Dane geoprzestrzenne jako szansa i zagrożenie dla bezpieczeństwa państwa

The study describes methods for protecting the critical infrastructure of a state. The article aims to determine the combination of protecting methods of the state’s critical infrastructure from terrorist activities, namely security, physical protection, protection of critical infrastructure, protection of critical information infrastructure, and prevention of emergencies of a terrorist nature at objects of critical infrastructure. It is necessary to fulfil the following objectives to achieve the aim: to consider the difference and interrelation of the concepts of critical infrastructure and information critical infrastructure; to characterise the general properties of various terms, in particular: security, physical protection, protection of critical infrastructure, protection of information critical infrastructure, prevention of terrorist emergencies at objects of critical infrastructure; to analyse from the scientific point of view the classical definitions of forms and methods of critical infrastructure protection; to propose a generalised structure of information and technical methods of critical infrastructure protection; to determine the possibility of using information and technical methods in various fields of knowledge to protect the state’s critical infrastructure from terrorist influence. In summary, the structure of information and technical methods for critical infrastructure protection consists of three components: a mathematical model that describes the process occurring at critical infrastructure, a control algorithm that implements the mathematical model, and procedures that indicate the order of actions for applying the method. The problem of protecting critical infrastructure from terrorist activities requires technical, legal, military, psychological, medical, chemical, biological, and other sciences to address it. Each type of science will use its specific methods to solve practical problems of preventing terrorist emergencies at critical infrastructure. For technical sciences, there will be information-technical, engineering-technical, operational-technical, organisational-technical, biotechnical, and other methods to prevent emergencies of a terroristic nature that need development shortly. Keywords: critical information infrastructure, protection, terror, security, terrorist emergency.

The article analyzes the existing legal mechanisms for managing critical information infrastructure in Ukraine. The instruments for their improvement are proposing in this article. An important component of critical infrastructure is its information component – a critical information infrastructure. The sphere of protection of critical information infrastructure in Ukraine is at the initial stage of formation. The current legislation defines only certain objects of socio-economic sphere, in which extraordinary events can lead to socially dangerous consequences. In view of the fact, that the term “critical information infrastructure” does not having a consistent interpretation in different countries, we propose our opinion. “Critical information infrastructure is a system of information management of critical facilities and information and communication networks that provide defense capabilities and security of public and private institutions, whose operation may flow to the national security of Ukraine” (KII). In the KII we can identified information and network components. Information environment of KII is a system for information management of critical objects, including computing and information resources that form automated control systems (ACS). The network component of KII consists of a set of telecommunication devices, communication lines and network equipment, systems of open protocols for the exchange of information between elecommunication devices, global system of digital addresses and digital identifiers, software. The Internet network can be considered as a technological add-on over a telecommunication network that provides the provision of data transmission and processing services (e-mail, teleconferencing, file transfer, access to computing and information systems in local area networks). The main threat to the safety of ACS of critical information infrastructure objects is targeted actions on information systems, information and telecommunication networks by software and hardware. KII legal security include two main components – national and international. The national component may be forming by a set of principles, legal institutions and norms, which are enshrined in the national legislation regulating public relations in Ukraine in the area of counteracting the security threats of the ACS of critical objects. In order to protect the most important objects of KII, it is necessary to identify these objects. The current legislation defines such categories of objects, for which special conditions for ensuring their protection and functioning are established. Some of them, in whole or in part, may be classifying as objects of critical infrastructure. The specificity of providing information security was reflecting in such Ukraine laws like “On the Fundamentals of National Security of Ukraine”, “On the Concept of the National Program of Informatization”, “On the National Program of Informatization”. As well as the Concept of Development of the Security and Defense Sector of Ukraine, the National Security Strategy of Ukraine, the Strategy of Cybersecurity Of Ukraine. The National Security Strategy identifies actual threats to national security and sets priorities for information security, cyber security and security of information resources and critical infrastructure. At the same time, the implementation of the state policy in the field of security of KII requires the further development of legal principles and norms governing the relevant social relations, that is, the national component of the legal security of KII. Ukraine should ensure the establishment of a nationwide system for assessing risks and threats to critical infrastructure, and after the legislative definition of the main terms, the implementation of the Identification of Critical Information Infrastructure objects. Identification of objects of critical information infrastructure can be accomplishing by introducing the certification of objects of critical information infrastructure. Such passports must contain general data about the facility, data on the main sources of danger, data on hazardous natural conditions, technological processes and response to threats. The international component of the legal security of KII provides for the regulation of a set of principles and norms defined by international treaties and recognized by the state, regulating issues of international cooperation in this area. Ukraine has signed the Convention on Cybercrime together with the member states of the Council of Europe and other States. It is aiming at stopping actions against the confidentiality, integrity and availability of computer systems, networks and computer data, as well as abusing such systems, networks and data by installing the criminal responsibility for such behavior, the provision of powers sufficient to combat criminal offenses, and the conclusion of agreements on rapid and reliable international cooperation. In addition, the plan of measures for 2017 on implementation of the Cybersecurity Strategy of Ukraine provides for the implementation of Directive 2008/114/EC on the protection of critical infrastructure, in particular on cybersecurity and cyber defense of critical infrastructure objects. Development of the system of international information security, the following main groups of international relations that requirenormative legal regulation within the framework of the legal security of KII: definition of the boundaries of the national KII in the global information and communication infrastructure and fixing signs of computer incidents in the control system of critical objects information infrastructure. The absence of generally recognized borders of state sovereignty of States in this space is a significant obstacle to the application of international law to the actions of other states. In particular, this impedes the establishment of limits of responsibility of states for violating the security of the KII and organizing international cooperation in the field of countering computer crime. The urgency of the legislative consolidation of signs of computer incidents in the automated control system of critical information infrastructure objects suggests the widespread use of the concept of “incident” in international law. An incident in cyberspace usually associated with a violation of the functioning of the components of cyberspace – an electronic collection environment and automated processing of information that determines the processes of the implementation of these operations, as well as information systems and automated control systems. The essence of the general definition of the “international incident” in the field of KII will be determining, firstly, by the nature of international relations between states that are violating by the “incident”. This event may be the result of unforeseen actions of the state, including actions that harm the interests of public bodies of one or more states, or, conversely, be one of many intentional but minor provocations carried out by agents of one state against another state. Given that international relations in the field of incidents in the field of KII are not regulating by international treaties, the main and, in fact, the only source of international law in this case serves as an international custom, however, its application to the sphere of KII is accompanying by considerable difficulties. For Ukraine, it is possible to introduce the positive experience of other states in the security of the KII. In particular, the problem of security of information technologies has been enshrined in the international standard ISO / IEC 15408 “General criteria for assessing the safety of information technology”.

In 2008, the European Union regulated the basics of the protection of critical infrastructures in a directive. The Member States therefore had to ensure that – in addition to the freedom of the method and means of implementation – the provisions of the directive were transposed into their national legal order. Accordingly, some Member States may define different detailed rules. The detailed rules related to the protection of critical infrastructures (e.g. the designation thresholds) are not public in several Member States, but in Germany and Hungary they have been recorded at the legislative level. In my study, I compare the rules related to the protection of critical healthcare infrastructures, including inpatient care institutions, primarily based on legal sources and the experiences of my study tour in Germany, from the selection criteria system to crisis planning. The good practices resulting from the differences and similarities to be discovered can help to revise and standardise the rules and practices related to the protection of critical health infrastructures.

The content outline: in accordance with law, the Polish critical infrastructure constitutes 11 sectors, vital for national security and public safety persistence. Two of the sectors (energy sector and transportation systems sector), are elements of the European Critical Infrastructure, and due to Poland’s EU and NATO membership, are subject to particular protection. The paper describes general principles of Polish critical infrastructure safety law acts and critical infrastructure sectors. Later in this paper, 4 alert states (THREATCON), and their impact on the critical infrastructure safety and protection were presented. The purpose and the program content of the National Critical Infrastructure Protection Programme and the National Infrastructure Protection Plan were described.

The research was conducted to study the state of development of the issue of protection of critical infrastructure in Ukraine. It is established that the world is increasingly using an integrated approach to ensuring the security of systems, facilities and resources that are crucial to the life of a state or association from criminal encroachments and terrorist threats, as well as threats of another nature - natural, technogenic, social, military ones.It is determined that the term “critical infrastructure” has not yet received its legislative definition, it is, de facto, already used in such fundamental regulations. Today in Ukraine only the legislative base for the protection of critical infrastructure is being formed and the body that will formulate the state policy for the protection of critical infrastructure, as well as the body (military formation) that will be responsible for implementing the tasks of protection of critical infrastructure remains undefined critical infrastructure from various threats.The purpose of the article is to conduct a research to study the state of development of the issue of protection of critical infrastructure in Ukraine and justify the tasks and powers of the National Guard of Ukraine in this area.A legal analysis of the implementation by the National Guard of Ukraine of the tasks to stop terrorist activities and counter-sabotage. It has been proved that the National Guard of Ukraine is involved in anti-terrorist activities and participates in the activities of the Unified State System of Prevention, Response and Cessation of Terrorist Acts and minimization of their consequences, without being part of the system of subjects of fight against terrorism. Counter-sabotage activities are a direct form of execution by the National Guard of Ukraine of tasks related to the cessation of terrorist activities.It is substantiated that at the stage of creation and organization of the State Critical Infrastructure Protection System, including by determining the Authorized Body for Critical Infrastructure Protection of Ukraine and determining the competence and authorities in the field of critical infrastructure protection of other subjects of the state critical infrastructure protection system. The National Guard of Ukraine in this system is not normatively defined.It is proved that the legal status, level of logistics and training of personnel, the presence of special units in the National Guard of Ukraine that perform the functions of units for counter-sabotage, their experience in performing counter-sabotage tasks in the field of the anti-terrorist operation and joint operations forces allow considering the National Guard of Ukraine the main subject of counter-sabotage activities ‒ the Authorized Body for Critical Infrastructure Protection of Ukraine both within the territorial defense and in peacetime for the protection of critical infrastructure.Areas of further research will focus on the protection of critical infrastructure in Ukraine.

According to the large number of cyber incidents that occur every day, the process of critical infrastructure protection is an important not only technical but also scientific task. However, not all states in the world have an opportunity to provide high-quality protection of such infrastructure at a high level. Based on the fact that the critical information infrastructure protection should be managed at the state level, states need to develop a regulatory framework to address the above issue. Considering the legal framework of Ukraine, as in most post-Soviet countries, there is no effective approach to the protection of critical information infrastructure, such as in the USA or in the EU. The legislation of Ukraine identifies only certain objects of the socio-economic sphere, emergencies where they can lead to socially dangerous consequences, while a single procedure for identification and classification of critical infrastructure is not developed. A number of basic terms in the field of critical infrastructure protection from cyber threats, including “critical infrastructure” term, remain normatively vague. The mechanism of organization of activity and interaction of state and private structures in the process of critical infrastructure protection needs scientific substantiation. In this paper, the analysis of the world’s best practices concerning critical information infrastructure protection was carried out, that allows to improve qualitatively, at the state legislative level and practice, process of critical information infrastructure protection of Ukraine.

Aim: As part of this article, an attempt was made to present the legislative process in Poland regarding critical infrastructure, for which valid is the Act of 26 April 2007 on crisis management, specifying, inter alia, authorities competent in crisis management and their tasks and principles of operation in this area as well as implementing acts issued on its basis. The introduced legal regulations define both the concept of critical infrastructure, its protection and activities related to the prevention of crisis situations, reacting in the event of their occurrence and preparation to take control over them, as well as removing their effects and recreating key resources. Introduction: Regulations concerning the protection of critical infrastructure are included in legal acts covering various areas of the country’s functioning, including telecommunications activities, production and trade in fuels and electricity, performance of defence tasks by entrepreneurs, creation of strategic reserves, powers of the minister competent for the State Treasury in some companies, protection of persons and the property. The protection of critical infrastructure is related to the raison d’état, which indicates the need to make special efforts to protect the country’s key infrastructure. Therefore, it is reasonable to present selected legal elements needed to protect critical infrastructure, especially those issues that ensure the continuity of the operation of public administration bodies, which are to ensure the safety of the citizens. Methodology: The article was prepared based on the analysis of the literature on the subject and the analysis of legal acts in the area of strengthening the concept of critical infrastructure, taking into account the current situation related to the pandemic and, consequently, the loss of some officers and employees. During the analysis of the conducted research, compact publications, acts of Polish law as well as guidelines and recommendations published on the websites of governmental institutions were used. Conclusions: In the protection of critical infrastructure, there is a need to introduce legal regulations within the framework of cooperation between institutions. The preparation of effective activities in the area of critical infrastructure requires a comprehensive approach, including: physical, technical, personal, ICT, legal protection, as well as assistance from the government in the reconstruction of the damaged element. Each of the areas mentioned above is a complex set of activities requiring general and specialist knowledge, sometimes expert knowledge, extensive practical experience (using the so-called good practices), risk analysis skills, and risk prediction (profiling). Keywords: act on crisis management, legal acts, crisis management, protection of critical infrastructure, identification Type of article: review article

In the information age, critical infrastructure have become largely computerized and interconnected throughout the world, and their scope has grown more and more. Indeed, a failure in one critical infrastructure could lead to serious consequences on national security, economic well-being, public health, safety, or any combination thereof, producing then cascading effects because of their synergies. Consequently, the reliability, performance, continuous operation, safety, and protection of these so-called critical infrastructures is essential toward society and its economy. Nevertheless, the protection of critical infrastructure is a classical method that opens the question on the situation of these infrastructures in case of failure. In response to this, several studies necessitate a further strengthening in terms of resilience of these infrastructures. The items explored in this paper discuss different aspects related to resilience that gives the foundation of resilience strategy. We present in one hand the state of the art regarding resilience view in Critical Infrastructures and gives a systematic approach that can be applied on it, introducing then the applicability of resilience policy on these infrastructures.

: Over the past decade, the cyber threat to critical infrastructure has grown to potentially catastrophic dimensions. Critical Infrastructure protection has become a matter of national security, public safety, and economic stability. It is imperative the U.S. Government (USG) examine current responsibilities, develop a comprehensive cybersecurity strategy, cybersecurity regulations, impose standards, and enforce the strongest security measures possible to protect the Nation from cyber attacks to critical infrastructure. This paper provides a background of what constitutes national critical infrastructure and Critical Infrastructure Protection (CIP), discusses the immense vulnerabilities, threats, and risks associated in the protection of critical infrastructure, and outlines governance and responsibilities of protecting vulnerable infrastructure. Finally, the paper will make recommendations for federal responsibilities and legislation to direct nation critical infrastructure efforts to ensure national security, public safety and economic stability.

Critical infrastructure represents a medium of national and international importance whose destruction, temporary or permanent disruption in process activities, would seriously endanger or weaken national and public safety, economic and social prosperity. Beside the internal threats, critical infrastructure is exposed to natural, technical-technological and anthropogenic threats, where terrorism is recognized to be one of the most unpredictable and dangerous sources of threats to the critical infrastructures. For that reason countries are responsible for the implementation and improvement of the critical infrastructures' protection and resilience to ensure survival, the development and advancement of individuals' and the social community, domestic and foreign economic subjects on their soil and, in partnership, achieving stability and safety of other countries. The goal of this work is to analyze how the Republic of Croatia has, so far, legally, regulatory and operationally developed protection and resilience of the national critical infrastructure, and give recommendations with regards to necessary steps in the continuation of the said process.

Governments have always been playing a central role for the provision and protection of critical infrastructures (infrastructures that are essential to national stability and security, such as energy, water or transport). Over the last decade, criticism on the increasing instability and vulnerability of these infrastructures emerged as they require special attention when it comes to modernization and protection, e.g. terrorism. Public-private partnerships open up public monopolies for competition and potential efficiency gains. In this paper, we show the risks and opportunities of including the private sector and consequently business interests on the example of transport infrastructure. We apply a novel institutional economic role model with which we can identify necessary roles (i.e. actions) for the provision and protection of critical transport infrastructure. We, then, provide a theory-driven discussion on the role of public and private actors. The results of our paper give an indication of the role of public policy for transport infrastructure. Taking a broader perspective, this paper will help to understand the effective ratio of public and private actions for the provision and protection of critical infrastructure.

Critical infrastructure protection is a concern that directly affects not only companies or governments, but also whole countries. This project focuses specifically on the telecommunications infrastructure, upon which many other critical infrastructures are dependent. This paper presents a model for critical infrastructure protection and a set of four methodologies that support the model, the first of which is MCI (methodology for critical infrastructure identification). MCI considers social, political and economic aspect to define the actual context of a country and, based on this context, it is possible to identify exactly which portions of the infrastructure can be considered critical. Application of MCI to the Brazilian telecommunications sector is demonstrated.

The world trends in increasing of threats of natural and man-made nature, a level of terrorist threats, the number and complexity of cyberattacks have caused the actualization of needs for critical information infrastructure protection and improvement it's informational security and functional safety. A critical information infrastructure is considered as a set of information and telecommunication systems, improper operation of which may lead to the occurrence of an accident of critical infrastructure (energy, transport, etc.), as well as to decrease in quality of its services. The subject of paper’s study is the mechanisms for ensuring the safety (protection) of critical information infrastructures. The purpose of the paper is to substantiate the approach to the development of methodological foundations and technologies for assessing and ensuring the safety (protection) of critical information infrastructures taking into account the state and capabilities of modern information technologies. The methods used are: systems analysis methods, mathematical optimization methods, safety, and risk theory methods. The following results were obtained. The main tasks of the critical infrastructure protection system are formulated. The necessity of using the system of protection of critical information infrastructure as part of the system of protection of critical infrastructure is substantiated. The concept and principles of the methodology for assessing and ensuring the safety (protection) of critical information infrastructures are developed, working hypotheses, methods and models necessary for their implementation are suggested. The way of interaction of the elements of the proposed methodology, tasks and elements of the critical infrastructure protection system is shown. The results obtained are aimed at solving of one fundamental problem such as the existence of a contradiction between the intensive development of critical information infrastructures, negative influences and threats of various nature and the lack of methodological foundations, models, methods and information technologies for assessment and assurance of critical information infrastructure security and safety. The results obtained should be used to create elements of informational and analytical support for the decision maker in solving tasks related to the assessment and security (protection) of critical infrastructure

The concept of “Critical Infrastructures” is constantly evolving in order to reflect current concerns and to respond to new challenges, especially in terms of (cyber)security and resilience. Protection of critical infrastructures against numerous threats has therefore developed into a high priority at national and EU level. During the last two decades a new type of threat has prevailed in the Critical Infrastructure threat landscape, that of cyberattacks; Protection against them is the primary focus of this paper. In order to do so the analysis first aims to drop some light into the differences between Critical Infrastructures and Critical Information Infrastructures, terms that are often confused, and to indicate possible inadequacies in the applicable protection regulatory regime. Finally, the health sector has been chosen as a sector-specific case in an effort to demonstrate how protection of a Critical Infrastructure, challenged as it has been with a constantly increasing number of cyber incidents, could be sufficiently protected in the new digitalised era.

The subject of this paper is a broadly understood critical infrastructure (CI) that performs a key role in the functioning of the state and the life of its citizens. Critical infrastructure can be destroyed or damaged, and its functioning can be disrupted both as a result of natural events and as a result of human activity. Hence, the lives and property of citizens may be at risk. Concomitantly, such events harm the economic development of the state. Therefore, the protection of critical infrastructure is one of the priorities facing the states. The aim of this paper is to present selected issues concerning risks and vulnerabilities within the protection of critical infrastructure.