Maturity of the country's cybersecurity system in the conditions of war: assessment trends

Dotsenko T. V.; Kuzmenko M. V.

Article

Issue:	2024 №3 (87)
Section:	Economic theory
UDK:	004.056; 005.8; 519.8
DOI:	https://doi.org/10.33271/ebdut/87.034
Article language:	Ukrainian
Pages:	34-43
Title:	Maturity of the country's cybersecurity system in the conditions of war: assessment trends
Authors:	Dotsenko T. V., Sumy State University, Kuzmenko M. V., Sumy State University
Annotation:	Methods. The study used the following methods: an inductive approach to formulating the concept of maturity of the country's cybersecurity system in military conditions; a deductive method to derive the concept of assessing the maturity of the country's cybersecurity system during military operations; content analysis identified the key elements of assessing the maturity of the national cybersecurity system in military operations; strategic analysis identified the main vectors of assessing the problem under study, and the latest approaches to assessing the national cybersecurity system. Results. The latest trends in assessing the maturity of the country's cybersecurity system, taking into account the aspect of military conditions, are identified: the existing regulatory and legal framework at the international and national levels is indicated; the concept of maturity and assessment of the maturity of the country's cybersecurity system during military operations is formulated. The paper outlines the key elements of assessing the maturity of the national cybersecurity system in military operations: adaptability, interoperability, readiness, partnership, cyber reserves, vulnerabilities and threats, and training. The main vectors of assessment are identified: assessment of cyber threats, cyber attacks, infrastructure protection, interaction of cybersecurity actors, level of personnel training; the latest approaches to system assessment are noted. A scheme of future key challenges, trends, and recommendations for assessing the maturity of the national cybersecurity system in wartime has been formed. Novelty. The study of the specifics of assessing the maturity of the country's cybersecurity system identifies key elements, vectors, approaches, and methods for assessing the cyber defence system. Weaknesses and vulnerabilities, existing progress in the development of cyber defence of the system are identified, and the necessary activities to enhance the effectiveness of national security in times of war are identified. Practical value. The experience of previous achievements in the functioning of cybersecurity systems is summarised, the most effective practices and methods of cyber resilience are identified, recommendations for assessing the maturity of the national cybersecurity system in times of war are proposed, which will optimise existing and potential resources, and will help to create the preconditions for further development of the latest model of cyber defence assessment.
Keywords:	Cybersecurity, System maturity, Assessment methods, Cyber defence modelling, Cyber risks, Cyber vulnerabilities
File of the article:	EV20243_034-043.pdf
Literature:	1. Aljohani, T.M. (2024). Cyberattacks on Energy Infrastructures as Modern War Weapons-Part II: Gaps, Standardization, and Mitigation. IEEE Technology and Society Magazine, 43(2), 70-77. https://doi.org/10.1109/MTS.2024.3395697 2. Carlo, A., & Obergfaell, K. (2024). Cyber attacks on critical infrastructures and satellite communications. International Journal of Critical Infrastructure Protection, 46, 100701. https://doi.org/10.1016/j.ijcip.2024.100701 3. Cremer, F., Sheehan, B., Mullins, M., Fortmann, M., Ryan, B.J., & Materne, S. (2024). On the insurability of cyber warfare: An investigation into the German cyber insurance market. Computers & Security, 142, 103886. https://doi.org/10.1016/j.cose.2024.103886 4. Crotty, J., & Daniel, E. (2022). Cyber threat: its origins and consequence and the use of qualitative and quantitative methods in cyber risk assessment. Applied Computing and Informatics, (ahead-of-print). https://doi.org/10.1108/ACI-07-2022-0178. 5. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union. (2022). European Union. http://data.europa.eu/eli/dir/2022/2555/2022-12-27 6. Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC. (2022). European Union. http://data.europa.eu/eli/dir/2022/2557/oj 7. Dotsenko, T., Dvořák, M., Lyeonov, S., & Kovács, A. (2023). Socially relevant factors of organizational mortality of enterprises: context of corporate sustainability in European countries. Economics and Sociology, 16(1), 284-299. DOI:10.14254/2071- 789X.2023/16-1/18. 8. Folino, F., Folino, G., Pisani, F.S., Pontieri, L., & Sabatino, P. (2024). Efficiently approaching vertical federated learning by combining data reduction and conditional computation techniques. Journal of Big Data, 11(1), 77. https://doi.org/10.1186/s40537-024-00933-6 9. Hameed, K., Naha, R., & Hameed, F. (2024). Digital transformation for sustainable health and well-being: a review and future research directions. Discover Sustainability, 5(1), 104. https://doi.org/10.1007/s43621-024-00273-8 10. Hansen, F.S. (2024). The Russian approach to peacekeeping. International Affairs, 100(3), 1023-1042. https://doi.org/10.1093/ia/iiae072 11. INFORMATION SECURITY CONTROLS. (2022). In ISO/IEC 27001:2022 (S. 28-36). IT Governance Publishing. https://doi.org/10.2307/j.ctv30qq13d.8 12. ISO 27002. (2023). In ISO 27001/ISO 27002 (S. 71-76). IT Governance Publishing. https://doi.org/10.2307/jj.9039966.9 13. Jenkins, J., Roy, K. (2024). Exploring deep convolutional generative adversarial networks (DCGAN) in biometric systems: a survey study. Discov Artif Intell 4, 42. https://doi.org/10.1007/s44163-024-00138-z. 14. Kjell Hausken. (2024). Fifty Years of Operations Research in Defense. European Journal of Operational Research, 318, Issue 2, 355-368. https://doi.org/10.1016/j.ejor.2023.12.023. 15. Krawczyk, D., Babenko, V., Yemchuk, L., Lienkov, S., Dzhulii, V., Dzhulii, L., & Muliar, I. (2024). Analysis of Information Security Under the Conditions of Hybrid War in Ukraine: Social Aspects. Management Systems in Production Engineering, 32(2), 235-243. https://doi.org/10.2478/mspe-2024-0023 16. Lyeonov, S., Kuzmenko, O., Yarovenko, H., & Dotsenko, T. (2019). The Innovative Approach to Increasing Cybersecurity of Transactions Through Counteraction to Money Laundering. Marketing and Management of Innovations, 3, 308-326. http://doi.org/10.21272/mmi.2019.3-24. 17. Mario Angelelli, Serena Arima, Christian Catalano, Enrico Ciavolino. (2024). A robust statistical framework for cyber-vulnerability prioritisation under partial information in threat intelligence. Expert Systems with Applications, 255 B. https://doi.org/10.1016/j.eswa.2024.124572. 18. Rasim Alguliyev, Ramiz Aliguliyev, Lyudmila Sukhostat (2024). An approach for assessing the functional vulnerabilities criticality of CPS components. Cyber Security and Applications, Volume 3. https://doi.org/10.1016/j.csa.2024.100058. 19. Rocco, B., Moschovas, M.C., Saikali, S. et al. (2024). Insights from telesurgery expert conference on recent clinical experience and current status of remote surgery. J Robotic Surg, 18, 240. https://doi.org/10.1007/s11701-024-01984-w. 20. Sharma, M. (2024). The World War III and the emerging role of AI based expert systems in cyber defense. In The Emerging Role of AI-Based Expert Systems in Cyber Defense and Security. 21. Sigetová, K., Užíková, L., Dotsenko, T., & Boyko, A. (2022). Recent trends in the financial crime of the world. Financial and Credit Activity Problems of Theory and Practice, 5(46), 258-270. https://doi.org/10.55643/fcaptp.5.46.2022.3897. 22. Schmüser, J., Sri Ramulu, H., Wöhler, N., Stransky, C., Bensmann, F., Dimitrov, D., Schellhammer, S., Wermke, D., Dietze, S., Acar, Y., & Fahl, S. (2024). Analyzing Security and Privacy Advice During the 2022 Russian Invasion of Ukraine on Twitter. Proceedings from: The CHI Conference on Human Factors in Computing Systems. (pp. 1-16). https://doi.org/10.1145/3613904.3642826 23. The EU's Cybersecurity Strategy for the Digital Decade. (2020). European Union. https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52020JC0018 24. Vasylieva, T., Gavurova, B., Dotsenko, T., Bilan, S., Strzelec, M., & Khouri, S. (2023). The Behavioral and Social Dimension of the Public Health System of European Countries: Descriptive, Canonical, and Factor Analysis. Int. J. Environ. Res. Public Health, 20, 4419. https://doi.org/10.3390/ijerph20054419. 25. Xie, J. (2024). Application Study on the Reinforcement Learning Strategies in the Network Awareness Risk Perception and Prevention. Int J Comput Intell Syst, 17 , 112. https://doi.org/10.1007/s44196-024-00492-x. 26. Konventsiia pro kiberzlochynnist, Konventsiia Rady Yevropy (2005). https://zakon.rada.gov.ua/laws/show/994_575#Text 27. Zakon Ukrainy Pro Derzhavnu sluzhbu spetsialnoho zviazku ta zakhystu informatsii Ukrainy №. 3475-IV, 2024. https://zakon.rada.gov.ua/laws/show/3475-15#Text 28. Postanova Kabinetu Ministriv Ukrainy Pro zatverdzhennia Zahalnykh vymoh do kiberzakhystu obiektiv krytychnoi infrastruktury №. 518, 2022. https://zakon.rada.gov.ua/laws/show/518-2019-#Text 29. Postanova Natsionalnoho banku Ukrainy Pro zatverdzhennia Polozhennia pro orhanizatsiiu kiberzakhystu v bankivskii systemi Ukrainy ta vnesennia zmin do Polozhennia pro vyznachennia obiektiv krytychnoi infrastruktury v bankivskii systemi Ukrainy №. 178, 2022. https://zakon.rada.gov.ua/laws/show/v0178500-22#Text 30. Zakon Ukrainy Pro osnovni zasady zabezpechennia kiberbezpeky Ukrainy №. 2163-VIII, 2024. https://zakon.rada.gov.ua/laws/show/2163-19#Text 31. Ukaz Prezydenta Ukrainy Pro rishennia Rady natsionalnoi bezpeky i oborony Ukrainy vid 14 travnia 2021 roku «Pro Stratehiiu kiberbezpeky Ukrainy» №r. 447/2021 2021. https://zakon.rada.gov.ua/laws/show/447/2021#Text