=Paper=
{{Paper
|id=Vol-3422/Paper1
|storemode=property
|title=Infrastructure Cybersecurity under Complex Man-Made Threats Conditions
|pdfUrl=https://ceur-ws.org/Vol-3422/Paper1.pdf
|volume=Vol-3422
|authors=Lubomyr Sikora,Natalya Lysa,Olga Fedevych,Bohdana Fedyna
|dblpUrl=https://dblp.org/rec/conf/citrisk/SikoraLFF22
}}
==Infrastructure Cybersecurity under Complex Man-Made Threats Conditions==
https://ceur-ws.org/Vol-3422/Paper1.pdf
Infrastructure Cybersecurity under Complex Man-Made
Threats Conditions
Liubomyr Sikora1, Nataliia Lysa1, Olga Fedevych1, Bohdana Fedyna2
1Lviv Polytechnic National University, 12 Bandera Str., Lviv, 79013, Ukraine
2Ukrainian academy of printing, 19 Pid Goloskom Str., Lviv, 79000, Ukraine
Abstract
Making and implementing decisions in complex hierarchical systems, as a procedural part of
management activity, has an applied nature, which is manifested in the performance of actions to
respond to and influence threat factors on object, within the boundaries of relationship between
management subject and object. In this context, the control system is provided by auxiliary
computerized human-machine decision support systems (subsystems) that help intelligent agents
perform decision-making actions and react to results of decision implementation. For effective
adaptation and development of these systems, it is necessary to have a complete decision-making and
implementation system. In the latter, there will be applied informational and algorithmic support for
decision-making procedures implementation based on decision-making and implementation
mechanism, taking into account management system integration, as a prerequisite for effective
management of hierarchical systems. Such a complex need determines the necessity to develop the
conceptual structure of the mechanism in connection with the decision-making and implementation
system on the integration basis of building a management system.
Keywords 1
Cyber security, attacks, system, management, cognitive models, information technologies, strategies,
risks, goal orientation, hierarchy.
1. Introduction
The decision-making and implementation mechanism is used based on the structure of
hierarchical management system and its integration basis. Management system structure is
represented by hierarchical system’s composition and connections of the subsystems, which are
based on information integration, in combination with other types of integration. Such a structure
will be superimposed on the structure of mechanism itself, represented by composition and
connections of components that embody the rules of managing a complex system through the
processes of making and implementing management decisions. Therefore, integration concept
CITRisk’2022: 3rd International Workshop on Computational & Information Technologies for Risk-Informed Systems, January
12, 2023, Neubiberg, Germany
EMAIL: lssikora@gmail.com (L.Sikora); lysa.nataly@gmail.com (N.Lysa); olha.y.fedevych@lpnu.ua (O.Fedevych);
fedynabogdana@gmail.com (B.Fedyna)
ORCID: 0000-0002-7446-1980 (L.Sikora); 0000-0001-5513-9614 (N.Lysa); 0000-0002-8170-3001 (O.Fedevych); 0000-0001-9487-
2851 (B.Fedyna)
© 2022 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
�mechanism will involve combination of components on the structural-base model of integrated
control system design.
2. State of the art
Management solution for managing a hierarchical system is an intelligent product created and
used by the management system. Intellectual activity of this kind involves information operation
about object characteristics with use by management subject of information-knowledge about the
rules of operation, which explain how to influence or refuse to influence the object. That is,
management is carried out through the information presentation of both the object and the
subject's actions, taking into account the structure of a complex system with a hierarchical
organization and various causes of emergency situations. Such situations can arise in the event of
external threats and attacks on the object, and also in the preparation of project documentation,
mistakes may be made during their development. Accordingly, active attacks, failures,
malfunctions (reduction in system reliability and resources) can lead to a failure of the object's
functioning. Also, one of the main reasons that can lead to a disaster and emergency situations in
the facility's operation system is the intellectual and cognitive errors of the operational staff,
which leads to its informational and target disorientation.
In accordance with goals that functioning system sets for itself, it is necessary to form
requirements for its reliability and functionality of ACS (Automated Control System) units,
management structure. Cybersecurity of a hierarchical structure is an urgent problem today,
which includes information and intellectual support in the formation of adoption and
implementation of purpose-oriented decisions in the conditions of threats, resource and structural
and other types of attacks on infrastructure.
2.1. Related works
Works [1,2] are devoted to the problems of building procedures for making effective
management decisions in technical and economic systems. Work [3] is devoted to large systems
organization theory, in which the basic models of structure construction, functioning models,
open management strategies, resource and strategic games, effective design problems are
considered. Data processing methods, classification and forecasting methods as the basis for the
formation of decision-making process are considered in [4,6]. Expert systems theory methods for
use in complex systems in management decisions formation are considered in [7,8,9]. The theory
of coordination in management processes is considered in [12-15]. Cognitive technologies for
situation assessing are described in [21], risk models in [10,11] and the use of artificial
intelligence and big data analysis in [16-20] accordingly.
2.2. Research purpose
On the basis of system analysis and their information and logic-cognitive technologies,
determine and justify indicators for identifying the causes of crisis and emergency situations in
complex man-made integrated systems with hierarchical infrastructure when threats and attacks
affect process and management goals, which is necessary to ensure effective methods of
countermeasures and high cyber security level.
� 2.3. Research object
Hierarchical system, goals and dynamics of complex man-made systems in a complex of
spatially distributed integrated production facilities.
3. Main results
3.1. Complex man-made system coordination processes
between infrastructure hierarchy levels as a method for
increasing resistance to attack actions
Analysis of complex ACS-TP systems developed during the (3-4) development stage of
information and management technologies, which were used in complex production energy-
active complexes with a continuous process, showed that at the current stage they do not meet
the requirements for ensuring resistance to attacks of the system approach at their design.
Number of tasks that were solved in the management process was large, but the inconsistency
of methods of solving technical, functional, algorithmic and organizational tasks and the
procedures for their solution complicated the process of goal-oriented management due to the
complexity of harmonizing technological requirements, management methods, data processing
tools and decision-making strategies in the conditions of threats and information attacks.
Main reason for the low level of management efficiency in the event of resource and
information threats at different levels of the hierarchy was that the behavior of operative
personnel at different management levels was not coordinated with the production infrastructure
possibilities and resources provision.
3.2. Man-made systems integration processes into complex
strategic-level infrastructure for effective countermeasures
against threats
At the fourth stage of the development of energy-active objects complex management systems in
production management continuous process, to the fullest extent arose the need to combine
individual automated systems and subsystems of the infrastructure into a complex goal-oriented
system based on information and intellectual technologies.
A complex integrated infrastructure with a management system, which is oriented towards
strategic goals, includes and will combine into a single the next goals:
•
{MO / } - management objects of passive and active type;
і
n
і =1
•
{(ACS - ТP ) } - automatic facility management systems;
і =1, n
•
{ACYI n } - automated systems with a hierarchical management structure;
• {ІІАSCR } - information intelligent management systems with coordinating
management strategies;
� • {DSS R } - decision support systems with coordination and expert technologies to
counter attacks and active threats;
•
{ОСІCУ } - operational systems of intellectual, cognitive and creative management;
•
{RSU } - technological flows resource management systems;
pi
• {SE Z } - environmental protection systems.
The theoretical foundations of such systems construction are considered in fundamental
works [3, 11-15, 19-21].
On the basis of the conducted research, a structural-functional scheme of production
structures coordination-integration game into infrastructure was developed based on agreement
of global goal (Fig. 1.)
Markings on Fig. 1.:
•
FRm - factors affecting the ecosystem - material;
• FRЕ - factors of energy impact on the environment;
• CFZ - strategy of environmental protection systems;
•
GGi - global infrastructure goals;
• GCiU - management goals at the operational level;
• CUS - goal oriented management of production system;
• F ( АtakCi ) -attacks factor on the entire system – operational level;
• I (Strat ) - systems integration strategy at the upper level;
• Strat (SKCi ) - management coordination strategy according to the goal;
• {ОУі} - management objects (active passive conversion, mixed type);
• {Di, Dn} - information and management – executive data flows;
•
{FRi, FRЕ , FRS } - factors influencing resource flows, energy, structures of the object.
• Integration processes during the structural game take place at the levels of the system
hierarchy (SR5, SR6, SR7), coordination of goals and strategies occurs at levels (SR3, SR4,
SR5).
� SR1
Global state and regional material and energy resources
FRn
CEz Global strategic goals GGI SR2
FRE
ОСІКn GCiU
Conflict
SR3
IIACSK
CUS Coordination Star (SKCi)
SR4
F (Atak Ci) Risks and conflicts
АSC- IS
DSS (Strat)
SR5
АCS-ТP1 АCS-ТP n
SR6
RSU1 RSUn
OY1 Dn Di OYn D1 D2
Resource
complex
(Rm,RE,Rn)
SR7
FR1 FE1 FS1 FRn FEn FSn
Figure 1: System’s coordination-integration game structural-functional scheme
The global game is formed by the participants of ((SR1, SR2, SR3) ⊗ SR4) levels on the basis
of infrastructure of corporate management goals and strategies agreement, which with full risk
probability may be formed.
� 3.3. Procedures for integrating systems into the infrastructure
with goal-oriented management strategies
In order to increase the stability of their infrastructure functioning, it is necessary to perform a
constructive component analysis of technological aggregated system capabilities for production
infrastructure in interaction with automated control system (human-machine interaction), taking
into account intellectual capabilities of managers at all levels of hierarchy and service-
operational maintenance. Assess possible risks of failure and shutdown of emergency situations
under resource threats conditions and information attacks on goal-oriented management process
(Fig. 2.).
Markings on Fig.2.:
• Target requirements: V1.1 - goals definition, V1.1a – goals coordination, V2.1 –
internal and external factors affecting goals, V2.1a – structured goals, V1.2 –
coordination of goals with management, V1.2a – functioning duplication;
• Functional requirements: V2.2 – functional structuration, V2.2a – management
functions;
• Organizational management requirements: V1.3 – structure consistency, V 1.4 –
actions coordination, V 1.5 – throughput, V 1.6 – system stability, V2.3 – elements
organization, V2.4 – elements fixing, V2.5 – load distribution, V2.6 – control, V 1.7-
active actions;
• Cognitive requirements: V 1.8 – professional qualities, V2.7 – regulation, V2.8 –
professional compliance, V1.9, V1.15 – consistency, V1.10 – sharing usage, V1.11 –
information duplication, V1.13 – information compatibility, V1.14 – information
aggregation, V2.9 – information provision, V2.10 - single database, V2.11 –
information duplication, V2.13 – information transformation, V2.14 – accounting of
method, – consistency, V1.16 – risk assessment, V1.17 – feasibility;
• Management integration: V2.15, V2.16 – indicators, V2.17 – methods, V1.18 –
management process, V1.19 – process safety, V1.20 – conflicts occurrence, V2.18 –
goals achievement, V2.19 – control means, V2.20 – information technology tools.
To increase robustness of information and management systems, networks and channels of
transmission and dial exchange in the management process, under the conditions of information,
psychological and cognitive attacks, it is necessary to analyze (both in existing and newly
designed) all infrastructure components for stability. At the same time, it is necessary to take into
account that components have, according to the type of systems and dynamics functions
A
∀x ∈ X ; ∃y ∈ Y ; X → Y | C A
ij
ij i ik K i y i
and displaying actions ij in the target area defined at
strategic level.
Interaction between systems during the integration process can take place between energy-
active, informational, resource and management infrastructure components.
Decision-making levels:
Si
←
OYi → BM
V1 Ai
i
• - (object - control) – (control );
� OY ←
Ai
ПR | ПR ⊂ D Re s
• V2 - (object - control) – (resource source i i );
K
•
V3 - (object - control)– (information system OYR → ІВС );
• V4 - (information system) – (system (ACS-TP) management
OY S
→ Di
ІВС → SUi
R );
•
V5 - (ASC-TP) – (operational management system (KRIAi ) with operational
cognitive agents team).
� SR1
Global state and regional material and energy resources
FRn
CEz Global strategic goals GGI SR2
FRE
ОСІКn GCiU
Conflict
SR3
IIACSK
CUS Coordination Star (SKCi)
SR4
F (Atak Ci) Risks and conflicts
АSC- IS
DSS (Strat)
SR5
АCS-ТP1 АCS-ТP n
SR6
RSU1 RSUn
OY1 Dn Di OYn D1 D2
Resource
complex
(Rm,RE,Rn)
SR7
FR1 FE1 FS1 FRn FEn FSn
Figure 2: Risks scheme in the event of uncoordinated requirements for system integration
�The interaction and integration game concept of infrastructure, between production, information,
management type subsystem is the basis for describing process of active countermeasures
against threats.
If take into account that management structure includes an automatic system for
implementation of object management process (ASU-TP-ASU) and a team of management
operators (cognitive agents) so behavior of such a structure has a high risk of failure under
threats influence.
Accordingly, let’s provide a list of active threat attacks on the man-made system, both
internal and external (Table 1).
Table 1
Active threats and attacks on man-made systems
№ Type of threats αr
1. Threats and information- 0,01-0,95
intelligent attacks on
infrastructure destruction.
2. Target threat structures to 0,01-0,3
block technological process.
3. Resource attacks to disrupt 0,01-0,2
technological process.
4. Information attacks in the 0,1-0,5
data transmission network to
distort situation image in
object.
5. Structural attacks on 0,1-0,35
production system
organization.
6. Complex attacks on ACS – TP. 0,01-0,95
7. Attacks on target 0,5-0,75
disorientation.
8. Attacks on hierarchy of 0,5-0,9
authority.
9. Strategic management 0,6-0,95
attacks.
10. Attacks on processor systems 0,5-0,95
of ACS control complex.
11. Attacks on changing of 0,01-,3
energy-active objects mode.
12. Information-mental attacks on 0,3-0,9
personnel to change stress
resistance and goal
orientation.
13. Complex attacks on 0,01-0,2
hierarchical management
structure and internal
� conflicts.
14. Attacks on complex destruction of 0,01-0,95
man-made system.
In accordance with situation in external and internal infrastructures, let’s form a target
integration process (Fig. 3).
Markings on Fig. 3.:
F ,F ,F
• I Z
- active influence factors on information, knowledge, goal-oriented factors
c
of integration process.
OY RIAi |
• System s = n ,1 - operational administrative management system
Di
KIA | → A ∪U
i i =1, n K
;
• Strategic goal-oriented management system with all levels of infrastructure hierarchy
∋ Koord (Strat (U | Ci )) : SStratCu − Leve ∪ IS
on the basis of goal-oriented
coordination management.
Agents behavioral space (КІА)
Information / knowledge Economic interests (Сі)
Σαrisk Integration process
Fi(Ai)
Establishing basic (planned, project) integration
features in agents images based on awareness of
economic interests and setting goals
1
Wij
Acquiring actual integration features (co-
dimensional verification of basic ones and
Fz(Ak)
introduction of new ones) during convergence
(integration) of agents images on the basis of
situational iterations of convergence - convergence
Σ according to economic criteria of interests with the
use of existing and supplemented (new)
knowledge. 2
Wij
Fc(Am)
Fixation of integration signs in agents images with
reproduction ("acceptance", "implementation" - in
business processes and states
Σαrisk 3
Information / knowledge Economic interests
Agent behavior space (КІАj)
Figure 3: Implementation of an active integration process in systems structure in information interaction
conditions of strategic level cognitive intellectual agent’s teams
�Main strategic management goal is the development of sustainable self-renewing methods
process of production based on strategies of overall orientation, integration, and coordination
under the conditions of active overall oriented threats.
Table 2
Infrastructure integration risk assessment
№ Component CF BD αr1 αr2 αr3
integration
1. goal <0.5 >0.9 0.85 0.8 >0.8
orientation
(V11 ,V21 )
2. there is no 0.95 0.9 >0.9 >0.9 >0.9
agreement of
goals (
V11 ,V12 )
3. goals and 0.95 0.85 <0.1 <0.2 0.15
strategies
coordination
(V12 ,V22 )
4. structure goal >0.8 >0.7 >0.2 >0.25 >0.3
orientation
(V12 a ,V22 a )
5. management' 0.95 >0.9 <0.1 <0.15 >0.2
s goal
orientation
(V13 ,V23 )
6. management 0.85 >0.95 <0.15 <0.1 <0.2
tactics
(V14 ,V24 )
7. management 0.7 0.7 <0.2 0.3 <0.3
tactics
dynamics
(V15 ,V25 )
8. resistance to 0.8 0.82 <0.3 <0.35 >0.35
attack factors
(V16 ,V26 )
9. mode 0.83 0.85 <0.3 <0.3 <0.4
indicators
analysis
(V17 ,V27 )
10 integration 0.9 0.95 0.1 0.15 <0.2
. project team
� cognitive
level
(V18 ,V28 )
11 n-system µ n (CF ) µ n (Bd ) Pr ob Pr ob Pr ob
. structural αr2 (0.1 ÷ 0.9) αr3 (0.1 ÷ 0.4)
integration
(0.7 ÷ 0.9) (0.7 ÷ 0.9) αr1 (0.1 ÷ 0.9)
generalized
risks
3.4. Risks analysis in man-made systems
To analyze risks in man-made systems and build schemes and methods for their minimization
and management, it is necessary to apply the risk analysis methodology, which is based on four
components:
1. Risk factors source, structure models.
2. Scenarios of active actions and effects of factors on system functioning process.
3. Analysis of action results of active factors on system.
4. Attacks generators and activators.
Risk source is related to consequences of active actions through the scenario - a chain of events
related to risk implementation in system, under certain conditions, which leads to negative
consequences and accidents.
Chains, paths are actually development scenarios of a dangerous situation from the point of
view of different positions and describe what can happen to system under action of active factors
generated by risk source.
4. Conclusion
According to target task of developing methods for solving infrastructure cyber security
problems, it has been completed:
• Analysis of the literature sources on man-made infrastructure cyber security, issues
resistance to attacks and recovery in threats conditions;
• Tasks that need to be solved to ensure counteraction of attack management system
and threats to infrastructure and system, target management strategies are
substantiated;
• Cognitive principles of information provision necessary for creation of active
resistance strategies to attacks on management structure based on strategies of
coordination and overall orientation are substantiated;
• Information provision data flow processing methods for determining indicators of
signs by an expert system as of countering threats strategy basis is substantiated;
• Interaction process between operational and target, cognitive and automated
decision-making levels of management hierarchy was analyzed;
Solving above problems on system and information levels can help modernize the existing
infrastructure and improve their design process to increase comprehensive cyber security level.
�References
[1] V.Ponomarenko, Information systems and technologies in economics, Кyiv, Academy,
2002
[2] S.Konstantinov, Yu.Ponomarenko, Modern information enterprise management
technologies, Lviv, UAP, 2010
[3] V.Kondratiev, Large systems: Modeling of organizational mechanisms, Мoscow, Science,
1989
[4] T.Hettmanserger, Statistical inference based on ranks, New York, 2ws, 1985
[5] E.Muschik, P. Muller, Entschidun – gspraxis, Berlin VEB Verlog Technik, 1990
[6] M.Davison, Multidimensional scaling, New York, IWss, 1988.
DOI:10.1016/S0169-7161(03)22018-6
[7] M.Barankevych, Expert methods in decision making, Lviv, PC LNU named after I. Franko,
2008
[8] O.Belz, Basics of economic expert systems, Lviv, LNU, 2009
[9] A.Erina, Statistical modeling and forecasting, Kyiv, 2004
[10] L.Sikora, N.Lysa, R.Tkachuk, O.Fedevych, J.Krejčí, Cognitive and information decision-
making technologies and risk assessment in technogenic systems in: Proceedings of the 2nd
International workshop on computational & information technologies for risk-informed
systems CITRisk 2021, Kherson, Ukraine, 2021, рр. 419-433
[11] J.Fesl, L.Tupychak, L.Sikora, N.Lysa, R.Tkachuk, O.Fedevych, Information technologies
for operational staff training for man-made systems under threats and risks in: Proceedings
of the 2nd International workshop on computational & information technologies for risk-
informed systems CITRisk 2021, Kherson, Ukraine, 3101, 2021, рр.374-387
[12] Yu.Kunchenko, Polygons of approximation in space with a generating element, Кyiv,
Science thought, 2005
[13] S.Demri, V.Goranko, M.Lange, Temporal Logics in Computer Science, Cambridge,
Cambridge University Press, 2016. DOI:10.1017/CBO9781139236119
[14] F.Lyugger, Artificial intelligence: strategy and method of solving complicated problem,
Moscow, Wiyams, 2003
[15] Mi.P.Groover, Automation, production systems, and computer-integrated manufacturing,
Prentice Hall Press, 2007
[16] I.Hawryszkiewych, Introduction to system analysis and design, New York, 2000
[17] A.Miele, J.Damoulakis, J.Cloutier, J.Tietze, Sequential gradient-restoration algorithm for
optimal control problems with nondifferential constraints, JOTA, 2, 1974, р.13
[18] W.Lynn III, Defending a new domain: the Pentagon’s cyberstrategy, Foreing Affairs, 2010
[19] K.Mitnik, W.Simon, S.Wozniak, The art of deception, New York, Wiley, 2002
[20] P.Neumann, Computer-Related Risk, ACM Press/Addison Wesley, New York, 1995
[21] L.Sikora, N.Lysa, R.Tkachuk, V.Sabat, O.Fedevych, Information technology of risk
assessment for automated control systems of printing production in: Proceedings of the 2nd
International workshop on computational & information technologies for risk-informed
systems CITRisk 2021, Kherson, Ukraine, 3101, 2021, рр. 404-418
�