Научная статья на тему 'Оценка устойчивости развития критической инфраструктуры Российской Федерации на базе технологии оценки и мониторинга информационной безопасности'

Оценка устойчивости развития критической инфраструктуры Российской Федерации на базе технологии оценки и мониторинга информационной безопасности Текст научной статьи по специальности «СМИ (медиа) и массовые коммуникации»

CC BY
208
25
i Надоели баннеры? Вы всегда можете отключить рекламу.
Ключевые слова
ИНФОРМАЦИОННАЯ БЕЗОПАСНОСТЬ / КРИТИЧЕСКАЯ ИНФРАСТРУКТУРА / ТЕХНОЛОГИЯ ОЦЕНКИ И МОНИТОРИНГА СЛОЖНЫХ ПРОЦЕССОВ / УСТОЙЧИВОЕ РАЗВИТИЕ

Аннотация научной статьи по СМИ (медиа) и массовым коммуникациям, автор научной работы — Михалевич Игорь Феодосьевич, Рыжов Александр Павлович

Информационная безопасность критической инфраструктуры является важной задачей для всех стран, организаций, городов, правительств. Эта проблема сложна, имеет много аспектов; информация о проблеме распределяется между многими источниками, фрагментарна, имеет различную степень надежности, возможное несоответствие, изменение во времени, возможное смещение и т. д. Рассмотрены возможности применения технологии оценки и мониторинга сложных процессов обеспечения информационной безопасности в задаче устойчивого развития критической инфраструктуры Российской Федерации. Предложена структура модели устойчивости критической инфраструктуры. Обсуждаются возможные сценарии использования системы оценки и мониторинга информационной безопасности, аналитические возможности технологии, которая использует два полюса: человеческий интеллект (эксперты) и искусственный интеллект.

i Надоели баннеры? Вы всегда можете отключить рекламу.
iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.
i Надоели баннеры? Вы всегда можете отключить рекламу.

Текст научной работы на тему «Оценка устойчивости развития критической инфраструктуры Российской Федерации на базе технологии оценки и мониторинга информационной безопасности»

ASSESSMENT OF THE SUSTAINABILITY OF THE DEVELOPMENT OF THE CRITICAL INFRASTRUCTURES ON THE BASIS OF INFORMATION SECURITY EVALUATION AND MONITORING TECHNOLOGY

Igor F. Mikhalevich,

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia, [email protected]

Alexander P. Ryjov,

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia, [email protected]

DOI 10.24411/2072-8735-2018-10089

Keywords: information security, critical infrastructure, technology for assessment and monitoring of complex processes, sustainable development.

The concept of sustainable development in many respects echoes the concept of the noosphere put forward by academician V.I. Vernadsky in the middle of the 20th century. Its modern interpretation dates back to the 70s of the last century, when mankind faced the problems of limited natural resources, as well as pollution of the natural environment, which is the basis of life, economic and any human activity. The response to this concern was the creation of international non-governmental scientific organizations to study global processes on Earth, such as the International Federation of Institutes of Advanced Studies, the Club of Rome (with its famous report "Limits of Growth"), the International Institute for System Analysis, and in the USSR - All-Union Institute of System Studies. The 1972 UN Conference on the Human Environment and the establishment of the United Nations Environment Program (UNEP) in Stockholm marked the inclusion of the international community at the state level in the solution of environmental problems that hindered social and economic development. Information security of critical infrastructure is important task for every country, organizations, cities, governments. This problem is complex, have many aspects; information about the problem is distributed among many sources, fragmentary, have various degree of reliability, possible discrepancy, varying in time, possible bias, etc. The paper considers the possibilities of applying the technology of assessment and monitoring of complex processes of ensuring information security in the task of sustainable development of the critical infrastructure. The structure of stability model of the critical infrastructure is proposed. Possible scenarios for the system of information security assessment and monitoring and the analytical possibilities of the technology that uses two poles: the human intellect (experts) and artificial intelligence are discussed.

Information about authors:

Igor F. Mikhalevich, PhD, senior researcher, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia Alexander P. Ryjov, doctor of technical sciences, professor, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, Russia

Для цитирования:

Михалевич И.Ф., Рыжов А.П. Оценка устойчивости развития критической инфраструктуры российской федерации на базе технологии оценки и мониторинга информационной безопасности // T-Comm: Телекоммуникации и транспорт. 2018. Том 12. №5. С. 71-76.

For citation:

Mikhalevich I.F., Ryjov A.P. (2018). Assessment of the sustainability of the development of the critical infrastructures on the basis of information security evaluation and monitoring technology. T-Comm, vol. 12, no.5, pр. 71-76.

Introduction

The Worid Conservation Strategy (WCS), adopted in 1980, for the first time in an international document, included a reference to sustainable development. The second edition of IUCN was called "Care for the Farth - A Strategy for Sustainable Life" and was published in October 1991. It emphasizes that development should be based on the conservation of wildlife, the protection of the structure, functions and diversity of natural systems of the F.arth on which biological species depend. To this end, it is necessary to maintain life support systems (systems of support of life), preserve biodiversity and ensure the sustainable use of renewable resources. There have been studies on environmental safety, which has become part of ensuring national and global security.

National security and global security of the modem world are also highly dependent on information security [1-4]. In particular, blocking access to information, unauthorized modification or disclosure of information are violations of information security. These and other infringements of information security can significantly impede any growth, especially if it concerns critical infrastructures. Therefore, the issues of assessing and monitoring information security are among the priorities for ensuring the sustainable development of critical infrastructures [5-12].

From a technical point of view, stability issues have been studied in the framework of cybernetics. The more closest notion is the concept of homeostasis. Special mathematical models of economic development that take into account the sustainabiiity of development have emerged (for example, the Solow-Swan model, the gravity model, the Ramsey-Kassa-Kupmansa Model, the intersecting generations model, or the Samuelson-Diamond model). Discussion of this problem is also given attention in the Russian-language literature (for example, [ 13, 16J, bibliography [17]), special journals are published [14], consulting companies offer services in the Held of sustainable development [15].

Systematic work with the assessment and monitoring of sustainable development involves the creation of a special system. One of the authors of the work developed a technology for assessment and monitoring of complex processes 118j. It has been successfully used to develop systems for assessing and monitoring the ability of countries to produce special technologies in the nuclear field in the interests of managing international guarantees of the International Atomic Energy Agency [19], evaluating and monitoring the ability of the microelectronics development team to implement the project for Cadence Design Systems [20J, assessment and monitoring of the risks of atherosclerotic diseases [21] and other systems.

This paper presents the authors' vision of a possible solution to the problem of sustainable development of the critical infrastructure of the Russian Federation on the basis of technology for assessing and monitoring complex processes with regard to ensuring information security.

Information security of critical infrastructures

Critical infrastructures - systems and assets, the violation of functioning or destruction of which has a destructive effect on the areas of activity vital for countries (unions). So, for example, in the critical infrastructure of the Russian Federation, the following elements can be identified (sectors, spheres of activity, bodies). These are health care, science, transport, com muni rations, energy, banking and other spheres of the financial market,

fuel and energy complex, nuclear energy, defense industry, rocket and space industry, mining industry, metallurgical industry, chemical industry, federal government bodies, subjects of the Russian Federation government bodies, local self-government bodies, Russian legal entities and individual entrepreneurs, which ensure the functioning and interacting in critical infrastructure [1-5].

The functioning of critical infrastructures is impossible w ithout the information interaction of their elements. This makes the stability of the development of critical infrastructures de pen den I on information security ¡11, 12]. In each critical infrastructure, there is a critical information infrastructure (Cll). As a rule, the composition of Cll includes objects of CD on which information is created, processed and stored, lines and nodes of telecommunication networks used to organize OCII interaction and access to them users, also devices of users and any other terminals.

The Federal law "On the Security of the Critical Information Infrastructure of the Russian Federation" the security of the critical information infrastructure of the Russian Federation (C'lIRF) means as the state of its protection, which ensures the stable operation of the CIIRF in carrying out with respect to its computer attacks.

The importance of the object of the Cll is determined by the possible damage caused to vital interests (processes) in the event ofa violation of object functioning. As criteria of the importance of the object of the Cll, social, political, economic, ecological importance, importance for ensuring defense of the country, security of the state and law and order, and other criteria can be used. When determining the importance of CIIRF objects, estimates are used for each of the importance criteria [4, 5]. So:

• social importance is based on assessment of possible causing damage to life or health of people, the possibility of termination or violation of the functioning of life support facilities, transport infrastructure, telecommunication networks, as well as maximum time of lack of electronic access to justice systems, law and order, state and municipal services, etc. for recipients of such services;

• political importance is based on assessment of possible causing damage to the interests of the country in questions of domestic and foreign policy;

• social importance is based on assessment of possible causing a direct and/or consequential damage to subjects of economic activity;

• social importance is based on assessment of level of a possible environmental damage;

• etc.

Thus, technologies to assess and monitor of information security are important factors for ensuring the sustainabiiity of the development of critical infrastructures and CDs [1,2].

Technology Cor evaluation and monitoring of complex

processes: features of application development

Technology for evaluation and monitoring of complex processes is focused on the development of human-computer systems for evaluation the status and monitoring the development of processes in business, economics, sociology, politics and other areas that are usually called poorly or ill formalized. For such processes it is impossible to construct a mathematical model in the standard sense (in the form of equations, automata, etc.) or the model is very abstract, and its practical use is impossible.

Difficulties are associated not only with the complexity of the processes themselves, hut also with the immeasurability of the values of their parameters in the usual form of numbers; The "measuring instrument" for such parameters is a person. However, there are analysts who decide the task of evaluation and monitoring on a systematic basis, so automation of their work is a meaningful task. Development of such systems is possible when it is possible to construct a semantic model of the process in the form of a set of concepts and their interrelations, and also real information is received and analyzed - training and adjustment are possible.

Basic elements of monitoring system at the top level are the process, the information space, in which information about the state of the process circulates, and experts (analysts, users of the system), working with this information and making conclusions about the state of the process and forecasts of its development (Fig. 1)

Expert

Analyzed h\ \

Information image" Fig. 1. The scheme of the evaluation and monitoring systems

The features of the process, the information image, and the experts (analysts, users of the system) are discussed in [18, 19]. Workflow with systems for evaluation and monitoring of complex processes is presented in Fig. 2.

Expert

information Monitonng System

Who (expert [r>( WlHI (date* lime) Wha< change - ':<— (old taluirl ■ ID (ntW Vol Uf | Based tm :r!r:rnf L>n i- ':>'n :> i:ii pirn)

Information image

Fig. I. The workflow of the evaluation and monitoring f the complex process

The following problems arise in the practical implementation of evaluation and monitoring systems.

It is assumed that the expert describes the degree of inconsistency of the obtained information (for example, the readiness or potential for readiness of certain processes in a countiy [19]) in the form of linguistic values.

The subjective degree of convenience of such a description depends on the selection and the composition of such linguistic values. Let us explain this on a model example.

Example [19]. Let it be required to evaluate the quantity of plutonium. Let us consider two extreme situations.

Situation 1. It is permitted to use only two values: "small" and "considerable quantity".

Situation 2. It is permitted to use many values: "very small", "not very considerable quantity",..., "not small and not considerable quantity",..., "considerable quantity".

Situation 1 is inconvenient. In fact, for many situations both the permitted values may be unsuitable and, in describing them, we select between two "bad" values.

Situation 2 is also inconvenient. In fact, in describing a specific quantity of nuclear material, several of the permitted values may be suitable. We again experience a problem but now due to the fact that we are forced to select between two or more "good" values.

Could a set of linguistic values be optimal in this case?

It is assumed that the system tracks the development of the problem, i.e. its variation with time. It is also assumed that it integrates the evaluations of different experts. This means that one object may be described by different experts. Therefore, it is desirable to have assurances that the different experts describe one and the same object in the most "uniform" way.

On the basis of the above we may formulate the first problem as follows:

Problem I. Is it possible, taking into account certain features of the man's perception of objects of the real world and their description, to formulate a rule for selection of the optimum set of values of characteristics oil the basis of which these objects may be described? Two optimality criteria are possible:

Criterion 1. We regard as optimum those sets of values through whose use man experiences the minimum uncertainty in describing objects.

Criterion 2. If the object is described by a certain number of experts, then we regard as optimum those sets of values which provide the minimum degree of divergence of the descriptions.

This problem may be reformulated as a problem of construction of an optimal set of scale values for measurement in fuzzy linguistic scales [23] from point of view of criterion 1 and criterion 2.

It is shown that we can formulate a method of selecting the optimum set of values of qualitative indications (scale values). Moreover, it is shown that such a method is stable, i.e. the natural small errors that may occur in constructing the membership functions do not have a significant influence on the selection of the optimum set of values. The sets w hich are optimal according to criteria 1 and 2 coincide. Following this method, we may describe objects with minimum possible uncertainty, i.e. guarantee optimum operation of the information monitoring system from this point of view.

Technology evaluation and monitoring assumes the storage of information material (or references to it) and their linguistic evaluations in the system database. In this connection the following problem arises.

Problem 2. Is it possible to define the indices of quality of information retrieval in fuzzy (linguistic) databases and to formulate a rule for the selection of such a set of linguistic values, use

of which would provide the maximum indices of quality of information retrieval?

It is shown that it is possible to introduce indices of the quality of information retrieval in fuzzy (linguistic) databases and to formalize them. It is shown that it is possible to formulate a method of selecting the optimum set of values of qualitative indications which provides the maximum quality indices of information retrieval. Moreover, it is shown that such a method is stable, i.e. the natural small errors in the construction of the membership functions do not have a significant effect on the selection of the optimum set of values. It allows to approve that the offered methods can be used in practical tasks and to guarantee optimum work of information monitoring systems.

Because model of the process has hierarchical structure, choice and selection (tuning) of aggregation operators for the nodes of the model is one more important issue in development IMS. We may formulate this problem as follows:

Problem 3. Is it possible to propose the procedures of information aggregation in fuzzy hierarchical dynamic systems which allow us to minimize contradictoriness in the model of problem/process in systems for evaluation and monitoring?

It is shown that it is possible to propose the following approaches based on different interpretations of aggregation operators: geometrical, logical, and learning-based. The last one includes leaning based on genetic algorithms and learning based on neural networks.

The results of solving problems 1-3 mentioned above are described in detail in [18]. They allow us to develop optimal systems for evaluation and monitoring complex processes from the point of view; of usability.

Thus, the main task of developing an application is to build a process model.

The model of the sustainable development for critical infrastructure

The process model consists of two parts: a structure and rules for aggregating information. A structure is a tree or a graph without cycles, whose vertices are the concepts of the domain, the edges are the connections between them. An example of the structure of the process of assessing and monitoring the information security of the KII RF is shown in Fig. 3.

Fig. 3. Example of the Cl 11J model's structure

The logic of the work of the model is set by the information aggregation operators, which calculate the evaluations of the toplevel nodes depending on the values of the evaluations of the subordinate nodes. The configuration of the model for a particular task consists in training the operators of information aggrega-

tion. The classification of information aggregation operators, the conditions for their applicability, and these training procedures are described in detail in [22].

At the upper level, the factors of sustainable development can be divided into external and internal. The factors of the external environment have a direct or indirect influence on the activities of the enterprise and operate outside of it. Therefore, to ensure the sustainability of their functioning, companies must respond promptly to changes in the external environment (legislation, market conditions and trends, investors' requirements, etc.) and make effective decisions. The factors of the internal environment (the organizational structure of the company, the efficiency of production processes, the composition and qualifications of personnel, the organization of work and management methods, the state of the material and technical base and technology) have a significant impact on the sustainability of enterprise development and are more controlled.

Note that often this model is used in mature business structures - a balanced scorecard (Balanced ScoreCard). If one of the organization's strategic goals is sustainable development, then the relevant part of the balanced scorecard can be a model for the assessment and monitoring system. Otherwise, the model is built on the same principles and using the same mechanisms as the balanced scorecard.

Possible scenarios use of the assessment and monitoring system in the task of assessing the sustainable development of critical infrastructures

It should be noted that various aspects of the system for assessing and monitoring sustainable development are in one way or another present in any organization that provides the operation of the objccts of the Cll and of the critical infrastructure, and they are the zone of responsibility of various divisions. For example, assessment and monitoring of information security in the organization is conducts by security office (SO), assessment and monitoring of environmental factors is conducts by SO, IT, PR/GR, legal office, marketing office, assessment and monitoring of internal environment factors is conducts by SO, IT, HR, production units.

The introduction of the system of assessment and monitoring of sustainable development will allow to have a complete picture of this work in the CIIs and critical infrastructures as a whole. This effect is achieved due to the fact that the model (due to its structure - a tree or a graph without cycles) can be "cut" into a number of submodels. Each service of the company can work w:ith its fragment of the model. This is how it is now. But with the use of the system, this work will be more transparent, measurable and enabling the solution of additional analytical problems, and the company's management will have an integral picture of the company's sustainability state (Figure 4).

Within the framework of evaluation and monitoring systems, it is possible to solve the direct and inverse problems of evaluation and monitoring the sustainability of the critical information infrastructure protection (CUP) of the Russian Federation.

The direct problem is to find the critical paths, i.e. such elements of the model, a small change of w hich leads to a change in all overlying nodes, including the upper one. Knowledge of such elements is of big practical importance and allows to identify the "weak points" in the process at the current time, to develop measures to block unwanted situations or provoke the desired ones, i.e. manage the development of the process in the interests

of the company. For a large class of information aggregation operators, it is possible to calculate the degree of criticality of each element of the model [22]. The problem can also be solved by a search for a fairly compact model.

,C!IP

so

Fig. 4. Decomposition of CUP evaluation and monitoring

The inverse problem allows to optimize the budget for achieving a certain level of sustamability. If a budget is specified and we know the cost of changing the status of the model node, then it is possible to find those nodes whose change is within the specified budget and gives the maximum effect of increasing the company's susiainability. Under the given conditions, it is possible to solve the associated problem: to find the minimum budget that allows to achieve the necessary level of stability.

The above tasks can be solved both within the framework of the model fragments (optimization of the work of the corresponding objects of the CHIP) and the model as a whole (optimization of the CIIP for improving the stability of the critical infrastructure of the Russian Federation),

Conclusion

Information security of critical infrastructure is important task for every organizations, cities, governments. This problem is complex, have many aspects; information about the problem is distributed among many sources, fragmentary, have various degree of reliability, possible discrepancy, varying in time, possible bias, etc. For sustainable development of the critical infrastructures we propose to use technology for evaluation and monitoring of complex processes we have successfully used for similar applications like evaluation and monitoring of states' nuclear activities [19].

Our logic is very simple. Actually, we have a very limited choice for basic technology for such systems. We have two poles: human intelligence (experts) and artificial intelligence (Fig. 5). Our idea is to use human-computer technology as a mix of human and computer advantages.

Idea Experts doing all Problem rut scalane, not reliable, Biased

Idea: Computers doing all Problem: not res 11 sue lor now

r J L. I

r Ku ma n corr pu'.pr ire h no logy for evaluation the status ana monitoring the progress of complex precesses

Idea Use human (intu: on) and computer (computational power] advantages Problem: no insurmountable problems

Fig. 5. Spectrum of basic technologies

Note that several universities and companies try to use similar ideas [24, 25]. We agree with IBM vision: "At IBM, we are guided by the term "augmented intelligence" rather than "artificial intelligence." It is the critical difference between systems that enhance and scale human expertise rather than those that attempt to replicate all of human intelligence. We focus on building practical AI applications that assist people with well-defined tasks." [25]. In this terminology, our technology is augmented intelligence for development of the critical infrastructures.

We have solutions for all fundamental problems for development augmented intelligence (problems 1-3 above), and we have all necessary prerequisites for development this application.

References

iНе можете найти то, что вам нужно? Попробуйте сервис подбора литературы.

1. The Doctrine of Information Security of the Russian Federation. Approved by the Decree of the President of the Russian Federation of 05.12.2016 №646.

2. Strategy of the Information Society Development in the Russian Federation for 2017 - 2030. Approved by ihe Decree of the President of the Russian Federation of 09,05.2017 № 203.

3. Federal Law of 26,07,2017 № 187-FL "On the Security of the Critical Information Infrastructure of the Russian Federation".

4. Critical Infrastructure Threat Information Sharing Framework. A Reference Guide for the Critical Infrastructure Community. USA Homeland Security, October 2016, 110 p.

5. Rules for categorizing critical information infrastructure of the Russian Federation. Approved by Resolution of the Government of the Russian Federation of 08.02.2018 № 127.

6. List of indicators of criteria for the significance of critical information infrastructure of the Russian Federation and their significance. Approved by the Resolution of the Government of the Russian Federation of08.02.2018.Na 127.

7. Critical infonnation Infrastructures Protection approaches in EU. Final Document | Version I | TLP: Green | July 2015. 19 p. https://resilience.enisa.europa.eu/enisas-ncss-

proj ec t/C 11P A pproae hesNCSS.pdf,

8. Malt Barrett, Jeff Marron, Victoria Yan Pillitteri, Jon Boyens, Greg Witte, Larry Feldman. The Cybersecurity Framework. Implementation Guidance for Federal Agencies. Draft Report 8170. U.S. Department of Commerce. National Institute of Standards and Technology Interagency. May 2017. 41 p. https://csrc.nist.gov/csrc/mediaj' publica-tions/nistir/8170/draft/documents/nistir8170-draft.pdf.

9. Don Snyder, James D. Powers, Elizabeth Bodine-Baron, Bernard Fox, Lauren Kendrick, Michael H, Powell. Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles. 74 p. https://www.rand.org/content/dam/rand/pubs/research_repons.'RR1000/ RR1007/RANDRR4 007.pdf.

10. A Generic National Framework for Critical Information Infrastructure Protection (CUP). ITU, 2007. 30 p. www.itu.int/lTU-D/cy b/cy be rsec u ri ty/d ocs/ge n eri c -na t i o n a I - fra m e work - fo r-c i i p. pd f.

11. Igor F. Mikhalevich, "The conception of creating a trusted environment for the functioning of automated systems in a secure execution on the basis of an operating system "Sintez-OS"", Moscow: ITSirius LLC, 2012. 50 p. https://www.itsirius.su/reslieniya/ (date of the address: 20.12,2012).

12. Igor F. Mikhalevich, "Problems of creation of the entrusted environment of functioning of automated coniro! systems in the protected execution", Works Xll of the All-Russian meeting on control problems (ARMCP-2014. Moscow), Moscow: ICS of RAC, 2014. pp. 9201-9207.

13. Criteria of sustailiability of entrepreneurial activity in the conditions of the world economic recession. Journal of Russian Entrepre-neumhip №. 1, vol. 2 (176), 2011. - P. 57-61.

14. Sustainable business. Expert Business Journal, http://csrjournal.com.

15. Overview of services in the field of clean technologies and sustainable development. Ernst & Young. http://www.ey.com/RU/ni/ Ser-viees/Specialty-Serv ices/CI i mate-Change-and-Sustainability-Serv ices.

16. Korcliagina E.V. Comparative analysis of the reporting of sustainable development of Russian and foreign companies. Problems of the modern economy, № 4 (28), 2008.

17. http://wvvw. m-economy .ru/keyword.php?id=3209&l=R.

18. Ryjov A.P. Information monitoring of complex processes: technological and mathematical foundations. Intellectual systems, vol. 11, no. 1-4, 2008. - P. 101-136.

19. Ryjov A.P., Belenki A., Hooper R., Pouchkarev V., Fattah A,, Zadch L. A. Development of an Intelligent System for Monitoring and Evaluation of Peaceful Nuclear Activities (D1SNA). IAEA, STR-310. Vienna, 1998, 122 p.

20. Lebedev A.A., Ryjov A.P. Evaluation and monitoring of projects for the development of high-tech products using the example of microelectronics. Intellectual Systems, vol, 11, no. 1-4, 2008. pp. 55-82,

21 Akhmedzhanov N.M., Zhukotsky A.V., Kudryavtsev V,R,, Oganov R.G., Rastorguev V.V., Ryjov A.P., Strogalov A.S. Information monitoring in the problem of predicting the risk of developing cardiovascular diseases. Intellectual Systems, Vol. 7, no. 1-4, 2003. Pp. 5-38.

22. Ryjov A.P. On the aggregation of information in fuzzy hierarchical systems. Intellectual systems. Vol. 6, no. 1-4, 2001. P. 341,

23. Ryjov A.P. The principles of fuzzy set theory and measurement offitzziness, Moscow, Dialogue-Moscow State University, 1998, II6 p.

24 Human-machine super-intelligence may tackle world's problems. The economic times. Science. Jan 01, 2016. https://economictimes.indiatimes.com/news/science/human-machine-super-i nte lligence-may-tac k I c- wo r I ds-p rob Iems/a rt i c lesho w/50404783. cms?intenttarget=no.

25. Preparing for the Future of Artificial Intelligence, http://research.ibm.com/cognitive-comput ¡flgjtostp/rfi-response.shtml.

ОЦЕНКА УСТОЙЧИВОСТИ РАЗВИТИЯ КРИТИЧЕСКОЙ ИНФРАСТРУКТУРЫ РОССИЙСКОЙ ФЕДЕРАЦИИ НА БАЗЕ ТЕХНОЛОГИИ ОЦЕНКИ И МОНИТОРИНГА

ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ

Михалевич Игорь Феодосьевич, Институт проблем управления им. В.А. Трапезникова РАН, Москва, Россия,

[email protected]

Рыжов Александр Павлович, Институт проблем управления им. В.А. Трапезникова РАН, Москва, Россия,

[email protected]

Дннотация

Информационная безопасность критической инфраструктуры является важной задачей для всех стран, организаций, городов, правительств. Эта проблема сложна, имеет много аспектов; информация о проблеме распределяется между многими источниками, фрагментарна, имеет различную степень надежности, возможное несоответствие, изменение во времени, возможное смещение и т. д. Рассмотрены возможности применения технологии оценки и мониторинга сложных процессов обеспечения информационной безопасности в задаче устойчивого развития критической инфраструктуры Российской Федерации. Предложена структура модели устойчивости критической инфраструктуры. Обсуждаются возможные сценарии использования системы оценки и мониторинга информационной безопасности, аналитические возможности технологии, которая использует два полюса: человеческий интеллект (эксперты) и искусственный интеллект.

Ключевые слова: информационная безопасность, критическая инфраструктура, технология оценки и мониторинга сложных процессов, устойчивое развитие.

Литература

1. Доктрина информационной безопасности Российской Федерации. Утверждена Указом Президента Российской Федерации от 05.12.2016 № 646.

2. Стратегия развития информационного общества в Российской Федерации на 2017 - 2030 годы. Утверждена Указом Президента Российской Федерации от 09.05.2017 г. № 203.

3. Федеральный закон от 26.07.2017 г. № 187-ФЗ "О безопасности критической информационной инфраструктуры Российской Федерации".

4. Critical Infrastructure Threat Information Sharing Framework. A Reference Guide for the Critical Infrastructure Community. USA Homeland Security, October 2016. 110 p.

5. Правила категорирования объектов критической информационной инфраструктуры Российской Федерации. Утверждены постановлением Правительства Российской Федерации от 08.02.2018 г. № 127.

6. Перечень показателей критериев значимости объектов критической информационной инфраструктуры Российской Федерации и их значения. Утвержден постановлением Правительства Российской Федерации от 08.02.2018 г. № 127.

7. Critical Information Infrastructures Protection approaches in EU. Final Document | Version 1 | TLP: Green | July 2015. 19 p. https://resilience.enisa.europa.eu/enisas-ncss-project/CIIPApproachesNCSS.pdf.

8. Matt Barrett, Jeff Marron, Victoria Yan Pillitteri, Jon Boyens, Greg Witte, Larry Feldman. The Cybersecurity Framework. Implementation Guidance for Federal Agencies. Draft Report 8170. U.S. Department of Commerce. National Institute of Standards and Technology Interagency. May 2017. 41 p. https://csrc.nist.gov/csrc/media/publications/nistir/8l70/draft/documents/nistir8l70-draft.pdf.

г r\

9. Don Snyder, James D. Powers, Elizabeth Bodine-Baron, Bernard Fox, Lauren Kendrick, Michael H. Powell. Improving the Cybersecurity of U.S. Air Force Military Systems Throughout Their Life Cycles. 74 p. https://www.rand.org/content/dam/rand/pubs/research_reports/RRI000/RRI007/RAND_RRI007.pdf.

10. A Generic National Framework For Critical Information Infrastructure Protection (CIIP). ITU, 2007. 30 p. www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf.

11. Михалевич И.Ф. Концепция создания доверенной среды функционирования автоматизированных систем в защищенном исполнении на базе операционной системы "Синтез-ОС". М.: ООО "АйТиСириус", 20I2. 50 с. https://www.itsirius.su/resheniya/ (дата обращения: 20.I2.20I2).

12. Михалевич И.Ф. Проблемы создания доверенной среды функционирования автоматизированных систем управления в защищенном исполнении / Труды XII Всероссийского совещания по проблемам управления (ВСПУ-20И, Москва). М.: Институт проблем управления им. В.А.Трапезникова РАН, 20I4. С. 920I-9207.

13. Критерии устойчивости предпринимательской деятельности в условиях мировой экономической рецессии // Российское предпринимательство № I, вып. 2 (I76), 20II. С. 57-6I

14. Устойчивый бизнес. Экспертный деловой журнал. http://csrjournal.com.

15. Обзор услуг в области чистых технологий и устойчивого развития. Ernst & Young. http://www.ey.com/RU/ru/Services/Specialty-Services/Climate-Change-and-Sustainability-Services.

16. Корчагина Е.В. Сравнительный анализ отчетности устойчивого развития российских и зарубежных компаний // Проблемы современной экономики. № 4 (28), 2008.

17. http://www.m-economy.ru/keyword.php?id=3209&l=R.

18. Рыжов А.П. Информационный мониторинг сложных процессов: технологические и математические основы // Интеллектуальные системы, т. II, вып. I-4, 2008. С. I0I-I36.

19. Ryjov A., Belenki A., Hooper R., Pouchkarev V., Fattah A., Zadeh L.A. Development of an Intelligent System for Monitoring and Evaluation of Peaceful Nuclear Activities (DISNA). IAEA, STR-3I0. Vienna, I998, I22 р.

20. Лебедев А.А., Рыжов А.П. Оценка и мониторинг проектов разработки высокотехнологичных изделий на примере микроэлектроники // Интеллектуальные системы, т. II, вып. I-4, 2008. С. 55-82.

21. Ахмеджанов Н.М., Жукоцкий А.В., Кудрявцев В.Б., Оганов Р.Г., Расторгуев В.В., Рыжов А.П., Строгалов А.С. Информационный мониторинг в задаче прогнозирования риска развития сердечно-сосудистых заболеваний // Интеллектуальные системы, т. 7, вып. I-4, 2003. С. 5-38.

22. Рыжов А.П. Об агрегировании информации в нечетких иерархических системах // Интеллектуальные системы, т. 6, вып. I-4, 200I. С. 34I.

23. Рыжов А.П. Элементы теории нечетких множеств и измерения нечеткости. М.: Диалог-МГУ, I998. II6 с.

24. Human-machine super-intelligence may tackle world's problems. The economic times. / Science. Jan 0I, 20I6. https://economic-times.indiatimes.com/news/science/human-machine-super-intelligence-may-tackle-worlds-problems/articleshow/50404783.cms?intent-target=no.

25. Preparing for the Future of Artificial Intelligence. http://research.ibm.com/cognitive-computing/ostp/rfi-response.shtml. Информация об авторах:

Михалевич Игорь Феодосьевич, Институт проблем управления им. В.А. Трапезникова РАН, к.т.н., с.н.с., Москва, Россия Рыжов Александр Павлович, Институт проблем управления им. В.А. Трапезникова РАН, д.т.н., профессор, Москва, Россия

7Т\

i Надоели баннеры? Вы всегда можете отключить рекламу.