeps databases on the results of the compatibility of the platform's certified tools with hardware, application programs, and the special software of the owners (customers) of elements of the CIL

-e-

Table 3

General scheme of organization of support of the platform «Siiitcz-HSP»

-е-

Support requests Levels Of Support problem

1-й 2-й 3-я level of SIP of the platform "Sintez-HSP" tevelorthe Linux kernel, general and application noii-locaEtzed software

Internal contour External contour

DB(KB)PIS 1 DB(KB)PIS-5P! DBiKBJNI.S

Rendering of the ad vi sur,' help tsolvins problems о Г the 1 rid level of complexity)

_ t-

Solving problems of the 2nd Level of complexity

— -1

«- «-

Routine maintenance (solving problems of the 3nd level of complexity - software update, etc.)

—» -t —t

t- -

ElimLnaling critical errors of the programs and errors of the S!P of the plaObrm "Sintez-HSP"

— — -4. — —

4— t-

Eliminating critical emirs of the Linux kernel

- 1 - - 1

" "Air van"

— t-

"Air gap"

- 1 -] -1 -1 1

Distribution ot updates (software, drivers, etc,)

! 1 1 1 1

"Air gup"

1-

— «- — —

Note. Table 3 uses the following abbreviations:

- DB(KB)P1S - databases (knowledge banks) of the platform "Sintez-HSP";

- DB(KB)PIS-SP1 - databases (knowledge banks) on built-in software of protection of information of the platform "Sintez-I ISP";

- DB(KB)NLS - databases (knowledge banks) on non-totalized software.

Conclusion

The effectiveness of measures to ensure the security and increase the protection of critical information infrastructures is largely determined by the choice of hardware-software platforms and solutions of platform that will ensure the functioning of the elements of critical information infrastructures. The article outlines the general and functional requirements for hardwaresoftware platforms for critical information infrastructures, which arc based on an analysis of the requirements of the guidelines and the experience of the author's participation in the creation of secure systems. Based on the requirements, the principles for creating protected platforms are formulated.

The methodological approaches presented in the article were successfully applied in the development and implementation of

the platform "Sintez-l ISP", which is designed to create elements of critical information infrastructures with the highest level of protection.

The described methodological approaches and accumulated experience can be successfully applied in the creation and modernization of elements of critical information infrastructure both in Russia and abroad.

References

1. Federal Law of 26.07.2017 № 187-FL "On the Security of the Critical Information Infrastructure of the Russian Federation".

2. The Doctrine of Information Security of the Russian Federation. Approved by the Decree of the President of the Russian Federation of 05.12.2016 ife 646,

3. Strategy of the Information Society Development in the Russian Federation for 2017 - 2030. Approved by the Decree of the President of the Russian Federation of 09.05.2017 № 203.

4. Program "Digital Economy of the Russian Federation". Approved by the Oder of the Government of the Russian Federation of 28.07.20I7№ 1632-og.

5. A Generic National Framework for Critical Information Infrastructure Protection (Clip), ITU, 2007. 30 p. www.itii.int/ITU-D/cy h/cybersecurity/docs/generic-national-&amework-for-ciip,pdf,

6. National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurtty, Version 1.0. February 12, 2014. https://www.nist.gov/siles/defaull/ Г les/documents'cyberftame work/cybersectiri ly-framework-021214,pdf.C I If A.

7. Critical Information Infrastructures Protection approaches in EU. Final Document | Version 1 | TLP: Green | July 2015. 19 p. https://resilience.enisa.europa.eu/enisas-ncss-projecl/CIIPApproaches NCSS.pdf.eC.

8. Igor F, Mikhalevich (2012). The conception of creating a trusted environment for the functioning of automated systems in a secure execution on the basis of an operating system "Sintez-OS". Moscow: ITSirius LLC. 2012. 50 p.

9. Igor F. Mikhalevich (2014). Problems of creation of the entrusted environment of functioning of automated control systems in the protected execution. Works XII of the All-Russian meet-ing on control problems (ARMCP-20I4. Moscow). Moscow: ICS of RAC, 2014, pp. 9201-9207.

10. Conformance certificate № SF/014-3065 dated 10.02.2017 "The complex of programs "Protected Operating System "Sinlcz" to the requirements of the FSB of Russia to protect information from unauthorized access using the means of cryptographic protection of information in automated information systems located in the territory of the Russian Federation, Class I, the use for processing information containing information constituting the state secret Extract from the list of information security tools certified by the Russian FSB". Issued by the CLSZ of Federal Security Service of Russia. http://clsz.fsb.rii/certifieation.htm.

11. Certificate of trademark (service mark) № 533289 "SintezalTiS", priority of the trademark 03.12.2013, registered In the State Register of Trademarks and Service Marks of the Russian Federation on 01,30.2015,

12. Memorandum of intensions of the parlies Red I lat Inc., ЕМЕЛ Red Hat Limited, «ITSirius» LLC, 2012). URL: https://www.itsirius.su/partnery (25.06.2014).

13. Panchenko I. (2015). PostgreSQL: yesterday, today, tomorrow. Open systems. DBMS. No, 3, pp. 22-27.

О

МЕТОДОЛОГИЧЕСКИЕ ОСНОВЫ СОЗДАНИЯ НАЦИОНАЛЬНЫХ ЗАЩИЩЕННЫХ АППАРАТНО-ПРОГРАММНЫХ ПЛАТФОРМ ДЛЯ КРИТИЧЕСКИХ ИНФОРМАЦИОННЫХ ИНФРАСТРУКТУР

Михалевич Игорь Феодосьевич, ФГБУН "Институт проблем управления им. В.А. Трапезникова Российской академии наук",

Москва, Россия, [email protected]

Дннотация

К критическим информационным инфраструктурам стран и их союзов относятся информационные системы, телекоммуникационные сети, автоматизированные системы управления, функционирующие в сферах здравоохранения, науки, транспорта, связи, энергетики, промышленности, финансового рынка, государственного и муниципального управления, государственной безопасности, обороны страны, правосудия, правопорядка и в других общественно значимых областях. Поэтому элементы критических информационных инфраструктур и их информация должны быть надежно защищены с учетом требований национальных и/или союзных документов. Платформы, на которых создаются и будут функционировать элементы критических информационных инфраструктур, должны также соответствовать этим требованиям. Ошибки, допущенные при создании платформ для критических информационных инфраструктур, создают угрозы непоправимого ущерба для стран и их союзов. Изложены методологические основы создания национальных защищенных аппаратно-программных платформ для критических информационных инфраструктур, удовлетворяющих нормативным требованиям по информационной безопасности, общим и функциональным требованиям владельцев элементов критических информационных инфраструктур. Сформулированы принципы, соблюдение которых обеспечивает создание платформ с заданными специальными свойствами. Обобщен опыт создания российской защищенной аппаратно-программной платформы "Синтез-АПП", сертифицированной по требованиям информационной безопасности, обладающей высокой функциональностью, обеспечивающей технологическую и импортонезависимость критической информационной инфраструктуры Российской Федерации, который может быть применен другими странами.

Ключевые слова: аппаратно-программная платформа, защита инфраструктуры, импортонезависимость, информационная безопасность, критическая информационная инфраструктура, технологическая независимость.

Литература

1. Федеральный закон от 26.07.2017 № 187-ФЗ "О безопасности критической информационной инфраструктуры Российской Федерации".

2. Доктрина информационной безопасности Российской Федерации. Утверждена Указом Президента Российской Федерации от 05.12.2016 № 646.

3. Стратегия развития информационного общества в Российской Федерации на 2017 - 2030 годы. Утверждена Указом Президента Российской Федерации от 09.05.2017 № 203.

4. Программа "Цифровая Экономика Российской Федерации". Утверждена Распоряжением Правительства Российской Федерации от 28.07.2017 № 1632-рп.

5. A Generic National Framework for Critical Information Infrastructure Protection (CIIP). ITU, 2007. - 30 p. - www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf (дата обращения: 15.02.2018).

6. National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014. https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity- framework-02l2l4.pdf.CI±IA (дата обращения: 15.02.2018).

7. Critical Information Infrastructures Protection approaches in EU. Final Document | Version 1 | TLP: Green | July 2015. - 19 p. -https://resilience.enisa.europa.eu/enisas-ncss-project/CIIPApproachesNCSS.pdf.EC (дата обращения: 15.02.2018).

8. Михалевич И.Ф. Концепция создания доверенной среды функционирования автоматизированных систем в защищенном исполнении на базе операционной системы "Синтез-ОС". М.: ООО "АйТиСириус", 2012. 50 с. https://www.itsirius.su/resheniya/ (дата обращения: 20.12.2012).

9. Михалевич И.Ф. Проблемы создания доверенной среды функционирования автоматизированных систем управления в защищенном исполнении / Труды XII Всероссийского совещания по проблемам управления (ВСПУ-2014, Москва). М.: Институт проблем управления им. В.А.Трапезникова РАН, 2014. С. 9201-9207.

10. Аттестат № СФ/014-3065 от 10.02.2017 соответствия Комплекса программ "Защищенная операционная система "Синтез" требованиям ФСБ России по защите информации от несанкционированного доступа с использованием средств криптографической защиты информации в автоматизированных информационных системах, расположенных на территории Российской Федерации, 1 класса. Выдан ЦЛСЗ ФСБ России. http://clsz.fsb.ru/certification.htm (дата обращения: 15.02.2018).

11. Свидетельство на товарный знак (знак обслуживания) № 533289 "СИНТЕЗАЙТИС", приоритет товарного знака 03.12.2013 г., зарегистрировано в Государственном реестре товарных знаков и знаков обслуживания РФ 30.01.2015 г.

12. Memorandum of intensions of the parties Red Hat Inc., EMEA Red Hat Limited, "ITSirius" LLC, 2012). - https://www.itsirius.su/part-nery/ (дата обращения: 25.06.2014).

13. Панченко И. PostgreSQL: вчера, сегодня, завтра // Открытые системы. СУБД, 2015, №3. C. 22-27.

Информация об авторе:

Михалевич Игорь Феодосьевич, ФГБУН "Институт проблем управления им. В.А. Трапезникова Российской академии наук", к.т.н., с.н.с., Москва, Россия

i Надоели баннеры? Вы всегда можете отключить рекламу.