Search for a command to run...
The article addresses the problem of ensuring information security of automated control systems at critical infrastructure facilities in Ukraine under conditions of increasing cyber threats, which grew by 87% globally and by 48% in Ukraine during 2024. The theoretical and regulatory foundations of critical infrastructure protection, classification of facilities, and current trends in cyber threats are analyzed. Both national and international cybersecurity legislation are examined. The procedure for establishing a comprehensive information security system in accordance with ISO standards is outlined. The international experience of the United States and EU countries in ensuring the security of critical systems is analyzed. An algorithm for determining the relevance of threats and a methodology for improving the level of information security based on five core functions—identify, protect, detect, respond, and recover—are developed. A SCADA system of the energy enterprise LLC “EnergoSystem,” which manages transformer substations with a capacity of 180 MVA, is analyzed. Critical vulnerabilities were identified, including the absence of network segmentation, unencrypted Modbus TCP/IP and IEC 60870-5-104 protocols, and weak authentication mechanisms. Risk assessment based on the NIST SP 800-82 methodology confirmed one critical and four high-level risks. Nine areas of recommendations were developed: network segmentation, cryptographic protection of communication channels, two-factor authentication, intrusion detection systems and SIEM monitoring, patch management, automation of backup processes, personnel training, development of security policies, and strengthening of physical protection. The economic feasibility of investments in the amount of UAH 4–6 million is substantiated, as a single day of downtime may result in losses exceeding UAH 50 million. The results have practical applicability for enterprises in the energy, transport, and defense sectors.