Механізми залучення спроможностей приватного сектору у сферу провадження державної кібербезпеки України

Abstract

Formulating the problem in general form and its connection with important scientific and practical tasks. The growing activity of criminal groups in cyberspace, the spread of cyberterrorism, the dependence of all spheres of the state’s vital activity on information necessitates the timely implementation by the state of the best foreign practices of cybersecurity of critical information infrastructure. Significant capacities and advanced technologies are mostly owned by private companies. In conditions of limited state funding for cybersecurity measures in Ukraine, one of the effective mechanisms for cybersecurity may be to create conditions for attracting the capacities of the private sector in providing cybersecurity services to protect critical information infrastructure.Analysis of recent publications on the issue and identification of previously unresolved parts of the overall problem. Researches on problematic issues and features of interaction between public authorities and private sector subjects of Ukraine in the field of cybersecurity are isolated and relate mostly to problematic aspects and legal bases of public-private cooperation in the field of cybersecurity, features of cooperation between public authorities and private entities in the field of cybersecurity, business cybersecurity. Thus, the issue of using the capacities of the private sector in terms of providing cybersecurity services to ensure state cybersecurity is poorly understood, which increases the relevance of the topic of the selected research.The purpose of the article is to substantiate the mechanisms for attracting the capacities of the private sector in the field of state cybersecurity of Ukraine.Outline of the main results and their justification. Typically, there are two ways to meet the cybersecurity needs of a particular organization. One of them is to manage all processes, where the relevant IT department implements cybersecurity solutions that will ensure the protection of equipment, communications, and data. If done correctly, this type of protection is powerful, and such an organization will have high-level control over all its aspects. However, this method requires significant financial costs for the purchase of expensive equipment, and the availability of highly qualified cybersecurity professionals to service it.Another option is to use an outsourced model of cybersecurity risk management, in which a number of cybersecurity services are provided by trusted third-party vendors through the providing of cybersecurity services.Cyber Security as a Service (CSaaS) is an outsourced model of cybersecurity risk management in which a trusted third-party provider integrates cybersecurity services into its own infrastructure and provides such cybersecurity services for an additional fee in the form of a service or subscription. The most common CSaaS options are DDoS protection, user access control, antivirus protection, anti-spyware protection, spam protection, network intrusion detection, vulnerability testing, incident management, staff training, etc.The world’s leading countries have long appreciated the benefits of implementing a market-based approach to cybersecurity in public-private partnerships. The experience of the United Kingdom can be useful in Ukraine. In the United Kingdom, government cybersecurity procurement programs have been successful alongside cybersecurity public-private partnership schemes.Conclusions and prospects for further research.One of the important principles on which cybersecurity in Ukraine should be based is the principle of state-private cooperation in the field of cybersecurity. An analysis of the experience of the United Kingdom of Great Britain in leveraging private sector capacities to implement cybersecurity has shown that the private sector plays an important role in providing quality digital services to the UK government.There is significant potential in the private sector, which can be considered as an important resource of the system of providing state cybersecurity of Ukraine. At the same time, when government authorities use the CSaaS model, the private sector must also be held accountable for protecting the data it owns, helping to ensure system resilience, must resolve cyber incidents, and be legally responsible for the consequences of potential cyber-attacks.