CYBERSECURITY INCIDENTS NOTIFICATION MECHANISM AT CRITICAL INFRASTRUCTURE FACILITIES

20260 citationsJournal Articlediamond Open Access

Authors

Vasyl Tsurkan · National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

Vladyslav Rakovych · Pukhov Institute for Modelling in Energy Engineering

Abstract

The importance of critical infrastructure facilities for the economy, national security, and defense has been demonstrated. This is due to the vital functions and/or services they provide to organizations in both the public and private sectors. Preventing their disruption is achieved by implementing measures and methods to manage, monitor, and assess security risks. Additionally, this involves either eliminating, mitigating the consequences, or recovering from threats once they materialize. At the same time, it involves adapting to emerging security risks. This is achieved by critical infrastructure operators developing appropriate systems, particularly those ensuring cybersecurity. Therefore, preventing negative impacts and consequences is achieved through risk management. In particular, critical infrastructure operators ensure incident response in accordance with the national plan. This necessitates the implementation of a cybersecurity event notification mechanism at critical infrastructure facilities. Analysis of recent studies and publications indicates that they focus primarily on the processes of detecting and responding to cybersecurity incident. In view of this, the cybersecurity event notification mechanism at critical infrastructure facilities is defined as a set of processes within a structured framework for incident management. To this end, the relationships between their components—specifically, activities, information assets, vulnerabilities, and threats—have been taken into account. Among the phases, the primary focus is on planning and preparation, detection and reporting, and assessment and resolution. Each of these phases defines the processes from receiving information about an event to deciding whether it falls into one of the categories—incident or non-incident. Together, they define the cybersecurity event notification mechanism at critical infrastructure facilities. To this end, the guidelines of the international standards ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035-1, 2, 3, harmonized in Ukraine, have been utilized. Particular attention is paid to learning lessons following the reporting of both events and cybersecurity incidents. This approach helps keep processes, cybersecurity event report templates, and related reports up to date.

Topics & Keywords

Cybersecurity and Information Systems Information and Cyber Security Military Technology and Strategies

UN Sustainable Development Goals

Industry, innovation and infrastructure

Publication Details

Published in: Cybersecurity Education Science Technique

DOI: 10.28925/2663-4023.2026.32.1200

Field-Weighted Citation Impact: 0.00