{"title":"Analysis of Cyber Security Threats of the Printing Enterprise","authors":"P. Shepita, L. Tupychak, Julia Shepita","doi":"10.13052/jcsm2245-1439.123.8","DOIUrl":null,"url":null,"abstract":"The topic of scientific works on the implementation of modern technologies and systems of automated management of the enterprise, its resources and technical means is analyzed, and the insufficient completeness of research on the features of the integrated approach to the design and deployment of innovative means of production order support. Based on the determined factors of the operation of the enterprise in the latest conditions of the fourth industrial revolution, directions for the formation of strategies for the introduction of the elements of Industry 4.0 in modern printing enterprises, as well as information protection systems, are determined with electronic document circulation. The mechanisms of decision of tasks of management informative risks considered in complex control system by printeries in the conditions of vagueness and at co-operation of elements of control system between itself. The necessity of using a web portal for the formation of printing orders is substantiate, the main components are define and the levels of access to them described. The paper examines the use of classic and gray fuzzy cognitive maps to solve the problem of cyber security risk assessment of the intelligent management system of a printing enterprise. It is demonstrate that the average estimate of local risk, which is formed using an ensemble of two heterogeneous fuzzy cognitive maps, decreases compared to the use of individual cognitive maps. In order tî better, highlight the results of the research, an example of the application of the proposed methodology for assessing the risks of ensuring the integrity of telemetric information in the industrial network of the intelligent technological process management system of a printing enterprise given, with the continuity of the technological process of manufacturing printing products. In addition to the classic FCM, the paradigms of two variants of the FCM extension were also use in the study, namely, the gray FCM, which used to solve the problem of assessing cyber security risks of intelligent management systems of printing enterprises. An analysis of the possibility of building FCM ensembles to increase the effectiveness of risk assessment using several options for formalizing the expert’s knowledge and experience performed. A fragment of the enterprise management system was consider and an analysis of possible directions of attacks on the printing enterprise by malicious software was perform. These are attacks such as replacing the executable files of server and ARM software, overwriting PLC projects during system operation, and refusing to service the equipment. Based on the formed list of attack vectors and the consequences of their implementation, the task of analyzing the risks of cyber security of a printing enterprise, taking into account the impact on the system of possible internal threats, was considered, using the cognitive modeling apparatus as a modeling tool. The scenario of cognitive modeling of the influence of an internal criminal who exploits the vulnerabilities of the software and hardware components of the control system using the given variants of FCM construction is considered. The average assessment of local risks, which formed using an ensemble of cognitive maps, is better from the point of view of dispersion of assessments of the state of target concepts than the use of individual FCMs. The spread of estimates of the state of ensemble concepts is smaller than the spread of estimates of their gray values using the GFCM, on average by 1.4–1.8 times, which indicates a decrease in the influence of the subjectivity factor on the results of risk assessment. The performed scenario modeling showed that the use of the specified means of protection and organizational measures allows reducing the assessment of local risks by 12–18%, which is a significant indicator. This technique allows obtaining a qualitative and quantitative assessment of risk indicators, taking into account the entire set of objective and subjective factors of uncertainty.","PeriodicalId":37820,"journal":{"name":"Journal of Cyber Security and Mobility","volume":"34 1","pages":"415-434"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cyber Security and Mobility","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.13052/jcsm2245-1439.123.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0
Abstract
The topic of scientific works on the implementation of modern technologies and systems of automated management of the enterprise, its resources and technical means is analyzed, and the insufficient completeness of research on the features of the integrated approach to the design and deployment of innovative means of production order support. Based on the determined factors of the operation of the enterprise in the latest conditions of the fourth industrial revolution, directions for the formation of strategies for the introduction of the elements of Industry 4.0 in modern printing enterprises, as well as information protection systems, are determined with electronic document circulation. The mechanisms of decision of tasks of management informative risks considered in complex control system by printeries in the conditions of vagueness and at co-operation of elements of control system between itself. The necessity of using a web portal for the formation of printing orders is substantiate, the main components are define and the levels of access to them described. The paper examines the use of classic and gray fuzzy cognitive maps to solve the problem of cyber security risk assessment of the intelligent management system of a printing enterprise. It is demonstrate that the average estimate of local risk, which is formed using an ensemble of two heterogeneous fuzzy cognitive maps, decreases compared to the use of individual cognitive maps. In order tî better, highlight the results of the research, an example of the application of the proposed methodology for assessing the risks of ensuring the integrity of telemetric information in the industrial network of the intelligent technological process management system of a printing enterprise given, with the continuity of the technological process of manufacturing printing products. In addition to the classic FCM, the paradigms of two variants of the FCM extension were also use in the study, namely, the gray FCM, which used to solve the problem of assessing cyber security risks of intelligent management systems of printing enterprises. An analysis of the possibility of building FCM ensembles to increase the effectiveness of risk assessment using several options for formalizing the expert’s knowledge and experience performed. A fragment of the enterprise management system was consider and an analysis of possible directions of attacks on the printing enterprise by malicious software was perform. These are attacks such as replacing the executable files of server and ARM software, overwriting PLC projects during system operation, and refusing to service the equipment. Based on the formed list of attack vectors and the consequences of their implementation, the task of analyzing the risks of cyber security of a printing enterprise, taking into account the impact on the system of possible internal threats, was considered, using the cognitive modeling apparatus as a modeling tool. The scenario of cognitive modeling of the influence of an internal criminal who exploits the vulnerabilities of the software and hardware components of the control system using the given variants of FCM construction is considered. The average assessment of local risks, which formed using an ensemble of cognitive maps, is better from the point of view of dispersion of assessments of the state of target concepts than the use of individual FCMs. The spread of estimates of the state of ensemble concepts is smaller than the spread of estimates of their gray values using the GFCM, on average by 1.4–1.8 times, which indicates a decrease in the influence of the subjectivity factor on the results of risk assessment. The performed scenario modeling showed that the use of the specified means of protection and organizational measures allows reducing the assessment of local risks by 12–18%, which is a significant indicator. This technique allows obtaining a qualitative and quantitative assessment of risk indicators, taking into account the entire set of objective and subjective factors of uncertainty.
期刊介绍:
Journal of Cyber Security and Mobility is an international, open-access, peer reviewed journal publishing original research, review/survey, and tutorial papers on all cyber security fields including information, computer & network security, cryptography, digital forensics etc. but also interdisciplinary articles that cover privacy, ethical, legal, economical aspects of cyber security or emerging solutions drawn from other branches of science, for example, nature-inspired. The journal aims at becoming an international source of innovation and an essential reading for IT security professionals around the world by providing an in-depth and holistic view on all security spectrum and solutions ranging from practical to theoretical. Its goal is to bring together researchers and practitioners dealing with the diverse fields of cybersecurity and to cover topics that are equally valuable for professionals as well as for those new in the field from all sectors industry, commerce and academia. This journal covers diverse security issues in cyber space and solutions thereof. As cyber space has moved towards the wireless/mobile world, issues in wireless/mobile communications and those involving mobility aspects will also be published.