Abstract
The object of research is the system and schemes of conformity assessment (certification) of cybersecurity of operational technologies (OT), as a set of rules and procedures that describe the objects of certification, determine the specified requirements and provide a methodology for certification. The terminological base and conceptual apparatus of the study of cybersecurity certification of operational technologies are based on the international standard ISO 17000:2020 Conformity assessment – Vocabulary and general principles. Cybersecurity certification systems and schemes are based on assessment standards, the choice and application of which is not unambiguous and historically has many interpretations and application mechanisms. These standards consist of tools, policies, security concepts, security assurances, guidelines, risk management approaches, best practices, safeguards, and technologies. But they have, to one degree or another, a significant drawback – the complexity of transforming the results of information security assessment according to these standards into security guarantees with any wide international recognition. In the context of globalization, this significantly degrades the cybersecurity quality. The main hypothesis of research is that the cybersecurity quality can be improved by converging towards a common methodology that is based on agreed international standards and international best practice for certification. The question of the key role of cybersecurity for operational technologies, which become the basis for Economy 4.0 and are now considered as a new frontier of cybersecurity, is considered. The need to create a system and schemes for certification of OT cybersecurity based on international and European certification principles is shown. A hierarchical model of cybersecurity certification system assessment standards and a hierarchical model of agreements on mutual recognition of cybersecurity certificates have been developed, which will allow a systematic approach to the creation of a system and schemes for OT cybersecurity certification. This provides an opportunity for developers of systems and certification schemes to form OT cybersecurity certification systems based on the principles of wide cross-border recognition of OT cybersecurity certificates.
Highlights
Network and information systems with related services play a central role in society
Among operational technologies (OT) technologies, cybersecurity of industrial automation and control systems (IACS) occupies a special place, which is an important part of most critical infrastructures and critical services
The aim of research is to develop models of assessment standards for the cybersecurity certification system and agreements on mutual recognition of cybersecurity certificates, which will allow a systematic approach to the creation of procedures for assessing the compliance of OT cybersecurity with cross-border recognition of certificates
Summary
Network and information systems with related services play a central role in society. By approaching component-based certification/conformity assessment, it is possible to define different security and assurance requirements for different elements of the overall IACS, depending on the system design, intended use and operating environment, and the TECHNOLOGY AUDIT AND PRODUCTION RESERVES — No 1/2(57), 2021. Certification systems and schemes can generally operate at the international, regional, national, subnational or sectoral level [6] These circumstances will require developers of OT cybersecurity certification systems and schemes to apply a certain methodological framework. This is most problematic in the case of international recognition of cybersecurity certificates obtained from national level certification bodies. It is relevant to create methodological support for the development of national systems and schemes for OT cybersecurity certification with cross-border recognition of certification results. The aim of research is to develop models of assessment standards for the cybersecurity certification system and agreements on mutual recognition of cybersecurity certificates, which will allow a systematic approach to the creation of procedures for assessing the compliance of OT cybersecurity with cross-border recognition of certificates
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
