Intelligent decision support system for assessing information security risks of ICS

The relevance of the article is due to the need to ensure information security of industrial control systems (ICS). Loss of control over industrial facilities can lead to undesirable consequences in a particular subject of the state or affect the economic indicators of the country as a whole as well as compromise the safety of the population. In this regard, this article aims to improve the procedure for quantitative assessment of information security risks as a necessary component of an integrated approach to ensuring information security, which helps to assess the feasibility of information security violation scenarios and identify their possible consequences for building an effective protection system. The architecture of a research prototype of an intelligent decision support system and a software implementation of tools for automating the modeling of attack scenarios and assessing the information security risks of ICS have been developed, the use of which makes it possible to increase the reliability and efficiency of information security risk assessment and, consequently, the choice of effective countermeasures at all stages of an industrial facility life cycle and its complex protection systems. The materials of the article are of practical value for information security specialists at all stages of the life cycle of distributed information and control systems of industrial facilities.

1. Papageorgiou E.I. Fuzzy cognitive maps for applied sciences and engineering: from foundations to extensions and learning algorithms. Intelligent Systems Reference Library 54, Springer Science & Business Media. 2013;54:411.

2. Salmeron J.L. et al. Learning fuzzy cognitive maps with modified asexual reproduction optimisation algorithm. Knowledge-Based Systems. 2019;163:723–735.

3. Novokhrestov A.K., Nikiforov D.S., Konev A.A., Shelupanov A.A. Model of threats to automatic system for commercial accounting of power consumption. Proceedings of TUSUR University. 2016;19(3):111–114. (In Russ.).

4. Guzairov M.B., Mashkina I.V. Information security management based on intelligent technologies. Moscow, Mechanical Engineering. 2013; 241 p. (In Russ.).

5. Efimov B.I., Lozhnikov P.S. Analysis of the impact of threats to change and block responses of experts in online survey systems. Journal of Physics: Conference Series. IOP Publishing. 2020;1546(1):012079.

6. Vasilyev V.I., Vulfin A.M., Guzairov M.B. Evaluation of Information Security Risks with Use of Rule-Based Fuzzy Cognitive Maps. Information Security. 2018;24(4):266–273. (In Russ.).

7. Vasilyev V.I., Vulfin A.M., Guzairov M.B., Kartak V.M., Chernjahovskaja L.R. Cybersecurity risk assessment of industrial objects’ ACS of TP on the basis of nested fuzzy cognitive maps technology. Informacionnye tehnologii. 2020;26(4):213–221. (In Russ.).

8. Vasilyev V.I., Vulfin A.M., Kudryavtseva R.T. Analysis and management of information security risks using cognitive modeling technology. Proceedings of TUSUR University. 2017;20(4):61–66. (In Russ.).

9. Noel S., Harley E., Tam K.H., Limiero M., Share M. CyGraph: graph-based analytics and visualization for cybersecurity. Handbook of Statistics. Elsevier. 2016;35:117–167.

10. Yeboah-Ofori A. Cyber security threat modeling for supply chain organizational environments. Future internet. 2019;11(3):63.

11. Zografopoulos I., Ospina J., Liu X., Konstantinou C. Cyberphysical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access. 2021;9:29775–29818.

12. Vasilyev V.I., Kirillova A.D., Kukharev S.N. Cybersecurity of APCS: modern trends and approaches (current state, perspectives). Vestnik UrFO. Security in the Information Sphere. 2018;30(4):66–74. (In Russ.)

13. Vasilyev V.I., Vulfin A.M., Guzairov M.B., Kirillova A.D. Interval Estimation of Information Risks with use of Fuzzy Grey Cognitive Maps. Informacionnye tehnologii. 2018;24(10):657–664. (In Russ.)

14. Vasilyev V.I., Kirillova A.D., Vulfin A.M. Cognitive modeling of the cyber attack vector based on CAPEC methods. Voprosy kiberbezopasnosti. 2021;42(2):2–16. (In Russ.)

15. Vasilyev V.I., Vulfin A.M., Kirillova A.D. Analysis and management of ICS cybersecurity risks based on cognitive modeling. Modeling, Optimization and Information Technology. 2022;10(2). URL: https://moitvivt.ru/ru/journal/pdf?id=1184 DOI: 10.26102/2310-6018/2022.37.2.022 (In Russ.).