Currently, when creating and operating complex multilevel systems (CMS) for the management of complex technogenic objects (CTO), the main task is to improve efficiency, which is associated with increasing technical and software complexity. In this regard, the requirements for both the reliability of the components that make up the system and the reliability and performance of the decision-maker (DM) are being raised.

Although the decision-making process is significantly influenced by the human factor, the efficiency and quality of management also depend on the speed and timeliness of receiving the necessary and reliable information about objects and processes by operational and control personnel (OCP) responsible for decision-making in emergencies.

The safe operation of man-machine systems (MMS) depends significantly on information and communication technologies and their cyberinfrastructure. At present, traditional security measures are mainly used, such as authentication, access control, authorization, data encryption, public key infrastructure, firewalls, intrusion detection systems, network security protocols, etc. However, recent cyber attacks on critical systems around the world have shown a significant gap between the ability to protect and restore traditional systems and new security requirements, especially in the context of the intellectualization of the technologies of MMS for the management of critical objects.

Moreover, insufficient attention has been paid to the issues of assessing and providing comprehensive information security for the process of relevant decision making support (RDM), in distributed MMS for management of technogenic objects, associated with the occurrence of hazardous situations under uncertainty and the impact of non-factors on the process of managerial decision-making and implementing due to the imperfection of the mathematical, statistical and intellectual tools used to solve this problem.

Thus, an urgent scientific problem is to improve the functional security of MMS for the management of technogenic objects through the development and implementation of methods and technologies for monitoring, assessment, and provision of comprehensive information security of the RDM support process.

The solution to this problem is presented in the results of the following scientific studies.

Cybersecurity Risk Assessment [ 1 ] states that cybersecurity in the management of a technogenic object is an important issue that can lead to serious hazards in the event of an accident. To assess the cybersecurity risks of nuclear plant control systems, the paper proposes a probabilistic method using the Bayesian network (BN) model and event tree.

In [ 2 ] the methods of risk assessment for SCADA systems are considered and analyzed in detail. The essence of methods is described, stages of risk management are considered, the scheme of classification of methods for the estimation of risks of cybersecurity is proposed. In [ 3 ], a wide range of threats that lead to cybersecurity risk was studied, a database of actual losses in the event of these threats was created, and a loss analysis was performed using statistical and actuarial mathematics methods. Improving the model of cybersecurity risk assessment using a fuzzy logic apparatus that takes into account four risk factors: vulnerability, threat, probability, and impact was proposed in [ 4 ].

In [ 5-7 ] methods are proposed that enable determining the total risk of cybersecurity of critical infrastructure, the total damage due to multiple cyber threats, the total amount of damage due to cyber threats over a period of time, the probability of maximum losses as a result actions of cyber threats. It is also noted that the process of identifying and assessing the risk of irrelevant decisions under the influence of cyber threats is the basis and grounds for research in the field of analysis and improvement of existing and invention of new methods of risk assessment, its accuracy, and applying mathematical operations to risks.

In [ 8 ], the human factor was noted to play an important role in modern complex dynamical systems (CDS), in accidents and catastrophes. It is noted that little attention is paid to the problems of risks associated with the informational and cognitive aspects of human-machine interaction. It is recommended that the design and operation of CDS take into account the risks of irrelevant decision-making arising in unpredictable conditions, as well as special requirements for the human psychophysiological state and his or her admission to perform particularly responsible work. It is also noted that the informational and cognitive aspects of human factor engineering play a key role in the safety, reliability, and efficiency of CDS in the management of critical objects.

Therewith, the analysis of the research subject area showed the lack of effective information technology capable of providing comprehensive information security in the process of supporting RDM in the distributed MMS for the management of technogenic objects.

In this regard, to develop the theory of assessment and provision of the effective management of critical objects, we propose the information technology to assess and ensure comprehensive information security of the process of supporting RDM in the MMS for the management of technogenic objects.

A review, systematization, and generalization of publications on the analysis, assessment, and management of critical MMS show that in addition to system parameters, the impact of non-factors of the external and production environment on the human factor, management efficiency depends on the impact of information indicators security for the RDM support process during the operation of the system.

Based on the results of the analysis of the literature sources, it is noted that in the RDM support process, the following groups of factors, shown in the information model below, have the most significant impact on the set of information security indicators (Figure 1) [ 9 ]. Provision of the information security of the RDM support process is characterized by the following important non-factors.

12 - assignment of access rights (privileged) - the process of determining access rights to the DB or DBMS. Privilege is based on a hierarchical structure; it has a flexible scenario that allows maximizing the database security; N - the impact of user actions. Unintentional actions lead to changes in parameters and algorithms of system functioning. Intentional actions are aimed at obtaining unauthorized access to information or violation of the system operation; 7. Hardware failures are equipment failures, physical impacts on the system, and equipment integrity. Having different degrees of protection from external impacts, complete data protection or operability of all system is not guaranteed; X - state of the technological process; Z - the influence of the external environment on the DM; Y - indicators of psychological and mental factors of DM; E - software failures; V - consistency of data in the database and the relationships between tables; W - data availability, correct work with the database; 3 - confidentiality of data in the system and the database, 1 - the integrity of the data stored in the database; T - the impact of the actions of administrators, provides an assessment of the negative impact of users with administrator rights on the information in the database and system; 11 - data security, provides an assessment of the security of the database from hacking and data substitution; 5 - reference value - information on the quality of the relational database, which consists in the absence in any respect of foreign keys that refer to non-existent tuples; D - risk assessment of making irrelevant decisions; alternatives (A) - a sample of relevant alternatives to DMS from KB; P - the result of the search for relevant solutions of the RDM, taking into account the relevant impact factors; R - state of information security for making relevant decisions by DM. Since the risk of irrelevant decision making is determined by the simultaneous impact of a set of information security non-factors, one of the stages of its assessment is to identify causal relationships and dependencies between these factors, which will make it possible to assess the change in the probability of risk in the event of a change in the probability of the occurrence of some events. The traditionally used probabilistic approach to uncertainty determination in Bayesian models is not always applicable due to the lack of statistical information about the state of a complex system. To solve this problem, fuzziness was introduced into the BN in the following way [ 10, 11 ]. The unconditional and conditional probabilities at the BN's vertices are represented by fuzzy numbers obtained as a result of expert evaluation of a vertex's ability to take a particular value, and the common operations of BN-based calculation are replaced by extended operations on fuzzy numbers [ 12 ]. Herewith, the introduction of fuzziness will make it possible to analyze poorly formalized information.

For the assessment of complex information security of the DMS process in the MMS for the management of technogenic objects, the following BN was built (Figure 2).

It is assumed that all the vertices of the proposed Bayesian network (Figure 3) take only two values. vertex N takes values n1 - "low", n2 - "high"; vertex T takes values t1 - "low", t2 - "high"; vertex E takes values e1 - "does not occur", e2 - "occur"; vertex X takes values x1 - "workable", x2 - "unworkable"; vertex Y takes values y1 - "norm", y2 - "non-norm"; vertex Z takes values z1 - "norm", z2 - "non-norm"; vertex D takes values d1 - "low", d2 - "high"; vertex A takes values a1 - "sufficient", a2 - "insufficient"; vertex V takes values v1 - "consistency", v2 - "inconsistency"; vertex W takes values w1 - "sufficient", w2 - "insufficient"; vertex Q takes values q1 -"reliable ", q2 - " unreliable "; vertex R takes values r1 -"protected", r2 - "unprotected"

Since the values of the unconditional probabilities of the root vertices N, T, E and the conditional probabilities of the remaining vertices are established on the basis of the results of the expert survey, they are determined vaguely, i.e. are fuzzy sets. Therefore, fuzziness is introduced into the Bayesian network (1) as follows [ 13 ].

All unconditional and conditional probabilities of the considered Bayesian network are given in the form of fuzzy trapezoidal numbers L(l1, l2, l3, l4), having a distribution function set by the formula:

0, < 1 ⎧⎪ − 1 ⎪

> 4, , 1 ≤ ≤ 2, 2 − 1 ( ) = ⎨ 1, 2 ≤ ≤ 3, ⎪ 4 − ⎪ , 3 < ≤ 4, ⎩ 4 − 3 where: l1≤ l2≤l3≤l4– certain real numbers.

~

A fuzzy trapezoidal number L (l1, l2 , l3, l4 ) is also represented [ 14 ] as a tuple of four numbers: ~ L (a, b,α ,β ) , where a=l2 and b=l3 - respectively, the lower and upper modal values of the number ~ L~ ; α = l2 − l1 and β = l4 − l3 – left and right fuzziness coefficients L .

Application of the extension principle to arithmetic operations and trapezoidal fuzzy numbers ~ [ 14 ] leads to the following rules for adding and subtracting fuzzy numbers L (l1, l2 , l3, l4 ) and ~ ~ ~ M (m1, m2 , m3 , m4 ) [ L (a1, b1,α 1,β1 ) и M (a2 ,b2 ,α 2 ,β 2 ) ]:

L(l1,l2 ,l3,l4 ) ⊕ M (m1, m2 , m3, m4 )

=m1,l2 S(l1 + + m2 ,l3 + m3,l4 + m4 ), L(a1,b1,α1,β1) ⊗ M (a1,b1,α1,β1)

=H (a1a2 ,b1b2 , a1α 2 + a2α1,b1β 2 + b2β1)

It is assumed that the fuzzy numbers are positive, i.e. li≥0, mi≥0, (i = 1, n) ; signs ⊕ and ⊗ denote the operations of addition and multiplication of fuzzy numbers. ~ ~

Fuzzy probability under (Ω,ε ) is understood [ 13 ] as a function Pf :ε → L , that satisfies the following conditions:

~ ~ ~ 1. 0  Pf ( A)  1, ∀A ∈ε are inconsistent values from ε ( A ∩ B = ∅) , then if A and B are values from ε , and ×~ is a certain fuzzy arithmetic operation, then: ~ ~ 0, if Pf ( A) ×~ P~f (B) ≤ 0 ~  ~ ~ ~ ~ Pf ( A) ×~ P~f (B) = Pf ( A) ×~ P~f (B), if 0 ≤ Pf ( A) ×~ P~f (B) ≤ 1 ~ ~ ~ 1, if Pf ( A) ×~ P~f (B) ≥ 1

Here Ω – is the universal set defining the variable A, ε ; is a set of inconsistent numbers A; ~ ~ ~ ~ L – a set of fuzzy numbers; 0 and 1 – fuzzy numbers 0 and 1; (Ω,ε , Pf ) – fuzzy probability space.

Condition 4) imposes restrictions on the result of fuzzy operations with values of fuzzy probabilities so that condition 1) is guaranteed to be fulfilled.

To compare fuzzy numbers in condition 4), the following approach is used. It is considered, that of two fuzzy numbers, the greater is the one, the defuzzification value of which is greater. For fuzzy numbers ~0 and ~1 , defuzzification values are taken equal to crisp numbers 0 and 1, respectively.

For the rest of the fuzzy numbers, the center of gravity method is chosen as the defuzzification ~ method, which for trapezoidal fuzzy numbers L (l1,l2 ,l3 ,l4 ) takes the following form [ 14 ]: n1 n2 N n1 n2 T t1 t2

= ∫∫1414 (( )) = 13 ⋅ − 1 − 2 + 3 + 4 ~ where L – defuzzification result, "exact" value of a fuzzy number L .

− 12 − 22 + 32 + 42 − 1 2 + 3 4

Pf ( X = x1 | N )

(0.00; 0.05; 0.15; 0.2) The procedure for calculating the value of probabilities of a fuzzy Bayesian network includes the following stages. At the first stage, fuzzy unconditional probabilities of vertices X, Y, Z, D, A that have one parent vertex are calculated as follows:

Pf ( X =xi ) =⊕ Pf ( N , X

N

2 =xi ) =⊕ Pf ( N =nk , X k=1

=xi ) = 2 =⊕ Pf ( N k=1 Pf (Y

2 =yi ) =⊕

k=1 =nk ) ⊗ Pf ( X =xi | N

=nk ), Pf ( N =nk ) ⊗ Pf (Y =yi | N =nk ) , Pf (Z =zi )

2 =⊕ Pf ( N k=1 =n ) ⊗ Pf (Z k =zi | N =nk ) , (2) (2) Pf (D =di )

2 =⊕ Pf (T k=1 =tk ) ⊗ Pf (D =di | T

=tk ) , 2 Pf ( A =ai ) =⊕ Pf (T =tk ) ⊗ Pf ( A =ai | T =tk ) , (i =1, 2 ).

k=1

At the second stage, fuzzy unconditional probabilities of vertices Q, V, W having three parent vertices are calculated as follows:

X,T,E P (Q =q ) =  P (X,T,E,Q =q ) =  

⊕ f i f i     =P (X =x ,T =t ,E =e ,Q =q )⊕ P (X =x ,T =t ,E =e ,Q =q )⊕

f 1 1 1 i f 1 1 2 i      ⊕P (X =x ,T =t ,E =e ,Q =q )⊕ P (X =x ,T =t ,E =e ,Q =q )⊕

f 1 2 1 i f 1 2 2 i      ⊕P (X =x ,T =t ,E =e ,Q =q )⊕ P (X =x ,T =t ,E =e ,Q =q )⊕

f 2 1 1 i f 2 1 2 i     ⊕P (X =x ,T =t ,E =e ,Q =q )⊕ P (X =x ,T =t ,E =e ,Q =q ) = f 2 2 1 i f 2 2 2 i         = P (x )⊗ P (t )⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 1 f 1 f 1 f i 1 1 1          ⊕P (x )⊗ P (t )⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 1 f 1 f 2 f i 1 1 2          ⊕P (x ) ⊗ P (t ) ⊗ P (e ) ⊗ P (q | x ,t ,e ) ⊕

f 1 f 2 f 1 f i 1 2 1          ⊕P (x )⊗ P (t ) ⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 1 f 2 f 2 f i 1 2 2          ⊕P (x )⊗ P (t )⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 2 f 1 f 1 f i 2 1 1          ⊕P (x )⊗ P (t )⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 2 f 1 f 2 f i 2 1 2          ⊕P (x )⊗ P (t )⊗ P (e )⊗ P (q | x ,t ,e )⊕

f 2 f 2 f 1 f i 2 2 1         ⊕P (x )⊗ P (t ) ⊗ P (e )⊗ P (q | x ,t ,e ) , f 2 f 2 f 2 f i 2 2 2

D,E,Q P (V =v ) =  P (D,E,Q,V =v ) =  

⊕ f i f i (3)     =P (D =d ,E =e ,Q =q ,V =v ) ⊕ P (D =d ,E =e ,Q =q ,V =v ) ⊕

f 1 1 1 i f 1 1 2 i      ⊕P (D =d ,E =e ,Q =q ,V =v ) ⊕ P (D =d ,E =e ,Q =q ,V =v ) ⊕

f 2 1 1 i f 2 1 2 i     ⊕P (D = d ,E =e ,Q = q ,V =v ) ⊕ P (D = d ,E =e ,Q = q ,V =v ) = f 2 2 1 i f 2 2 2 i

        ==P(d )⊗ P (e )⊗ P (q )⊗ P (v | d ,e ,q )⊕

f 1 f 1 f 1 f i 1 1 1          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕

f 1 f 1 f 2 f i 1 1 2          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕ f 1 f 2 f 1 f i 1 2 1 (4)          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕

f 1 f 2 f 2 f i 1 2 2          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕

f 2 f 1 f 1 f i 2 1 1          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕

f 2 f 1 f 2 f i 2 1 2          ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ⊕

f 2 f 2 f 1 f i 2 2 1         ⊕P (d ) ⊗ P (e ) ⊗ P (q ) ⊗ P (v | d ,e ,q ) ,

f 2 f 2 f 2 f i 2 2 2

At the third stage, fuzzy unconditional probabilities of a leaf vertex R which has two parent vertices are calculated as follows:     = P (V = v ,W = w ,R = r ) ⊕ P (V = v ,W = w ,R = r ) ⊕ f 1 1 i f 1 2 i (3) (5) ⊕ Pf (V = v2 ,W = w1, R = ri ) ⊕ Pf (V = v2 ,W = w2 , R = ri ) =

==Pf(v1) ⊗ Pf (w1) ⊗ Pf (ri | v1, w1) ⊕ ⊕ Pf (v1) ⊗ Pf (w2 ) ⊗ Pf (ri | v1, w2 ) ⊕ ⊕ Pf (v2 ) ⊗ Pf (w1) ⊗ Pf (ri | v2 , w1) ⊕ ⊕ Pf (v2 ) ⊗ Pf (w2 ) ⊗ Pf (ri | v2 , w2 ) , (i =1,2 ).

(6)

For the practical evaluation of the proposed models, the following experiment was carried out.

Let information security be influenced by the actions of users (factor N) and administrators (factor T) in the system and database with a low probability value, and software failure (factor E) is of low probability. The result of estimating the probability of the influence of the above factors ~ ~ ~ is presented in the form of fuzzy probabilities Pf ( N ), Pf (T ), Pf (E) , given by trapezoidal fuzzy numbers in Table 4. Taking into account the expert estimates of the conditional probabilities of the mutual influence of the factors presented in Tables 1-3, calculations of fuzzy probability values of the considered network nodes are performed using formulas (2-6) in the MATLAB environment. In addition, formula (1) calculates the defuzzification values of fuzzy probabilities at the nodes of the network. The calculation results are presented in Table 4.

As it is seen from Table 4, the probability that the information security is in the "protected" state P(R=r1)=0.97, which, following the regulatory recommendations (P(R=r1)≥0.95), is considered as a sufficient value. (0.59; 0.69; 0.91; 1.04) tca lt iifzz rseu u n feD io P(N ) 0.6 0.4

P(E) 0.7 0.3 a1 a2 r2 t1 t2 x1 x2 Suppose that information security is influenced by the actions of users (factor N) and the administrator (factor T) on information in the system and the database with a probability value much greater than in the first case, and the failure of the software (factor E) is quite probable. The result of evaluating the probabilities of factors N, T, E by experts is presented in the form of fuzzy ~ ~ ~ probabilities Pf ( N ), Pf (T ), Pf (E) given by trapezoidal fuzzy numbers in Table 5.

The results of calculating the values of the fuzzy probability of the nodes of the network under consideration are presented in Table 5. As it is seen from Table 5 the probability that the information security is in the "protected" state P(R=r1)=0.77. Consequently, in this case, it cannot be assumed that the information security is in the "protected" state.

D Pf (D)

Q

Pf (Q) (0.37; 0.64; 0.75; 1.32) (0.07; 0.17; 0.28; 0.41)

W

Pf (W ) (0.27; 0.66; 0.87; 1.4)

A Pf ( A)

V Pf (V )

R

Pf (R) (0.49; 0.65; 0.95; 1.14) (0.02; 0.13; 0.31; 0.45) (0.09; 0.43; 0.74; 1.11) (0.12; 0.36; 0.48; 0.63) (0.33; 0.68; 0.92; 1.34) (0.04; 0.15; 0.6; 0.39) (0.27; 0.69; 0.8; 1.29) (0.04; 0.15; 0.38; 0.49)

P(Z )

The information technology was proposed for the assessment and provision of complex information security of decision-making support process in man-machine systems for the management of technogenic objects, which complements the theory and methods of solving the issues of maintaining reliability and survivability of multilevel systems, based on the interaction of its workability indicator set, human factor and the indicators of information security in the decision-making process, to ensure the management efficiency of critical objects.

To assess the impact of a set of indicators of information security non-factors, as well as external, production, and human factors on the decision-making process of DM in the management of critical objects, a fuzzy BN was proposed. A fuzzy BN was proposed to assess the complex information security of the DMS process in the MMS for managing a technogenic object. An algorithm for calculating fuzzy probabilities of the nodes of this network was developed. In the MATLAB environment, a numerical experiment was carried out for various values of the degrees of influence of factors on the information system.

Thus, if the impact on the information security of users (factor N) and the administrator (factor T), as well as software failure (factor E), are unlikely, then information security with a sufficient degree of probability is in a protected state. If the impact on the information security of users (factor N) and the administrator (factor T), as well as software failure (factor E), are quite probable, then information security is in a protected state with an insufficient degree of probability, that is, it is not protected. To bring it into a protected state, it is necessary to reduce the degree of impact of negative factors T, N, E on it to a certain level. Thus, the fuzzy model built for analyzing the impact of non-factors on the degree of information security allows assessing the degree of its protection, taking into account the causal relationships of these factors.