Соціально-правові студії
ISSN 2617-4162
e-ISSN 2617-4170
Видавець: Львівський державний університет внутрішніх справ
Анотація
Дослідження було спрямоване на визначення шляхів удосконалення правового регулювання захисту інформаційних мереж критичної інфраструктури України, враховуючи сучасні виклики у сфері кібербезпеки та міжнародні стандарти. У роботі використано порівняльний аналіз законодавства України, ЄС, США та Великої Британії, що регулює кібербезпеку критичної інфраструктури, а також проведено оцінку ефективності чинних нормативно-правових актів у контексті сучасних загроз, зокрема збройного конфлікту. Аналіз виявив фрагментарність чинного законодавства, відсутність ефективного механізму координації державних органів, а також недостатність правових інструментів для регулювання відповідальності за кіберзлочини, спрямовані на критичну інфраструктуру. Встановлено, що нормативна база України лише частково відповідає міжнародним стандартам, що ускладнює її гармонізацію з вимогами ЄС. Недостатня інтеграція державного та приватного секторів у сфері кібербезпеки також є суттєвим чинником, що стримує ефективність захисту стратегічних цифрових об’єктів. Для підвищення ефективності правового регулювання необхідно здійснити комплексну гармонізацію законодавства України з нормами ЄС, зокрема з Директивою NIS 2, що визначає єдині вимоги до захисту критичної інфраструктури. Доцільним є запровадження обов’язкової сертифікації кібербезпекових заходів, а також розширення кримінальної відповідальності за кібератаки на критичну інфраструктуру, включаючи санкції для юридичних осіб. Важливим напрямом є законодавче закріплення створення єдиної національної системи моніторингу кіберзагроз і вдосконалення механізмів державно-приватного партнерства. Запропоновані зміни сприятимуть підвищенню рівня кіберстійкості критичної інфраструктури України, її відповідності міжнародним стандартам та інтеграції у глобальну систему кібербезпеки
Ключові слова: кіберстійкість; цифровий простір; стратегічні об’єкти; кіберзагрози; національна безпека
Цитувати
[1] Abedi, A., Gaudard, L., & Romerio, F. (2019). Review of major approaches to analyze vulnerability in power system. Reliability Engineering & System Safety, 183, 153-172. doi: 10.1016/j.ress.2018.11.019.
[2] Act on the Federal Office for Information Security (BSI Act – BSIG). (2009, August). Retrieved from https://surl.li/gmcaco.
[3] Anakhov, P., Zhebka, V., Popereshnyak, S., Skladannyi, P., & Sokolov, V. (2023). Protecting objects of critical information infrastructure from wartime cyber attacks by decentralizing the telecommunications network. Cybersecurity Providing in Information and Telecommunication Systems, 3550, 240-245.
[4] Andrew, L. (2020). The vulnerability of vital systems: How “critical infrastructure” became a security problem. In M.A. Dunn & K.S. Kristensen (Eds.), Securing “The Homeland” (pp. 17-39). London: Routledge. doi: 10.4324/9780203926529.
[5] Cali, Ü., Catak, F.Ö., Balogh, Z.G., Ugarelli, R., & Jaatun, M.G. (2023). Cyber-physical hardening of the digital water infrastructure. In Proceedings of the 2023 European interdisciplinary cybersecurity conference (EICC ‘23) (pp. 181-188). New York: Association for Computing Machinery. doi: 10.1145/3590777.3591408.
[6] Cantelmi, R., Di Gravio, G., & Patriarca, R. (2021). Reviewing qualitative research approaches in the context of critical infrastructure resilience. Environment Systems and Decisions, 41, 341-376. doi: 10.1007/s10669-020-09795-8.
[7] Chernysh, R., Chekhovska, M., Stoliarenko, O., Lisovska, O., & Lyseiuk, A. (2023). Ensuring information security of critical infrastructure objects as a component to guarantee Ukraine’s national security. Amazonia Investiga, 12(67), 87-95. doi: 10.34069/ AI/2023.67.07.8.
[8] Chumachenko, S., & Popel, V. (2023). A systematic approach to the automation of the processes of ensuring personnel competence at critical infrastructure facilities of the defense forces of Ukraine. Bulletin of Cherkasy State Technological University, 28(3), 141-155. doi: 10.24025/2306-4412.3.2023.288836.
[9] Cloud consciousness: Industry group speaks out. (2015). Retrieved from https://digital-strategy.ec.europa.eu/en/library/ cloud-consciousness-industry-group-speaks-out
[10] Convention on Cybercrime. (2001, November). Retrieved from https://surl.gd/uxuxjl.
[11] Criminal Code of Ukraine. (2001, April). Retrieved from https://zakon.rada.gov.ua/laws/show/en/2341-14#Text.
[12] Critical Infrastructure Partnership Advisory Council. (2023). Retrieved from https://www.cisa.gov/resources-tools/groups/critical-infrastructure-partnership-advisory-council-cipac.
[13] Cybersecurity and Infrastructure Security Agency Act. (2018, November). Retrieved from https://surl.gd/bfcepu.
[14] Darıcılı, A.B., & Celik, S. (2022). National security 2.0: The cyber security of critical infrastructure. PERCEPTIONS: Journal of International Affairs, 26(2), 259-276.
[15] Davydiuk, A., & Potii, O. (2024). National cybersecurity governance: UKRAINE. Retrieved from https://ccdcoe.org/library/publications/national-cybersecurity-governance-ukraine/.
[16] Davydiuk, A., & Zubok, V. (2023). Analytical review of the resilience of Ukraine’s critical energy infrastructure to cyber threats in times of war. In 15th international conference on cyber conflict: Meeting reality (pp. 121-139). Tallinn: Institute of Electrical and Electronics Engineers. doi: 10.23919/CyCon58705.2023.10181813.
[17] Decree of the President of Ukraine No. 242/2016 “On the National Coordination Centre for Cybersecurity”. (2016, June). Retrieved from https://zakon.rada.gov.ua/laws/show/242/2016#Text.
[18] Decree of the President of Ukraine No. 392/2020 “On the Decision of the National Security and Defence Council of Ukraine of 14 September 2020 “On the National Security Strategy of Ukraine”. (2020, September). Retrieved from https://www.president.gov.ua/documents/3922020-35037.
[19] Decree of the President of Ukraine No. 447/2021 “On the Decision of the National Security and Defence Council of Ukraine of 14 May 2021 “On the Cybersecurity Strategy of Ukraine”. (2021, May). Retrieved from https://www.president.gov.ua/documents/4472021-40013.
[20] Directive of the European Parliament and of the Council No. 2016/1148 “Concerning Measures for a High Common Level of Security of Network and Information Systems Across the Union”. (2016, July). Retrieved from https://eur-lex.europa.eu/eli/dir/2016/1148/oj.
[21] Djenna, A., Harous, S., & Saidouni, D.E. (2021). Internet of things meet internet of threats: New concern cyber security issues of critical cyber infrastructure. Applied Sciences, 11(10), article number 4580. doi: 10.3390/app11104580.
[22] European Commission. (2021). Horizon Europe. Retrieved from https://research-and-innovation.ec.europa.eu/funding/funding-opportunities/funding-programmes-and-open-calls/horizon-europe_en.
[23] European Commission. (2022). Digital Europe Programme. Retrieved from https://surl.li/hycdxt.
[24] Fuster, G.G., & Jasmontaite, L. (2020). Cybersecurity regulation in the European Union: The digital, the critical and fundamental rights. In M. Christen, B. Gordijn & M. Loi (Eds.), The ethics of cybersecurity (pp. 97-115). Cham: Springer. doi: 10.1007/978-3-030-29053-5_5.
[25] Haber, M. (2022). Great power competition: Critical infrastructure. In A. Farhadi, R.P. Sanders & A. Masys (Eds.), The great power competition: Cyberspace: The fifth domain (pp. 3-26). Cham: Springer. doi: 10.1007/978-3-031-04586-8_1.
[26] Ivanenko, O. (2020). Implementation of risk assessment for critical infrastructure protection with the use of risk matrix. ScienceRise, 2, 26-38. doi: 10.21303/2313-8416.2020.001340.
[27] Izycki, E., & Vianna, E.W. (2021). Critical infrastructure: A battlefield for cyber warfare? In 16th International conference on cyber warfare and security (pp. 454-464). London: Academic Conferences Limited.
[28] Kelemen, R. (2023). The impact of the Russian-Ukrainian hybrid war on the European Union’s cybersecurity policies and regulations. Connections, 22(2), 75-90. doi: 10.11610/Connections.22.2.55.
[29] Key consequences of Russian aggression for Ukraine’s water resources for 19-25 May 2022. (2022). Retrieved from https://davr.gov.ua/news/klyuchovi-naslidki-rosijskoi-agresii-dlya-vodnih-resursiv-ukraini-za-1925-travnya-2022-roku.
[30] Khan, M.J. (2023). Securing network infrastructure with cyber security. World Journal of Advanced Research and Reviews, 17(2), 803-813. doi: 10.30574/wjarr.2023.17.2.0308.
[31] Knapp, E.D. (2024). Industrial network security: Securing critical infrastructure networks for smart grid, SCADA, and other industrial control systems. London: Syngress. doi: 10.1016/C2022-0-02315-1.
[32] Kovaliv, M., Skrynkovskyy, R., Nazar, Y., Yesimov, S., Krasnytskyi, I., Kaydrovych, K., Kniaz, S., & Kemska, Y. (2021). Legal support of cybersecurity of critical information infrastructure of Ukraine. Path of Science, 7(4), 2011-2018. doi: 10.22178/ pos.69-12.
[33] Law of Ukraine No. 1882-IX “On Critical Infrastructure”. (2023, November). Retrieved from https://zakon.rada.gov.ua/laws/ show/1882-20.
[34] Law of Ukraine No. 2163-VIII “On the Basic Principles of Ensuring Cybersecurity of Ukraine”. (2017, October). Retrieved from https://zakon.rada.gov.ua/laws/show/en/2163-19#Text.
[35] Law of Ukraine No. 2297-VI “On Personal Data Protection”. (2010, June). Retrieved from https://www.president.gov.ua/ documents/2297vi-11567.
[36] Law of Ukraine No. 2824-IV “On Ratification of the Convention on Cybercrime”. (2005, September). Retrieved from https:// zakon.rada.gov.ua/laws/show/2824-15#Text.
[37] Liu, W., & Song, Z. (2020). Review of studies on the resilience of urban critical infrastructure networks. Reliability Engineering & System Safety, 193, article number 106617. doi: 10.1016/j.ress.2019.106617.
[38] Loveček, T., Straková, L., & Kampová, K. (2021). Modeling and simulation as tools to increase the protection of critical infrastructure and the sustainability of the provision of essential needs of citizens. Sustainability, 13(11), article number 5898. doi: 10.3390/su13115898.
[39] Lyndyuk, A., Boiko, V., Bruh, O., Olishchuk, P., & Rurak, I. (2023). Development of international cooperation of the borderline territorial communities of Ukraine with the EU countries under martial law. Financial and Credit Activity: Problems of Theory and Practice, 5(52), 244-255. doi: 10.55643/fcaptp.5.52.2023.4161.
[40] Markopoulou, D., & Papakonstantinou, V. (2021). The regulatory framework for the protection of critical infrastructures against cyberthreats: Identifying shortcomings and addressing future challenges: The case of the health sector in particular. Computer Law & Security Review, 41, article number 105502. doi: 10.1016/j.clsr.2020.105502
[41] Memorandum of Understanding between Ukraine and the USA Regarding Collaboration on Ukrainian Energy System Resilience. (2021, September). Retrieved from https://ua.usembassy.gov/memorandum-of-understanding-between-ukraine-and-the-usa-regarding-collaboration-on-ukrainian-energy-system-resilience/.
[42] Mitoulis, S.A., Argyroudis, S., Panteli, M., Fuggini, C., Valkaniotis, S., Hynes, W., & Linkov, I. (2023). Conflict-resilience framework for critical infrastructure peacebuilding. Sustainable Cities and Society, 91, article number 104405. doi: 10.1016/j. scs.2023.104405.
[43] Network and Information Systems Regulations. (2018, April). Retrieved from https://www.legislation.gov.uk/uksi/2018/506/contents/made.
[44] Newbill, C.M. (2019). Defining critical infrastructure for a global application. Indiana Journal of Global Legal Studies, 26(2), 761-779.
[45] Newlove-Eriksson, L., Giacomello, G., & Eriksson, J. (2018). The invisible hand? Critical information infrastructures, commercialisation and national security. International Spectator, 53(2), 124-140. doi: 10.1080/03932729.2018.1458445.
[46] NIS 2 Directive. (2024). Retrieved from https://www.nis-2-directive.com/.
[47] Osei-Kyei, R., Almeida, L.M., Ampratwum, G., & Tam, V. (2023). Systematic review of critical infrastructure resilience indicators. Construction Innovation, 23(5), 1210-1231. doi: 10.1108/CI-03-2021-0047.
[48] Palko, D., Babenko, T., Bigdan, A., Kiktev, N., Hutsol, T., Kuboń, M., Hnatiienko, H., Tabor, S., Gorbovy, O., & Borusiewicz, A. (2023). Cyber security risk modeling in distributed information systems. Applied Sciences (Switzerland), 13(4), article number 2393. doi: 10.3390/app13042393.
[49] Pipyros, K. (2019). A new systematic modelling methodology for improving cyber-attack evaluation on states Critical Information Infrastructure (CII). Athens: Athens University Economics and Business.
[50] Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts (Protocol I). (1977, June). Retrieved from https://www.ohchr.org/en/instruments-mechanisms/instruments/protocol-additional-geneva-conventions-12-august-1949-and.
[51] Pursiainen, C. (2021). Russia’s critical infrastructure policy: What do we know about it? European Journal for Security Research, 6, 21-38. doi: 10.1007/s41125-020-00070-0.
[52] Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing resilience of critical infrastructure elements. International Journal of Critical Infrastructure Protection, 25, 125-138. doi: 10.1016/j.ijcip.2019.03.003.
[53] Resolution of the Cabinet of Ministers of Ukraine No. 518-2019-p “On Approval of the General Requirements for Cyber Defence of Critical Infrastructure Objects”. (2019, June). Retrieved from https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF#Text.
[54] Riggs, H., Tufail, S., Parvez, I., Tariq, M., Khan, M.A., Amir, A., Vuda, K.V., & Sarwat, A.I. (2023). Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure. Sensors, 23(8), article number 4060. doi: 10.3390/s23084060.
[55] Schmitt, M.N. (2017). Tallinn manual 2.0 on the international law applicable to cyber operations. Retrieved from https://lawcat. berkeley.edu/record/199769.
[56] Semenchenko, A., Pleskach, V., Zaiarnyib, O., & Pleskachb, M. (2020). Cyber security and cyber protection: The current state of public administration in Ukraine. In I. Sergienko & P. Andon (Eds.), Proceedings of the 12th international scientific and practical conference of programming (UkrPROG 2020) (pp. 276-284). Kyiv: CEUR Workshop Proceedings.
[57] Shahini, E., Fedorchuk, M., Hruban, V., Fedorchuk, V., & Sadovoy, O. (2024). Renewable energy opportunities in Ukraine in the context of blackouts. International Journal of Environmental Studies, 81(1), 125-133. doi: 10.1080/00207233.2024.2320021.
[58] Shopina, I., Khomiakov, D., Khrystynchenko, N., Zhukov, S., & Shpenov, D. (2020). Cybersecurity: Legal and organizational support in leading countries, NATO and EU standards. Journal of Security and Sustainability Issues, 9(3), 977-992.
[59] Sokiran, M. (2021). Basic principles of public administration of critical information infrastructure: The example of Ukraine. Advanced Space Law, 7, 63-72.
[60] Sopilko, I., Svintsytskyi, A., Krasovska, Y., Padalka, A., & Lyseiuk, A. (2022). Information wars as a threat to the information security of Ukraine. Conflict Resolution Quarterly, 39(3), 333-347. doi: 10.1002/crq.21331.
[61] The history of the NotPetya virus: Should we be wary of similar cyberattacks in the future? (2018). Retrieved from https:// www.imena.ua/blog/notpetya-cyberattack/.
[62] Ukraine becomes a partner in the Three Seas Initiative. (2022). Retrieved from https://www.eurointegration.com.ua/ news/2022/06/21/7141676/.
[63] United Nations Charter. (1945, June). Retrieved from https://www.un.org/en/about-us/un-charter/full-text.
[64] United Nations. (2021). Group of governmental experts on advancing responsible state behaviour in cyberspace in the context of international security. Retrieved from https://www.un.org/disarmament/group-of-governmental-experts/.
[65] White, R. (2019). Risk analysis for critical infrastructure protection. In D. Gritzalis, M. Theocharidou & G. Stergiopoulos (Eds.), Critical infrastructure security and resilience: Theories, methods, tools and technologies (pp. 35-54). Cham: Springer. doi: 10.1007/978-3-030-00024-0_3.
[66] Yefimenko, I., Sakovskyi, A., & Bilozorov, Ye. (2023a). Protection of critical infrastructure as a component of Ukraine’s national security. Law Journal of the National Academy of Internal Affairs, 13(2), 74-85. doi: 10.56215/naia-chasopis/2.2023.74.
[67] Yefimenko, I., Slipchenko, V., & Vaško, А. (2023b). Critical infrastructure as an object of criminal encroachment: General characteristics and features of the investigation organisation. Scientific Journal of the National Academy of Internal Affairs, 28(2), 41-51. doi: 10.56215/naia-herald/2.2023.41.
[68] Zhang, H., Huang, C., & Lyu, A. (2024). A compliance-enhancing approach to separated continuous auditing of intelligent endpoints security in war potential network based on location-sensitive hashing. In Y. Zhang, L. Qi, Q. Liu, G. Yin & X. Liu (Eds.), Proceedings of the 13th international conference on computer engineering and networks (pp. 100-119). Singapore: Springer. doi: 10.1007/978-981-99-9247-8_11.