=Paper=
{{Paper
|id=Vol-3179/Paper_25.pdf
|storemode=property
|title=Method of Forming the Functional Security Profile for the Sectoral Information and Telecommunication Systems
|pdfUrl=https://ceur-ws.org/Vol-3179/Paper_25.pdf
|volume=Vol-3179
|authors=Sergiy Gnatyuk,Oleksiy Yudin,Viktoriia Sydorenko,Artem Polozhentsev,Rashit Brzhanov
|dblpUrl=https://dblp.org/rec/conf/iti2/GnatyukYSPB21
}}
==Method of Forming the Functional Security Profile for the Sectoral Information and Telecommunication Systems==
https://ceur-ws.org/Vol-3179/Paper_25.pdf
Method of Forming the Functional Security Profile for the
Sectoral Information and Telecommunication Systems
Sergiy Gnatyuka, Oleksiy Yudinb, Viktoriia Sydorenkoa, Artem Polozhentseva and Rashit Brzhanovc
a
National Aviation University, 1, Liubomyr Huzar Ave, Kyiv, 03058, Ukraine
b
State Scientific and Research Institute of Cybersecurity Technologies and Information Protection, 3 Maksym
Zaliznyak Str., Kyiv, 03142, Ukraine
c
Yessenov University, 13 Microdistrict, Aktau, 130000, Kazakhstan
Abstract
Global trends of increasing and improving the quality of cyberattacks have led to the
actualization of the Information and Telecommunications Systems (ITS) protection, in
particular, sectoral, which are critical for the functioning of society, socio-economic
development and ensuring the information component of national security. Given the need of
national security and the need to implement a systematic approach for solving the issues of
critical infrastructure protection, at the national level, the creation of protection systems for
such infrastructure is one of the priorities in reforming the defense and security sectors of
Ukraine. Thus, there is a need to develop methods and models for classifying the ITS as critical
infrastructure to ensure the national security. This article proposes a structural-functional
method for determining the functional security profile of the subsystem of the sectoral ITS,
which allows to determine the basic functional security profile of the sectoral ITS by
determining the sectoral requirements for confidentiality, integrity, availability and
observability and more fully formulate criteria for assessing the security of information
circulating in critical ITS. The article was followed by an experimental study on the example
of ITS of the National System of Confidential Communication, which tested the adequacy of
the method's response to changes in input data.
Keywords 1
Information and telecommunication systems, critical infrastructure, critical infrastructure
object, cybersecurity, security assessment, functional security profile.
1. List of abbreviations
Confidentiality: CT – trusting confidentiality; СА – administrative confidentiality; CO – object
reuse; CC – hidden channels analysis; CE – confidentiality in the exchange;
Integrity: IT – trust integrity; IA – administrative integrity; IR – recovery; IE – integrity in exchange;
Availability: AR – use of resources; AF – resistance to failures; AQ – quick replacement; AD – disaster recovery;
Observability: ON – registration; OI – identification and authentication; OC – reliable channel; OD
– segregation of responsibilities; OP – integrity of the Complex of means of protection; OT – self-
testing; OE – identification during exchange; OS – sender authentication; OR – recipient authentication.
2. Introduction
Global trends of increasing and improving the quality of cyberattacks have led to the actualization of
the Information and Telecommunications Systems (ITS) protection, in particular, sectoral, which are
Information Technology and Implementation – 2021 (IT&I-2021), December, 2021, Kyiv, Ukraine
EMAIL: s.gnatyuk@nau.edu.ua (S. Gnatyuk); alex@ukrdeftech.com.ua (O. Yudin); v.sydorenko@ukr.net (V. Sydorenko);
artem.polozhencev@gmail.com (A. Polozhentsev); r.brzhanov@gmail.com (R. Brzhanov)
ORCID: 0000-0003-4992-0564 (S. Gnatyuk); 0000-0002-4730-1463 (O. Yudin); 0000-0002-5910-0837 (V. Sydorenko); 0000-0003-0139-
0752 (A. Polozhentsev), 0000-0001-8755-8207 (R. Brzhanov)
©️ 2022 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
272
�critical for the functioning of society, socio-economic development and ensuring the information
component of national security.
Given the need of national security and the need to implement a systematic approach for solving the
issues of critical infrastructure protection, at the national level, the creation of protection systems for
such infrastructure is one of the priorities in reforming the defense and security sectors of Ukraine.
Therefore, the main problems that need to be solved are: 1) the absence of common criteria and
methodology for the ITS infrastructure objects assigning as critical infrastructure; 2) the absence of
common methodology for assessing security threats of critical infrastructure facilities.
Problem Statement. According to the Law of Ukraine “On the Basic Principles of Cybersecurity of
Ukraine” [1] defines the need to form a list of critical information infrastructure facilities and the need
to develop criteria and procedures for attributing objects to critical infrastructure facilities. Also, the
Decree of the President of Ukraine No 96 / 2016 On the decision of the National Security and Defense
Council of Ukraine on January 27, 2016 “On the Cybersecurity Strategy of Ukraine” [2] provides that
the cybersecurity of critical infrastructure should determine the criteria for attributing informational
(automated), telecommunications, the ITS to critical information infrastructure.
Therefore, the legal acts of Ukraine declare the need to develop common criteria and methodology
for classifying the ITS infrastructure as critical infrastructure. At the same time, it should be noted that
the use of qualitative assessments is associated with the complexity of their comparison and application.
First of all, this is due to the complexity of expert selection and the specificity of expert data processing.
These limitations are less typical for quantitative methods of criticality calculation.
The mentioned above limitations indicate that there is an important scientific problem in determining
the criteria for classifying the ITS as a critical information infrastructure.
Analysis of the recent studies and publications. In accordance with the Law of Ukraine “On
Protection of Information in the Information and Telecommunication Systems” [3] and the Law of
Ukraine “On Protection of Personal Data” [4] the following information is subject to mandatory
protection: information that is the property of the state, or information with restricted access. In order
to ensure the protection of information in the ITS, the Comprehensive Information Security System
(CISS) must be developed. It is also should be noted that the Decision of the Cabinet of Ministers of
Ukraine “On Approval of General Requirements for Cybersecurity of Critical Infrastructure
Facilities” [5] establishes a standard for the implementation of the CISS at a critical information
infrastructure facility.
At the same time, the Normative Documents in the field of Technical Protection of Information of
Ukraine (ND TPI), which describe the procedure for the CISS creation [6] and the criteria for the
information security assessment [7] are outdated and do not meet the current requirements [8; 9]. For
example, the criteria are defined in the ND TPI [7] have not been updated since 1999, the requirements
for the procedure of the CISS creation have not been updated since 2005. On the other hand, the
international normative documents are revised and clarified almost annually [10].
Therefore, there is a problem in the necessity of creating the CISS and the lack of standards,
according to which the CISS must be created.
In the most countries of the world, the information and telecommunications industry is considered
to be one of the most critical sectors (after energy and transport sectors) [8]. Given that, the experimental
verification of the developed provisions was carried out on the example of the National System of
Confidential Communication (NSCC).
In accordance with the Law of Ukraine “On the National System of Confidential
Communications” [11] the NSCC is a set of the special telecommunications systems, which allow to
exchange the information with limited access by cryptographic and technical means, in the interests of
public and local authorities.
According to the Decree of the Cabinet of Ministers of Ukraine “On some issues in the interagency
information exchange organization in the NSCC” [12], the main functions of the NSCC are:
ensuring the exchange of public, proprietary and confidential information between the entities
and/or users of the NSCC.
creation of a technological basis, in which open and proprietary information of public
authorities and local governments, military formations, government agencies, state enterprises,
institutions and organizations circulate for the information resources integration in the ITS;
273
� ensuring interaction between the ITS of public authorities and local governments, military
formations, government agencies, state enterprises, institutions and organizations;
ensuring operation of the special ITS of the NSCC entities, using a special transport network
of the NSCC;
ensuring secure access to the Internet for the government agencies.
Considering these functions, it can be assumed that the NSCС (or its subsystems), belong to the
critical category. Moreover, when classifying the ITS as critical, it is necessary to consider not only the
declared functions, but the actual functions that the system currently executes.
In addition, in the ITS criticality determination, it is necessary to take into account that according to
the Presidential Decree of 18.04.2005 No. 663 “On the provision of government communication of
officials” [13] the system of government communication is provided by resources of the
telecommunications operators on the entire territory of Ukraine.
According to the "Instruction on the organization of networks and systems technical operation of
the state system of government communication of Ukraine" [14] one of the main elements of the
government communication station is a digital control room of the NSCС transport network for the
special purpose.
The purpose of article. The purpose of this article is to develop and experimentally investigate a
method of the Functional Security Profile (FSP) formation of the sectoral ITS.
3. Theoretical bases
3.1. Structural and logical model of the functional security profile formation
of the sectoral ITS
The ND TPI of Ukraine [7] determines the evaluation result as a rating, which represents as an ordered
series (a list) of alphanumeric combinations, indicating the level of implemented services. It is
necessary to implement the method of the FSP formation, which will take into account the requirements
of this document and allow to use the results of the method in the construction of the CISS in
combination with the level of guarantees.
The proposed structural and logical model for the FSP determination of the sectoral ITS (Fig. 1) is
based on the use of the basic (initial) FSP. It is defined taking into account the requirements from [7].
(Si) (Spec)
4 5
(FPZ2)
(FPZB) (Si) (FPZE)
1 2 6
(Ui) (FPZ1)
(Si)
3
Figure 1: Structural and logical model of the FSP determination of the sectoral ITS
The set of the basic systems of the sectoral ITS is defined (Si) in Block 1.
The information flows (interfaces) of interaction between the main systems of the sectoral ITS (Ui)
are defined in Block 2.
The specific (sectoral) requirements (in relation to the basic ones) which are applied to the СIAO
(Confidentiality, Integrity, Availability and Observability), to (Si) are defined in Block 3, forming the
FSP – FPZ1.
The regulatory documents and the best practices (ISO / IEC, NIST, NERC CIP, ISACA, CERT,
SANS, PCI DSS, COBIT, HIPAA, CSA, ITAF) are analyzed in Block 4 and show the additional (or
detailed) requirements (Spec).
The comparison of the additional requirements to the semantics of the ND TPI 2.5-004-99 and the
FPZ2 requirements formation is carried out in Block 5.
274
� The correction of the basic FSP, or development of the FSP for the new basic system of the sectoral
ITS (FPZE) takes place in Block 6.
The developed model allows to use any other security profile that experts can offer. It also allows to
formalize the implemented security services, taking into account additional security requirements,
based on the world's best practices.
3.2. Structural and functional method of the functional security profile
formation of the sectoral ITS
The structural and functional method of the FSP formation of the sectoral ITS consists of the following
steps:
Step 1. Determination of the set of basic systems (elements) of the sectoral ITS (Si) and information
flows (interfaces) of interaction of these systems (Ui);
Step 2. Formation of specific (sectoral) requirements (in relation to the basic) for the СIAO to (Si)
– FPZ1;
Step 3. Identification of the normative documents and the best practices of additional or detailed
requirements (Spec);
Step 4. Formation of additional requirements in the form of the ND TPI semantics and the formation
of requirements FPZ2;
Step 5. Correction of the basic FPZ, or development of the FPZ E for a new system of the sectoral
ITS – FPZE.
The proposed structural and functional method of the FSP formation of the sectoral ITS takes into
account modern experience and the best international practices and allows (in comparison with the
current ND TPI 2.5-004-99) to formulate criteria for assessing the security of information circulating
in the critical ITS in more detail.
4. Research result
4.1. The experimental study of the structure and functional method of the
functional security profile formation of the sectoral ITS
The use of the developed method was analyzed on the example of the NSCC ITS.
Step 1: Determination of the set of basic systems (elements) of the sectoral ITS (Si) and
information flows (interfaces) of interaction of these systems (Ui).
According to [12], the NSCC consists of the following isolated ITS of the special communication
(hereinafter referred as "NSCC systems"):
1. The NSCC special transport network is a telecommunication network which is designed to
transit traffic between the NSCC systems.
2. The special NSCC ITS of their subjects which is designed to exchange public, proprietary and
confidential information on behalf of the public authorities, legal entities and individuals who order
and/or receive the NSCC services.
3. The NSCС special mobile communication network which is designed for exchange of
proprietary and confidential information on behalf of the NSCC subjects while staying in stationary
and non-stationary conditions using the mobile subscriber terminals, protection of which is ensured
by cryptographic and technical methods. A special cellular communication network operates as a
part of the special mobile communication network of the NSCC.
4. The special ITS for a secure video conferencing of the NSCC, which is designed for real-time
official meetings for the public and local authorities’ heads.
5. A secure electronic document management system of the NSCC which is designed to ensure
the operational document exchange of the proprietary and confidential information between the
public authorities, local governments. It also helps to analyze and monitor the implementation of the
Decisions of the President of Ukraine and the Cabinet of Ministers of Ukraine. This system includes
275
� a Certification Authority which is designed to provide the state and local authorities with electronic
digital signature services.
6. A secure Internet access system provided for government authorities and designed to protect
government information resources processed in the ITS, which are accessed via the Internet.
The most critical systems from the information leakage point of view are: the special transport
network, the special ITS of secured videoconferencing and secured electronic document management
system (hereinafter referred as "EDMS").
According to the functional purpose, the dedicated systems can be grouped as follows:
The special transport network – transport system, information protection system, management
system;
The ITS videoconferencing and EDMS – service systems (provision of services to the subscriber).
Step 2: Formation of specific (sectoral) requirements (in relation to the basic) for the СIAO to
(Si) – FPZ1.
As of now, the core of the NSCC includes the following main components [15]:
The CUCM – Cisco Unified Communications Manager. This is the central component of the Cisco
communications platform that connects to and interacts with other Cisco services such as IM &
Presence, Contact Center Express, Pagginig, Media Sence, Webex, external auxiliary services and
information systems such as Microsoft Active Directory (LDAP), DNS, Aurus Directory and others.
The CUCM is a cluster of two virtual machines. The main server processes call and serves subscribers
in a normal mode is called Publisher, the second server, despite being active, but does not serve
subscribers in the normal mode, is called Subscriber.
The Cisco IM & Presence service is a virtual machine, or cluster of two virtual machines. The service
allows to collect and publish information about the status of the user and expands its communication
capabilities. The user’s availability shows the possibility to establish a communication with him, and also
provides information about the possible ways of communication, such as audio communication, e-mail,
interactive messaging. General information is displayed in the Jabber client application, which increases the
speed and efficiency of interaction with colleagues, by selecting the most efficient way for communication.
The central back-end component is called the Extensible Communications Platform (XCP). The XCP uses
the SIP / SIMPLE and Extensible Messaging and Presence Protocol (XMPP). The primary server that
processes messages and serves subscribers in normal mode is called Publisher, the second server, despite
being active, but does not serve subscribers in normal mode, is called Subscriber.
The MediaSence service allows a customer to record, view, listen and download conversations
through a web interface. The Cisco Webex Server service is a system for online conferences, meetings,
video conferences and webinars. Clients are loaded into the web-browser as plugins, then connected to
the server. It consists of the several virtual machines. An administrator virtual machine, a reverse proxy-
server virtual machine (for access from the Internet), the Webex conference virtual machine, and a
media processing virtual machine. Depending on the number of simultaneous sessions and the ability
to access from the Internet, the number of virtual machines may change.
The R-PC is Prime Collaboration Software. It provides a single interface for subscriber management
and all communication services, as well as quick configuration of equipment and integration with the
data network. It has the following functions: end-to-end monitoring, sessions review (planned, executed
and current sessions), quick troubleshooting in network or terminal, latency control, packet loss
(operational diagnosis), monitoring the video route and voice sessions in the network, CPU statistics,
memory and interfaces of Cisco equipment review, jitter, packet loss, DSCP data for Cisco equipment
review. The CTI-CMS is Cisco Meeting Server 1000 Bundle. The software platform for conferencing
provides the following features:
connection of any participant using Cisco or third-party video terminals, Cisco Jabber client,
Cisco Meeting App (client program or WebRTC compatible browser) or Skype for Business;
deployment of the solutions on Cisco CMS platforms, with support for up to 96 high-definition
video ports in a single rack space (1RU);
unlimited growth with a seamless scalability and unified user environment (platform-
independent function);
costs сontrol by the bandwidth usage optimization between the data centers.
276
� The ASA5516-FPWR is the ASA 5516-X with FirePOWER services. A multifunctional firewall, which
is designed for advanced protection against the latest threats and malware. The Cisco ASA firewall with
FirePOWER services provides a seamless threat protection before, during, and after an attack, by combining
the Cisco ASA firewall and the industry-leading Sourcefire threat and malware protection capabilities in a
single appliance.
Cisco ASA with FirePOWER services offers the following features:
remote access to VPN network and advanced clustering features that provide fast and secure access,
and high system reliability;
advanced application monitoring and control supports more than 3,000 application-level controls
which can activate the installed threat detection policies in the Intrusion Prevention System (IPS) in a
risk event, significantly enhancing protection;
FirePOWER is the Next-Generation Intrusion Prevention System (NGIPS), which significantly
enhances threat protection and provides the full contextual information about users, infrastructure,
applications and their content, timely detects multi-vector threats and automates the protection process;
URL filtering by reputation and category provides comprehensive control over suspicious web
traffic, as well as policy enforcement for hundreds of millions of URLs in more than 80 categories;
advanced anti-malware software provides high intrusion detection, low-cost ownership and an
optimal level of protection, making it possible to quickly detect, analyze and prevent the spread of a
malware and other emerging threats that may be missed on other layers of protection.
Taking into account the above components of the NSCС core, as well as the decomposition of their
systems (Table A.1), outline the security requirements regarding to each of the objects (systems). The
specified requirements are listed in Table A.2 (the listed requirements are already implemented in the
NSCC).
The formation of the sectoral requirements for the NSCC subsystems (FPZ1) is carried out taking
into account the standard FSP of the processed information from unauthorized access [16, 24] and
taking into account Table A.2.
FSP of the transport system - CA-2, CE-3, CT-2, CO-1, IA-2, IE-2, IT-1, IR-2, AF-2, AQ-2, AD-2,
AR-2, OS-1, OI-2, OC-1, OD-2, OP-1, OT-2, ON-2, OE-1, OR-1;
FSP of the service system - CA-2, CE-2, CT-2, CO-1, IA-2, IE-1, IT-1, IR-1, AF-2, AQ-2, AD-2,
AR-2, OI-2, OC-1, OD-3, OP-1, OT-2, ON-2, OE-2;
FSP of the protection system - CA-2, CE-3, CT-2, CO-1, IA-2, IE-2, IT-1, IR-2, AF-2, AQ-2, AD-
2, AR-2, OS-1, OI-2, OC-1, OD-3, OP-2, OT-2, ON-2, OE-1, OR-1;
FSP of the management system - CA-2, CE-2, CT-2, CO-1, IA-2, IE-2, IT-1, IR-2, AF-1, AQ-2,
AD-2, AR-1, OS-1, OI-2, OC-1, OD-3, OP-2, OT-2, ON-2, OE-1, OR-1.
The final FSP of the NSCC can be calculated as a combination of the FSPs of the integral systems,
namely - CA-2, CE-3, CT-2, CO-1, IA-2, IE-2, IT-1, IR-2, AF-2, AQ-2, AD-2, AR-2, OS-1, OI-2, OC-
1, OD-3, OP-2, OT-2, ON-2, OE-2, OR-1.
Step 3: Identification of the normative documents and the best practices of additional or
detailed requirements (Spec).
The following regulatory documents describe the security requirements for the NSCC systems: NIST SP
800-53A. Guide for Assessing the Security Controls in the Federal Information Systems and
Organizations [17]; NIST SP800-53. Security and Privacy Controls for the Federal Information Systems
and Organizations [18]; State standards of Ukraine (DSTU) ISO / IEC 27002: 2015 Information
technologies. Methods of protection. Code of practices for information security measures [19]; ISO/IEC
15408-1:2009 Evaluation criteria for IT security [20].
Step 4: Formation of additional requirements in the form of the ND TPI semantics and the
formation of requirements FPZ2.
During the formation of additional requirements in the form of semantics of ND TPI, it is advisable to
use the relevant normative documents [16; 21-24].
Taking into account the security requirements for regional information systems [18], the additional
requirements for the FSP of the NSCC can be formed (Table 1), where ACO_VUL means advanced
composition vulnerability analysis services, AVA_VAN means enhanced methodological vulnerability
analysis, ADV_ARC means additional material on security architecture (self-protection, domain
distribution, traversal impossibility), ADV_INT means internal structure.
277
�Table 1
Additional requirements for the FSP of the NSCC
No. Security service name NIST SP800-53 ISO/IEC 15408-1
1 Risk Assessment RA-3 AVA_VAN.1 AVA_VAN.2 AVA_VAN.3
AVA_VAN.4 AVA_VAN.5 ACO_VUL.1
ACO_VUL.2 ACO_VUL.3
2 Vulnerability Scanning RA-5 –
3 Security Function Isolation SC-3 ADV_ARC.1 ADV_INT.1 ADV_INT.2
ADV_INT.3
Considering the data given in Table 1 it is possible to form the detailed (additional) requirements in
the form of the ND TPI semantics and to form the FPZ2 requirements (Table 2). Besides, during
formation of the additional safety requirements it is necessary to take into account the standard
requirements [16, 24] set out in Table 3.
Step 5: Correction of the basic FPZ, or development of the FPZE for a new system of the
sectoral ITS – FPZE.
Correction of the basic FPZ for FPZE of the NSCC systems is carried out taking into account the
data presented in Tables 2-3.
Table 2
Additional requirements
No. Additional NIST functional criteria ND TPI (FPZ2)
1 RA-3 ON-3, ON-4, ON-5, OT-3
2 RA-5 CC-2, OT-3
3 SC-3 IA-4, AD-3, OT-3
Table 3
Standard FSP of Class 3 automated systems
No. Standard FSP
1 3.IT.3 = {CO-1, IT-1, IA-3, IR-2, IE-2, AR-3, AF-2, AQ-2, AD-2, ON-3, OI-2, OC-1, OD-2, OP-3, OT-2, OE-
2, OS-1, OR-1}
2 3.CT.3 = {CT-3, CA-3, CO-1, CC-1, CE-4, AR-3, AF-2, AQ-2, AD-2, ON-4, OI-2, OC-1, OD-3, OP-3, OT-2,
OE-2}
3 3.CT.3 = {CT-3, CA-3, CO-1, CC-1, CE-4, AR-3, AF-2, AQ-2, AD-2, ON-4, OI-2, OC-1, OD-3, OP-3, OT-2,
OE-2}
4 3.IT.3 = {CO-1, IT-1, IA-3, IR-2, IE-2, AR-3, AF-2, AQ-2, AD-2, ON-3, OI-2, OC-1, OD-2, OP-3, OT-2, OE-
2, OS-1, OR-1}
Table 4
Correction of the basic FSP
No. Basic FSP Additional functional criteria Corrected FSP
1 CT-2, CA-2, CO-1, CE-3, IT-1, IA- CO-1, IT-1, IA-3, IR-2, IE-2, AR-3, CT-2, CA-2, CO-1, CE-3, IT-1, IA-3, IR-
2, IR-2, IE-2, AR-2, AF-2, AD-2, AF-2, AQ-2, AD-2, ON-3, ON-4, 2, IE-2, AR-3, AF-2, AQ-2, AD-2, OS-1,
AQ-2, OS-1, ON-2, OI-2, OC-1, ON-5, OI-2, OC-1, OD-2, OP-3, ON-3, ON-4, ON-5, OI-2, OC-1, OD-2,
OD-2, OP-1, OT-2, OE-1, OR-1 OT-2, OT-3, OE-2, OS-1, OR-1 OP-3, OT-2, OT-3, OE-2, OR-1
2 CT-2, CA-2, CO-1, CE-2, IT-1, IA- CT-3, CA-3, CO-1, CC-1, CC-2, CE- CT-3, CA-3, CO-1, CC-1, CC-2, CE-4,
2, IR-1, IE-1, AR-2, AF-2, AD-2, 4, AR-3, AF-2, AQ-2, AD-2, ON-4, IA-2, IE-1, IT-1, IR-1, AR-3, AF-2, AQ-
AQ-2, ON-2, OI-2, OC-1, OD-3, OI-2, OC-1, OD-3, OP-3, OT-2, 2, AD-2, ON-4, OI-2, OC-1, OD-3, OP-
OP-1, OT-2, OE-2 OT-3, OE-2 3, OT-2, OT-3, OE-2
3 CT-2, CA-2, CO-1, CE-3, IT-1, IA- CT-3, CA-3, CO-1, CC-1, CE-4, AR- CT-3, CA-3, CO-1, CC-1, CE-4, IA-4, IE-
2, IR-2, IE-2, AR-2, AF-2, AD-2, 3, AF-2, AQ-2, AD-2, AD-3, ON-4, 2, IT-1, IR-2, AR-3, AF-2, AQ-2, AD-2,
AQ-2, OS-1, ON-2, OI-2, OC-1, OI-2, OC-1, OD-3, OP-3, OT-2, AD-3, OS-1, ON-4, OI-2, OC-1, OD-3,
OD-3, OP-2, OT-2, OE-1, OR-1 OT-3, OE-2, IA-4 OP-3, OT-2, OT-3, OE-2, OR-1
4 CT-2, CA-2, CO-1, CE-2, IT-1, IA- CO-1, IT-1, IA-3, IR-2, IE-2, AR-3, CA-2, CE-2, CT-2, CO-1, IT-1, IA-3, IR-
2, IR-2, IE-2, AR-1, AF-1, AD-2, AF-2, AQ-2, AD-2, ON-3, OI-2, 2, IE-2, AR-3, AF-2, AQ-2, AD-2, ON-
AQ-2, OS-1, OI-2, OC-1, OD-3, OC-1, OD-2, OP-3, OT-2, OE-2, 3, OI-2, OC-1, OD-2, OD-3, OP-3, OT-
OP-2, OT-2, ON-2, OE-1, OR-1 OS-1, OR-1 2, OE-2, OS-1, OR-1
278
�5. Conclusion
Therefore, the article analyzes the current normative documents, which are used to assess the
effectiveness of critical infrastructure information system’s protection. It was determined, that
international and regional normative documents propose to assess the effectiveness of system protection
through the risk assessment (the lower the risk, the higher the protection effectiveness). At the same
time, Ukrainian ND TPI No. 2.5-004-99 determines the assessment result as an ordered series (listing)
of alphanumeric combinations, which indicate the level of services implemented, combined with the
level of guarantees. Thus, there is a contradiction between the approaches for assessing the effectiveness
of system’s protection, which grounds the direction of this article.
In addition, in the article the structural and functional method of the FSP formation of the sectoral
ITS was developed. It consists of five stages. The proposed method takes into account current world
experience in the field of information protection and allows to formulate criteria for assessing the
security of information that circulates in the critical ITS in more detail, in comparison with the
mentioned ND TPI. Implementation of the proposed method allows to adjust the basic FSP of the
sectoral ITS, by defining the sectoral requirements for confidentiality, integrity, availability and
observability.
Moreover, an experimental study of the proposed method was carried out using the developed
method of forming the FSP of the sectoral ITS. A decomposition of the NSCC into component systems,
subsystems and components was performed, sectoral requirements for information protection were
formulated, additional requirements in the form of ND TPI semantics were determined, and the basic
functional profile of security [25-26] was adjusted.
6. References
[1] Ukraine. Laws. “On the basic principles of cybersecurity in Ukraine”: official text: [adopted by
the Verkhovna Rada on October 5, 2017]. Kyiv, Information of the Verkhovna Rada of Ukraine,
2017, No. 45, p. 403.
[2] Decree of the President of Ukraine No. 96, 2016 “On the decision of the National Security and
Defense Council of Ukraine of January 27, 2016" On the Cyber Security Strategy of Ukraine”.
[3] Ukraine. Laws. “On the protection of information in information and telecommunications
systems”: official text: [adopted by the Verkhovna Rada on July 5, 1994]. Kyiv, Information of
the Verkhovna Rada of Ukraine, 1994, No. 31, p. 287.
[4] Ukraine. Laws. “On personal data protection”: official text: [adopted by the Verkhovna Rada on June 1,
2010]. Kyiv, Information of the Verkhovna Rada of Ukraine, 2010, No. 34, p. 481.
[5] Resolution of the Cabinet of Ministers of Ukraine “On approval of the General requirements for
cyber protection of critical infrastructure” No. 518 of 19.06.2019.
[6] ND TPI 3.7-003-05 “The order of works on creation of complex system of protection of information in
information and telecommunication system”, State Service of Special Communication and Information
Protection of Ukraine, 2005.
[7] ND TPI 2.5-004-99 “Criteria for assessing the security of information in computer systems from
unauthorized access”, State Service of Special Communication and Information Protection of Ukraine,
1999.
[8] Report on research work “Research and analysis of information security problems at critical
infrastructure facilities”, code “Infrastructure” (No. 0114U000038d).
[9] S. Honchar, G. Leonenko, O. Yudin. “Analysis of threats and vulnerabilities of sectoral automated
control systems”. Legal, regulatory and metrological support of information security in Ukraine, Vol.
2 (26), pp. 9-14, 2013.
[10] Z. Hu, Yu. Khokhlachova, V. Sydorenko, I. Opirskyy, “Method for Optimization of Information
Security Systems Behavior under Conditions of Influences”, International Journal of Intelligent
Systems and Applications (IJISA), Vol.9, No.12, pp.46-58, 2017.
[11] Ukraine. Laws. “On the National System of Confidential Communication”: official. text: [adopted
by the Verkhovna Rada on January 10, 2002]. Kyiv, Information of the Verkhovna Rada of
Ukraine, 2002, No. 15, p.103.
[12] Resolution of the Cabinet of Ministers of Ukraine “Some issues of interdepartmental exchange of
information in the National system of confidential communication” No. 303 from 14.05.2015.
279
�[13] Decree of the President of Ukraine of April 18, 2005 No. 663 “On providing government officials
with communication”.
[14] Order of the State Service of Special Communication and Information Protection of Ukraine dated
18.05.2015 No.07 “On approval of the instruction on the organization of technical operation of
networks and complexes of the state system of governmental communication of Ukraine”.
[15] Report on research work “Determination of ways to create a special system of unified
communications in the interests of subscribers of government agencies, institutions and
organizations”, code “Platform” (DR № 0116U000072T).
[16] ND TPI 2.5-005-99 “Classification of automated systems and standard functional profiles of
protection of processed information from unauthorized access”, State Service of Special
Communication and Information Protection of Ukraine, 1999.
[17] National Institute of Standards and Technology Special Publication 800-53A. Guide for Assessing
the Security Controls in Federal Information Systems and Organizations: Building Effective
Security Assessment Plans. June 2010.
[18] National Institute of Standards and Technology Special Publication SP800-53. Security and
Privacy Controls for Federal Information Systems and Organizations. April 2013.
[19] DSTU ISO / IEC 27002: 2015 Information technologies. Methods of protection. Code of practices
for information security measures.
[20] ISO/IEC 15408-1:2009 Information technology - Security techniques - Evaluation criteria for IT
security - Part 1: Introduction and general model, The International Organization for
Standardization and The International Electrotechnical Commission, 2009.
[21] ND TPI 2.6-002-2015 “Procedure for comparing the functional safety components defined by ISO / IEC
15408 with the requirements of ND TPI 2.5-004-99”, State Service of Special Communication and
Information Protection of Ukraine, 2015.
[22] ND TPI 2.6-003-2015 “Procedure for comparing the security confidence components defined by
ISO / IEC 15408 with the requirements of ND TPI 2.5-004-99”, State Service of Special
Communication and Information Protection of Ukraine, 2015.
[23] ND TPI 2.7-013-2016 “Guidelines for comparing the results of the evaluation of information protection
against unauthorized access for compliance with the requirements of the ISO / IEC 15408 with the
requirements of ND TPI 2.5-004-99”, State Service of Special Communication and Information
Protection of Ukraine, 2016.
[24] O. Yudin, “Structural-logical and functional models for determining the functional security profile
of the ITS subsystems”, in: Proceedings of the XX International scientific-practical conf.
Information Security in Information and Telecommunication Systems, Kyiv, May 22-24, 2018,
pp. 50-51, 2018.
[25] Z. Hu, R. Odarchenko, S. Gnatyuk, M. Zaliskyi, A. Chaplits, S. Bondar, V. Borovik, “Statistical
Techniques for Detecting Cyberattacks on Computer Networks Based on an Analysis of Abnormal
Traffic Behavior”, International Journal of Computer Network and Information Security (IJCNIS),
Vol.12, No.6, pp.1-13, 2020.
[26] Z. Hu, I. Dychka, M. Onai, Yu. Zhykin, “Blind Payment Protocol for Payment Channel Networks”,
International Journal of Computer Network and Information Security (IJCNIS), Vol.11, No.6,
pp.22-28, 2019.
7. Appendix
Table A.1
Decomposition of the NSCC systems
No. Object Description
1 2 3
Transport network
1 Office system (St1) Providing connection of subscriber equipment
physically
1.1 System of the subscriber equipment (St11) Terminal equipment (telephones, cable, connectors,
information protection means)
1.2 Network access system (St12) Network access equipment (switch, router, cable
structure)
280
� 1 2 3
1.3 Auxiliary protection systems (St13) Auxiliary equipment (backup power supplies, alarm
sensors, alarm lines)
2 Telecommunication operator system (St2) Providing connection of the operator equipment at
the physical level
2.1 Physical level system (St21) Cable, connectors, signal amplifiers (repeaters),
switchboards, signal converters, network adapters
2.2 Channel level system (St22) Access switches, node switches, service switches
2.3 Transport and network layer system (St23) Trunk switches, multiservice routers, carrier-class
switches
2.4 Application systems (St24) Physical layer management system servers, channel
layer management servers, transport and network
layer management servers
3 Operator system (St3) Providing connection of the operator equipment on a
logical level
3.1 Physical level system (St31) Structured cable system, network adapters, signal
converters
3.2 Channel level system (St32) Access switches
3.3 Transport and network layer system (St33) Switches, routers
3.4 Application systems (St34) Transport and network layer control and management
servers
Service systems (provision of services)
4 Office system (Ss1) –
4.1 Subscriber equipment application systems (Ss11) Terminal equipment (communication terminal, video
communication terminal, data transmission
workstation)
5 Operator system (Ss2) Providing customer service
5.1 Operator communication systems (Ss21) E-mail servers, the CA, registry and directory servers,
CUCM server, domain controller server, video call
server, contact center server
5.2 Management and redundancy system (Ss22) Backup storage servers, Prime Collaboration
Assurance, Prime Collaboration Provisioning,
workstation management
Information protection system
6 Office system (St1) Protection of terminal equipment and premises
6.1 System of the subscriber equipment (St11) Security package of a phone, phone connection block
6.2 Network access system (St12) Switch Security Package, Router Security Package,
cryptographic protection of information
6.3 Auxiliary protection systems (St13) Alarm sensors, fire alarm sensors, alarm panel
7 Telecommunication operator system (St2) Protection of communication channels and operator
equipment
7.1 Physical level system (St21) Cable damage detection devices, signal amplifier
(repeater) control devices, multiplexer
8 Operator system (Sd3) Operator equipment protection
8.1 Channel level monitoring and protection system Access Switch Security Package, Node Security
(Sd22) Package, Service Switch Security Package
8.2 Transport and network layer monitoring and Router Security Package, Switch Security Package,
protection system (Sd23) Monitoring System Security Package, Management
System Security Package, Workstation Control System
8.3 Auxiliary protection systems (Sd24) Physical Communication lines Security Package, Alarm
System Security Package
9 Operator system (Sd3) Implementation of systems management to the
service provider
9.1 Physical level protection system (Sd31) Devices for cable damage detection, devices for signal
amplifiers (repeaters) control, multiplexer
9.2 Channel level monitoring and protection system Access Switch Security Package, Node Security
(Sd32) Package, Service Switch Security Package, DDoS
Protector
281
� 1 2 3
9.3 Transport and network layer monitoring and Router Security Package, Switch Security Package,
protection system (Sd33) Monitoring System Security Package, Management
System Security Package, Workstation Control
System, DDoS Protector
9.4 Application-level protection system (Sd34) Next Generation Threat Prevention firewall, firewall,
operating system protection, database protection
9.5 Cryptographic protection system (Sd35) Cryptographic protection of information
9.6 Auxiliary protection systems (Sd36) Backup power supplies, alarm sensors, alarm lines,
alarm panel, cooling devices (systems)
Management system
10 Office system (Sm1) Management and control of terminal equipment
10.1 Subscriber sensor system (Sm11) Sensors for opening the installation box, sensors for
connecting subscriber equipment, sensors for access
to cryptographic protection of information
10.2 Network access control system (Sm12) Switch and router settings, switch and router
software, redundant power supply software
10.3 System of work logging (Sm13) Switch and router software, backup power supply
software, subscriber equipment software
11 Operator system (Sm2) Managing the telecom operator's systems
11.1 Node equipment control system (Sm21) Software for the multiplexer management, switch and
router management software, server hardware
management software, firewall and DDoS protection
management software
11.2 Cryptographic security management system (Sm22) Information cryptographic protection software, the
CA management software
11.3 Application software management system (Sm23) Application management servers’ software
11.4 Subscriber equipment management system (Sm24) Remote user configuration software
Table A.2
Functional security profile of the NSCC objects
No. Object Description
1 2 3
Transport network
1 Office system (St1) –
1.1 System of the subscriber equipment (St11) CA-2, CE-3, IA-2, IE-2, OC-1, OE-1, ON-2, OT-2, OI-2, OS-1, OR-
1
1.2 Network access system (St12) CA-1, CA-2, CE-3,IA-1, IA-2, IE-2, AR-1, AF-1, AD-1, ON-1, ON-
2, OT-2, OI-1, OI-2, OS-1, OC-1, OD-2, OP-1, OP-2, OE-1, OR-1
1.3 Auxiliary protection systems (St13) AF-1, AD-1, OT-2, ON-1
2 Telecommunication operator system (St2) –
2.1 Physical level system (St21) CA-2, IA-1, AF-1, AQ-1,AD-1, ON-1, ON-2, HИ-2, OD-2, OC-1,
OT-2
2.2 Channel level system (St22) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AD-1, ON-1, ON-2, OI-1, OI-
2, OC-1, OD-2, OP-1, OE-1
2.3 Transport and network layer system (St23) CA-1, CA-2, IA-1, IA-2, IR-2, AR-1, AF-1, AQ-1, AQ-2, AD-1, ON-
1, OI-1, OI-2, OC-1, OD-2, OT-2, OE-1
2.4 Application systems (St24) CA-2, CT-2. CO-1, CE-2, IA-1, IE-1, IT-1, IR-1, AF-2, AQ-2, AD-2,
AR-2, ON-2, OI-2, OD-1, OC-1, OT-2, OE-1
3 Operator system (St3) –
3.1 Physical level system (St31) CA-2, IA-1, AF-1, AQ-1,AD-1, ON-1, ON-2, HИ-2, OD-2, OC-1,
OT-2
3.2 Channel level system (St32) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AD-1, ON-1, ON-2, OI-1, OI-
2, OC-1, OD-2, OE-1
3.3 Transport and network layer system (St33) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AD-1, ON-1, ON-2, OI-1, OI-
2, OC-1, OD-2, OE-1
3.4 Application systems (St34) CA-2, CT-2. CO-1, CE-2, IA-1, IE-1, IT-1, IR-1, AF-2, AQ-2, AD-2,
AR-2, ON-2, OI-2, OD-1, OC-1, OT-2, OE-1
Service systems (provision of services)
4 Office system (Ss1) –
282
� 1 2 3
4.1 Subscriber equipment application systems CT-2, CE-1, CO-1, IT-1, IA-1, IE-1, IR-1, AR-1, AQ-2, AD-2, ON-1,
(Ss11) ON-2, OI-1, OI-2, OC-1, OD-3, OT-2, OE-1
5 Operator system (Ss2) –
5.1 Operator communication systems (Ss21) CT-2, CA-1, CA-2, CO-1, CE-1, IT-1, IA-1, IA-2, IR-1, IE 1, AR-1,
AF-1, AQ-2, AD-2, ON-2, OI-1, OI-2, OC-1, OD-1, OD-3, OT-2,
OE-1
5.2 Management and redundancy system (Ss22) CA-1, CA-2, CT-2, CO-1, CE-2, IA-1, IE-1, IT-1, IR-1, IR-2, AF-2,
AQ-2, AD-2, AR-2, ON-2, OI-2, OD-1, OD-2, OC-1, OT-2, OE-1
Information protection system
6 Office system (St1) –
6.1 System of the subscriber equipment (St11) IR-1, AF-1, AD-1, ON-1, ON-2, OP-1, OE-1, OT-2
6.2 Network access system (St12) CA-1, CA-2, CE-2, IA-1, IA-2, IE-2, AR-1, AF-1, AD-1, ON-1, ON-
2, OI-1, OI-2, OC-1, OD-2, OT-2, OP-1, OP-2, OE-1, OS-1, OR-1
6.3 Auxiliary protection systems (St13) AF-1, AD-1, OT-2, ON-1, OT-2
7 Telecommunication operator system (St2) –
7.1 Physical level system (St21) CA-2, IA-1, AF-1, AQ-1,AD-1, ON-2, HИ-2, OD-2, OC-1, OP-1,
OT-2
7.2 Operator system (Sd3) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AD-1, ON-1, ON-2, OI-1, OI-
2, OC-1, OD-2, OP-1, OE-1
7.3 Channel level monitoring and protection CA-2, CT-2, CO-1, CE-2, IA-1, IA-2, IE-1, IT-1, IR-1, AR-1, AF-2,
system (Sd22) AQ-2, AD-2, AR-2, ON-2, OI-2, OD-1, OD-3, OC-1, OP-1, OT-2,
OE-1
7.4 Transport and network layer monitoring and AF-1, AD-1, OT-2, ON-1
protection system (Sd23)
8 Auxiliary protection systems (Sd24) –
8.1 Operator system (Sd3) CA-2, IA-1, AF-1, AQ-1,AD-1, ON-2, HИ-2, OD-2, OC-1, OP-1,
OT-2
8.2 Physical level protection system (Sd31) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AQ-1, AD-1, ON-1, ON-2, OI-
1, OI-2, OC-1, OD-2, OP-1, OE-1, OT-2
8.3 Channel level monitoring and protection CA-2, CT-2, CO-1, CE-2, IA-1, IE-1, IT-1, IR-1, AF-2, AQ-2, AD-2,
system (Sd32) AR-2, ON-2, OI-2, OD-1, OD-3, OC-1, OP-1, OP-2, OT-2, OE-1
8.4 Transport and network layer monitoring and CT-2, CA-1, CA-2, CO-1, CE-1, IT-1, IA-1, IA-2, IR-1, IR-2, IE-1,
protection system (Sd33) AR-1, AF-1, AQ-2, AD-2, ON-2, OI-1, OI-2, OC-1, OD-3, OP-1,
OP-2, OT-2, OE-1
8.5 Application-level protection system (Sd34) CA-2, CE-3, IA-2, IE-2, OC-1, OE-1, ON-2, OT-2, OP-2, OI-2, OS-
1, OR-1
8.6 Cryptographic protection system (Sd35) AF-1, AD-1, OT-2, ON-1
Management system
9 Subscriber sensor system (Sm11) –
9.1 Network access control system (Sm12) AF-1, AD-1
9.2 System of work logging (Sm13) CA-1, CA-2, CT-2, CE-1, CO-1, IT-1, IA-1, IA-2, IE-1, IR-1, AR-1,
AF-1, AQ-2, AD-2, ON-1, ON-2, OI-1, OI-2, OC-1, OD-3, OP-2,
OT-2, OE-1
9.3 Operator system (Sm2) CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AD-1, OT-2, ON-1, ON-2, OI-
1, OI-2, OC-1, OD-2, OP-1, OE-1
10 Node equipment control system (Sm21) –
10.1 Cryptographic security management system CA-1, CA-2, IA-1, IA-2, AR-1, AF-1, AQ-1, AD-1, ON-1, ON-2, OI-
(Sm22) 1, OI-2, OC-1, OD-2, OP-1, OE-1, OT-2
10.2 Application software management system CT-2, CA-1, CA-2, CO-1, CE-1, CE-2, IT-1, IA-1, IA-2, IR-1, IE-1,
(Sm23) IE-2, AR-1, AF-1, AQ-2, AD-2, ON-2, OI-1, OI-2, OC-1, OD-3,
OP-1, OP-2, OT-2, OE-1, OS-1, OR-1
10.3 Subscriber equipment management system CT-2, CA-1, CA-2, CO-1, CE-1, IT-1, AI 1, AI 2, IR-1, IE 1, AR-1,
(Sm24) AF 1, AQ-2, AD-2, ON-2, OI-1, OI 2, RC 1, OD-3, OP-1, OP-2,
OT-2, OE-1
10.4 Subscriber sensor system (Sm11) CT-2, CA-1, CA-2, CO-1, CE-1, IT-1, AI 1, AI 2, IR-1, IE 1, AR-1,
AF 1, AQ-2, AD-2, ON-2, OI-1, OI 2, RC 1, OD-3, OP-1, OP-2,
OT-2, OE-1
283
�