MANAGING THE SECURITY OF GOVERNMENT INFORMATION SYSTEMS AS CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

• Published in: Bezopasnostʹ informat͡s︡ionnykh tekhnologiĭ Vol. 32; no. 3; pp. 26 - 43
• Main Authors: Gavdan, Grigory P., Golubev, Artyom A., Golubev, Artur G., Zhukov, Igor Y., Rybalko, Alina P.
• Format: Journal Article
• Language: English
• Published: Joint Stock Company "Experimental Scientific and Production Association SPELS 01.07.2025
• Subjects: analysis of the regulatory framework, archival fund, state information system, information security, cyber interference, conflict between legislative acts, critical information infrastructure, mathematical models, object of critical information structure
• ISSN: 2074-7128; 2074-7136
• DOI: 10.26583/bit.2025.3.03

The article aims to systematize the protection requirements for state information systems (SIS) as critical information infrastructure (CII) objects and measures of improving their resilience to cyber threats. Only states capable of managing adequate protection of their SIS will be able to withstand current competitive struggles. For the Russian GIS, which includes thousands of critical information infrastructure objects, “significant” consequences may arise as a result of various impacts, since compliance with the requirements of the federal legislation of the Russian Federation is a difficult task. With the development of information technologies and increasing global information resources, both the number of threats and the volume of (targeted) attacks on SIS are growing. Attacks and failures in SIS operation can lead to serious consequences, such as confidential information leaks, public safety disruptions, and threats to Russia's national security. The research object is SIS functioning within CII. The research subject is the regulatory legal framework for SIS protection; mathematical models for resilience assessment; threats and vulnerabilities of SIS in adversarial conditions. Key definitions, problems, and results of the analysis of regulatory legal documents and mathematical models for resilience assessment are presented, along with sources confirming the importance of the conducted research. The research demonstrates the increasing significance and necessity of resolving existing problems. The research results can be used for further improvement of SIS security in the CII domain.