Cybersecurity Systems Research Articles

Automated threat detection and response using LLM agents

The increase of cyber threats from individual cases to a worldwide problem is the reason why people have shifted their cybersecurity perspectives. Basic defense processes, originally well understood and effective, fail to match modern attacks’ complexity and velocity. Taking into consideration LLMs as a recent addition to AI, this paper aims at discussing their application in integrating threat detection and response automation systems. As a result, LLMs, which have higher capabilities for natural language processing, deliver a revolutionary perspective regarding cybersecurity. Since LLM agents can review massive amounts of security data, distinguish patterns, and create contextually appropriate responses, they can bridge the gap between emerging threats and stable security systems. The paper examines the tools used by LLM agents, such as natural language processing to analyse the logs, contextual anomaly detection, pattern identification in network traffic, and the analysis of the user’s behaviour. Also, it describes how LLM agents can support automated threat handling in the context of threat identification, alert prioritization, context-driven response generation, security policy enforcement, and threat handling. The integration of LLM agents into already known systems, including SIEM systems and AI-Ops platforms, is also considered, which allows for further conclusions on the opportunities to create proactive cybersecurity systems. However, open dilemmas such as adversarial attacks and interpretability are still present, the future for LLM agents in cybersecurity is still bright, and there are more possibilities in multi-modal threat analysis and quantum-safe LLM-based cryptography.

Survey of Transformer-Based Malicious Software Detection Systems

In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which have proven useful in the identification of malware. In view of this shift in the cybersecurity paradigm, this study proposes to discuss the utilization of transformer models to improve malware detection effectiveness and the accuracy and efficiency in detecting malicious software. In this regard, this study adopts the application of transformers in identifying different forms of malicious software: ransomware, spyware, and trojans. Transformers are endowed with the ability to handle sequential data and capture intricate patterns. By employing deep learning techniques and conducting thorough contextual analysis, these models enhance the detection process by identifying subtle indications of compromise, which traditional methods may overlook. This research also explains the challenges and limitations related to the application of transformer-based models in real-world cybersecurity settings, which include computing requirements and large-scale labeled datasets’ requirements. By the end, the article suggests potential future research avenues in order to improve and integrate these models into cybersecurity systems.

Kompetensi Digital dan Manajemen SDM TNI pada Era Revolusi Industri 4.0

The main problem in managing TNI human resources in the Industrial Revolution 4.0 era is the skills gap in facing the demands of advanced technology. Many personnel are not fully ready to master technologies such as AI, big data, and IoT which are increasingly crucial in modern military operations. The purpose of this study is to analyze TNI Digital Competence and Human Resource Management in the Industrial Revolution 4.0 Era. The method used is qualitative descriptive using the SWOT approach. The results of the study show that digital transformation in human resource management and operations of the Indonesian National Army (TNI) in the Industrial Revolution 4.0 era is a crucial strategy to strengthen national defense. The use of technologies such as artificial intelligence (AI), big data, Internet of Things (IoT), and virtual simulation (VR) increases operational efficiency and the accuracy of TNI decision-making. This technology also facilitates more realistic and interactive personnel training and reduces the risks and costs of training. However, the success of this transformation is highly dependent on the readiness of infrastructure and budget. Cooperation with industry through public-private partnerships (PPP) is needed to accelerate infrastructure development such as 5G networks and cybersecurity systems. In addition, the development of competent human resources through continuous digital training is a key element in adapting to the dynamics of information-based global threats.

Performance Comparative Study on Zero Day Malware Detection Using XGBoost and Random Forest Classifiers

Zero-day malware is a significant threat to cybersecurity as it is unknown to antivirus systems and can cause significant damage before being detected. Traditional malware detection methods rely on signatures and patterns specific to known malware, but these methods are ineffective against zero-day malware that has not been previously encountered. Machine learning has shown promise in detecting and classifying unknown threats, including zero-day malware. In this research, we propose using machine learning classifiers to detect and classify zero-day malware. The selected classifiers are Random Forest and XGBoost, well-known and widely used in machine learning. To evaluate the effectiveness of our approach, we first collect and pre-process a dataset of known malware. The dataset, Meraz'18, is used to train and test the selected classifiers. This dataset contains PEHeaders with static analysis performed with each section calculated on its entropy. The dataset contains a representation of benign and malicious files that has been use in previous studies for zero-day malware detection, namely during the payload injection phase. To prevent overfitting, 10-fold-cross-validation is utilized. The performance metrics of these classifiers such as F1-score, accuracy, Cohen’s kappa, precision and recall analyzed on the known malware dataset and evaluate their ability to detect and classify zero-day malware. Hyperparameter tuning is used to tune each model to give the best performance of each model. The results show that the proposed classifiers perform extremely well, both achieving up to almost 98% accuracy. Using machine learning classifiers for zero-day malware detection and classification can significantly improve cybersecurity by providing a way to detect and protect against unknown threats. This work is an essential step towards the development of more robust cybersecurity systems that can effectively protect against unknown threats.

Enhancing Cybersecurity in Energy IT Infrastructure Through a Layered Defense Approach to Major Malware Threats

This study examines the cybersecurity vulnerabilities of energy IT infrastructure in the context of rapid digital transformation and network expansion. While these advancements have improved efficiency, they have also increased susceptibility to cyber threats, particularly from malware such as Industroyer, Triton, NotPetya, and BlackEnergy3. By analyzing these malware threats, this research identifies key weaknesses in energy systems and highlights the need for enhanced anomaly detection, network segmentation, and system integrity checks. To address these vulnerabilities, this study proposes a layered security architecture in which each layer—physical, control, network, application, and security—provides independent protection while integrating into a unified defense strategy. This research emphasizes the necessity of combining technical-, organizational-, and policy-based responses to bolster cybersecurity across all levels of energy infrastructure. Key recommendations include immediate vulnerability patching, improved international cooperation, stronger legal frameworks, enhanced cybersecurity education, and the establishment of a unified command structure. This study provides practical insights and strategies for strengthening the cybersecurity of energy systems through a comprehensive, integrated approach.

TAIWAN (ROC) MUST ROCK! WHY TAIWAN'S CASE MATTERS?

The author discusses the subjectivity of Taiwan in the article. It must be remember that Taiwan is unrecognized as a state according to international public law. First then, author describes the theories of state elements. She also briefly characterizes the division of power in Taiwan. Then, she points to the organization of the cybersecurity system and methods of combating disinformation as an example of the efficient functioning of Taiwan as a state.

Studi Literatur: Strategi Pengamanan Siber dalam Menghadapi Cyber Crime

In the current digital era, cybersecurity of data and information systems. The threat of attacks, or , is a form of threat that continues to grow along with advances in technology. This research aims to learn about cybersecurity strategies in dealing with . The method used in this research is a literature review. This journal was prepared based on an analysis of research results from various journals accessed through secondary data sources, namely the Google Scholar database, and e-resources from Springer, Cambridge, and Taylor and Francis. The research results show that implementing technology such as encryption, multifactor authentication, and user training, are some of the effective steps that have been proven to reduce risk. However, challenges in implementing this strategy remain, both from a technical and non-technical perspective, which require special attention from researchers and practitioners in the field of cyber security.

Photonic Synapse of CrSBr/PtS2 Transistor for Neuromorphic Computing and Light Decoding

Abstract Field effect transistors based on 2D layered material have gained significant potential in emerging technologies, such as neuromorphic computing and ultrafast memory response for artificial intelligence applications. This study proposes a facile approach to fabricate an optoelectronic artificial synapse for neuromorphic computing and light‐decoding information system by utilizing the 2D heterostructure of CrSBr/PtS2 to overcome circuit complexity. The CrSBr layer serves as a trapping layer, while PtS2, mounted on top of CrSBr, acts as a channel layer. PtS2 exhibits n‐type semiconductor behavior with a hysteresis that varies with the thickness of the underlying CrSBr layer. The heterostructure device, featuring a 96.3 nm thick CrSBr layer, exhibited a large memory window of 11.9 V when the gate voltage is swept from −10 V to +10 V. Various synaptic behaviors are effectively demonstrated, including paired‐pulse facilitation, excitatory postsynaptic current, optical spike number and intensity‐dependent plasticity using laser light at a wavelength of 365 nm. The device achieves 26 distinct output signals depending on the intensity of the incident laser light, ranging from 10 to 385 mW cm−2, enabling its applications for light‐decoded information security systems. Thus, the investigation presents a unique approach to artificial intelligence and cybersecurity systems.

Cybersecurity lessons from the Vastaamo psychotherapy data breach for psychiatrists and other mental healthcare providers.

The Vastaamo psychotherapy data breach in Finland is perhaps the largest cybersecurity incident in mental healthcare to date, resulting in significant patient harm. There are specific lessons for mental healthcare providers from an analysis of the incident. Case study of this specific electronic health record data breach, based on detailed media reporting. The issues raised include: the importance of governance of the cybersecurity of sensitive personal patient data, such as compliance with legislative requirements on privacy and data security; specific security measures such as de-identification of data, data protection via passwords, multi-factor authentication, firewalls and encryption; and timely and effective communication, and support of those who have been affected. The implications for mental healthcare providers, including psychiatrists and trainees, are that, within their capability, providers need to assess the efficacy and robustness of cybersecurity of electronic health record systems they use, and carefully consider the information that is recorded to minimise exposures such as in the Vastaamo breach.

Enhancing Cybersecurity through AI-Powered Security Mechanisms

In the rapidly evolving landscape of digital technology, the proliferation of interconnected systems has brought unprecedented opportunities and challenges. Among these challenges, the escalating frequency and sophistication of cyberattacks pose significant threats to individuals, organizations, and nations. In response, the fusion of Cybersecurity and Artificial Intelligence (AI) has emerged as a pivotal paradigm, offering proactive, intelligent, and adaptable defense mechanisms. This research explores the transformative impacts of AI-powered security on cybersecurity, demonstrating how AI techniques, including machine learning, natural language processing, and anomaly detection, fortify digital infrastructures. By analyzing vast volumes of data at speeds beyond human capacity, AI-driven cybersecurity systems can identify subtle patterns indicative of potential threats, allowing for early detection and prevention. The exploration consolidates existing studies, highlighting the trends and gaps that this research addresses. Expanded results and discussions provide a detailed analysis of the practical benefits and challenges of AI applications in cybersecurity, including case studies that offer concrete evidence of AI's impact. Novel contributions are emphasized through comparisons with other studies, showcasing improvements in accuracy, precision, recall, and F-score metrics, which demonstrate the effectiveness of AI in enhancing cybersecurity measures. The synergy between AI and human expertise is explored, highlighting how AI-driven tools augment human analysts' capabilities. Ethical considerations and the "black box" nature of AI algorithms are addressed, advocating for transparent and interpretable AI models to foster trust and collaboration between man and machine. The challenges posed by adversarial AI, where threat actors exploit AI system vulnerabilities, are examined. Strategies for building robust AI security mechanisms, including adversarial training, model diversification, and advanced threat modeling, are discussed. The research also emphasizes a holistic approach that combines AI-driven automation with human intuition and domain knowledge. As AI continues to rapidly evolve, a proactive and dynamic cybersecurity posture can be established, bolstering defenses, mitigating risks, and ensuring the integrity of our increasingly interconnected digital world.

Strengthening Healthcare Data Security with Ai-Powered Threat Detection

As the healthcare industry undergoes rapid digital transformation, the need for robust cybersecurity measures has never been more critical. AI-driven solutions, such as Machine Learning (ML) and anomaly detection, are proving to be pivotal in securing healthcare data. These technologies enable healthcare organizations to identify cyber threats proactively, automate incident response, and enhance data security. Furthermore, AI's ability to provide continuous network monitoring, predictive analytics, and real-time anomaly detection offers healthcare providers the tools needed to mitigate risks before they escalate. This research highlights the key applications of AI in healthcare data security, including its effectiveness in vulnerability management and regulatory compliance. It also delves into the ethical and operational challenges of integrating AI-driven threat detection systems into healthcare settings, including concerns related to bias in AI models, regulatory hurdles, and the complexity of AI system integration into existing healthcare infrastructures. In a 2023 study, Accenture reported that AI-based cybersecurity systems reduced detection and response time by up to 60%, illustrating how AI accelerates response to potential data breaches​. Similarly, HIMSS noted that the risk of data breaches in healthcare could be halved by AI technologies that continuously monitor and analyze data​. These findings emphasize AI's role in minimizing the delays and errors typically associated with human-driven responses​. AI techniques such as supervised, unsupervised, and semi-supervised learning play a crucial role in anomaly detection. These models identify irregular patterns in healthcare systems, flagging potential threats even when subtle​. For example, deep learning approaches, including Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs), can uncover outliers in healthcare data, enhancing system security​. The ability of AI to continuously learn from previous attacks ensures that systems evolve with emerging threats, further solidifying its place in healthcare cybersecurity​. Additionally, AI aids in predictive analytics, which can forecast future cyber threats based on historical data, allowing healthcare providers to address vulnerabilities proactively​. By leveraging such capabilities, AI not only safeguards sensitive patient data but also enables healthcare institutions to stay compliant with stringent regulatory standards like HIPAA and GDPR​. However, AI implementation in healthcare security comes with its own challenges. Integrating AI into legacy systems requires substantial infrastructure upgrades, and the complexity of dynamic encryption can strain system resources​. Furthermore, the ethical concerns surrounding AI, such as the transparency of decision-making processes and potential bias in AI algorithms, must be carefully managed to ensure equitable and effective security solutions​

Addressing cybersecurity challenges in robotics: A comprehensive overview

As robotics technology becomes increasingly integrated into various sectors, ensuring the cybersecurity of robotic systems is paramount. This article provides an in-depth exploration of the cybersecurity challenges confronting robotics and offers strategies to address these concerns. With the growing connectivity and networking capabilities of robots, vulnerabilities such as unauthorized access, data breaches, and network attacks are significant threats [1]. Protecting sensitive data collected and processed by robots is crucial to preserving privacy and trust. Remote access features, while enhancing operational flexibility, also pose security risks if not adequately secured. Weak authentication mechanisms and insecure interfaces could allow malicious actors to compromise robot functionality. Furthermore, robots are susceptible to malware and cyber-attacks, including viruses, worms, and ransomware. To mitigate these risks, a comprehensive approach is necessary, incorporating secure design principles, robust authentication mechanisms, encryption techniques, and cybersecurity training. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is essential to develop resilient robotic systems capable of withstanding evolving cyber threats. This article underscores the importance of addressing cybersecurity challenges in robotics to ensure the safety and security of robotic deployments across diverse domains. As robotics technology evolves and becomes integral across various sectors, prioritizing cybersecurity [2] is crucial to protect these systems from unauthorized access, data breaches, and network attacks. The interconnected nature and remote access features of robots pose significant vulnerabilities. Comprehensive measures, including secure design, encryption, and cybersecurity training, are essential. Collaboration among industry stakeholders, researchers, policymakers, and cybersecurity experts is vital for developing resilient robotic systems. This article highlights the urgent need to address cybersecurity challenges to ensure the safety and integrity of robotic deployments.

Report on the 5th International Workshop on Engineering and Cybersecurity of Critical Systems and 2nd International Workshop on Software Vulnerability Management (EnCyCriS/SVM - 2024)

Increasing system interconnectivity, decentralization, and introduction of new, more intelligent technologies, result in critical infrastructures becoming exposed to increased risk of cyber, physical, and combine cyber-physical attacks. Cyber-attacks on critical systems can inflict severe consequences on to people, society, economy, and national security, and can have adverse effects on safety and reliability of critical infrastructures. The joint EnCyCriS-SVM workshop facilitates discourse and discussion among researchers, practitioner, and students who are working on challenges and solutions related to the industrial revolution. Focus is given on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms.

A COMPREHENSIVE REVIEW OF MACHINE LEARNING AND DEEP LEARNING APPLICATIONS IN CYBERSECURITY: AN INTERDISCIPLINARY APPROACH

Cybersecurity is increasingly becoming a critical concern as the complexity and frequency of cyber-attacks continue to rise. Machine learning (ML) and deep learning (DL) have emerged as powerful tools to enhance cybersecurity systems, offering dynamic capabilities in real-time threat detection, anomaly detection, and intrusion prevention. This article (45) presents a systematic review of the applications of ML and DL in cybersecurity, adhering to the PRISMA guidelines. The review covers several key domains, including network security, cloud security, and Internet of Things (IoT) security, highlighting how ML/DL models like convolutional neural networks (CNNs) and recurrent neural networks (RNNs) outperform traditional rule-based systems. It also addresses challenges such as adversarial attacks, data privacy concerns, and the computational resource demands of DL models. Current solutions like adversarial training, federated learning, and model optimization techniques are examined for their potential to mitigate these issues. The findings suggest that while ML/DL technologies hold great promise, further research and innovation are necessary to overcome the inherent challenges, ensuring that these systems can be deployed effectively and securely in real-world environments.

TrustGNN: Graph Neural Network-Based Trust Evaluation via Learnable Propagative and Composable Nature.

Trust evaluation is critical for many applications such as cyber security, social communication, and recommender systems. Users and trust relationships among them can be seen as a graph. Graph neural networks (GNNs) show their powerful ability for analyzing graph-structural data. Very recently, existing work attempted to introduce the attributes and asymmetry of edges into GNNs for trust evaluation, while failed to capture some essential properties (e.g., the propagative and composable nature) of trust graphs. In this work, we propose a new GNN-based trust evaluation method named TrustGNN, which integrates smartly the propagative and composable nature of trust graphs into a GNN framework for better trust evaluation. Specifically, TrustGNN designs specific propagative patterns for different propagative processes of trust, and distinguishes the contribution of different propagative processes to create new trust. Thus, TrustGNN can learn comprehensive node embeddings and predict trust relationships based on these embeddings. Experiments on some widely-used real-world datasets indicate that TrustGNN significantly outperforms the state-of-the-art methods. We further perform analytical experiments to demonstrate the effectiveness of the key designs in TrustGNN.

Enhancing Cybersecurity in Cloud Environments Using AI-Driven Threat Detection and Response

As cloud computing becomes increasingly integral to modern infrastructure, the importance of robust cybersecurity measures within cloud environments cannot be overstated. Traditional security approaches often fall short in addressing the dynamic and complex nature of cloud-based threats. This paper explores the application of artificial intelligence (AI) to enhance cybersecurity in cloud environments, with a focus on AI-driven threat detection and response systems. By leveraging machine learning algorithms and deep learning models, AI can analyze vast amounts of data in real-time, identifying anomalies and potential threats with greater accuracy and speed than conventional methods. This research presents a comprehensive framework that integrates AI-driven solutions for proactive threat detection, automated incident response, and continuous security monitoring. The framework is designed to adapt to evolving threats, offering a scalable and efficient defense mechanism against sophisticated cyber-attacks. This paper includes case studies and experimental evaluations that demonstrate the effectiveness of AI-based approaches in reducing false positives, improving detection rates, and accelerating response times. The findings underscore AI’s critical role in advancing cloud security and protecting sensitive data in an increasingly digital world. The results indicate that AI-driven cybersecurity systems significantly enhance the security posture of cloud environments, making them more resilient against emerging threats. This study concludes with a discussion on the challenges and future directions for AI in cybersecurity, emphasizing the need for ongoing research to address issues such as model interpretability, data privacy, and the integration of AI with existing security infrastructures.

OPTIMIZED DEEP LEARNING FOR CYBER INTRUSION DETECTION AND SECURED COMMUNICATION IN MANET

The popularity of the Mobile Ad-Hoc Network increases with low expense solutions to the real time applications. The dynamic nature, limited centralized system with low bandwidth often susceptible to the security threads and became the hot topic. To protect the MANET system it is essential to implement a secured system. The purpose of this work is to design an intelligent Cyber Security System (CSS) by collecting the threads data from the MANET system. Initially, the data is pre-processed using the Min-Max normalization technique, followed by the feature selection with the newly approached Mother Optimization algorithm (MOA). The feature selection is effectuated for speedy classification of intrusions and prevent the attacks and therein significantly enhances the security. To provide the security to the MANET system the work proposes a novel Adaptive Deep Belief Network (ADBN). This classifies the attacks and normal data and prevents the system from falling for the threat. Simulation is performed in NS2 and analyzed the effectiveness of the proposed work with existing systems. Our proposed work effectively enhances the security of the MANET system and surpasses all the other works.

Explainable deep learning approach for advanced persistent threats (APTs) detection in cybersecurity: a review

In recent years, Advanced Persistent Threat (APT) attacks on network systems have increased through sophisticated fraud tactics. Traditional Intrusion Detection Systems (IDSs) suffer from low detection accuracy, high false-positive rates, and difficulty identifying unknown attacks such as remote-to-local (R2L) and user-to-root (U2R) attacks. This paper addresses these challenges by providing a foundational discussion of APTs and the limitations of existing detection methods. It then pivots to explore the novel integration of deep learning techniques and Explainable Artificial Intelligence (XAI) to improve APT detection. This paper aims to fill the gaps in the current research by providing a thorough analysis of how XAI methods, such as Shapley Additive Explanations (SHAP) and Local Interpretable Model-agnostic Explanations (LIME), can make black-box models more transparent and interpretable. The objective is to demonstrate the necessity of explainability in APT detection and propose solutions that enhance the trustworthiness and effectiveness of these models. It offers a critical analysis of existing approaches, highlights their strengths and limitations, and identifies open issues that require further research. This paper also suggests future research directions to combat evolving threats, paving the way for more effective and reliable cybersecurity solutions. Overall, this paper emphasizes the importance of explainability in enhancing the performance and trustworthiness of cybersecurity systems.

Optimization of machine learning model training procedure on multi-gpu systems to enhance cyber security in telecommunication networks

This paper analyzes the optimization features of machine learning (ML) model training procedures using multi-GPU systems to enhance cyber security in telecommunication networks. A key aspect of the study is the use of data parallelism, which allows the distribution of the training load across multiple GPUs, significantly reducing training time and improving model accuracy-critical factors for rapid threat detection in cyberspace. A novel approach for optimizing data batch size using Mutual Information (MI) is proposed, which harmonizes the utilization of computational resources with the information content of the training data. MI helps to determine the optimal data batch size that minimizes training errors and improves model accuracy without a significant increase in training time. Experimental results demonstrate the substantial advantages of multi-GPU configurations compared to single-GPU setups, providing faster training and improved model accuracy. It was particularly emphasized that MI-guided batch size tuning significantly outperforms traditional manual tuning methods, ensuring higher validation accuracy and reducing training time. The study showed that the MI-based approach is an effective tool for addressing the problem of optimizing ML model training processes in real-world scenarios where cyber security is critical. The proposed methods allow ML models to train faster and more accurately identify potential threats, making them particularly relevant for telecommunication networks where a rapid response to new threats in real time is required. The implementation of modern computational technologies such as multi-GPU systems and MI-optimized training enhances the efficiency and accuracy of machine learning models. This, in turn, improves cyber security measures and ensures a more reliable defence of telecommunication networks against malicious attacks. It is noted that the proposed approaches can be adapted not only for cyber security but also for other areas where high model accuracy and fast training are important. Future research prospects include the development of new machine learning methods, particularly deep neural networks, the exploration of alternative computational architectures such as quantum computing or distributed systems, and their integration into real-time systems. Special attention should be paid to the ethical aspects of implementing automated cyber security systems, particularly in preventing bias in algorithms and ensuring fairness in their application.

Maturity of the country's cybersecurity system in the conditions of war: assessment trends

Methods. The study used the following methods: an inductive approach to formulating the concept of maturity of the country's cybersecurity system in military conditions; a deductive method to derive the concept of assessing the maturity of the country's cybersecurity system during military operations; content analysis identified the key elements of assessing the maturity of the national cybersecurity system in military operations; strategic analysis identified the main vectors of assessing the problem under study, and the latest approaches to assessing the national cybersecurity system. Results. The latest trends in assessing the maturity of the country's cybersecurity system, taking into account the aspect of military conditions, are identified: the existing regulatory and legal framework at the international and national levels is indicated; the concept of maturity and assessment of the maturity of the country's cybersecurity system during military operations is formulated. The paper outlines the key elements of assessing the maturity of the national cybersecurity system in military operations: adaptability, interoperability, readiness, partnership, cyber reserves, vulnerabilities and threats, and training. The main vectors of assessment are identified: assessment of cyber threats, cyber attacks, infrastructure protection, interaction of cybersecurity actors, level of personnel training; the latest approaches to system assessment are noted. A scheme of future key challenges, trends, and recommendations for assessing the maturity of the national cybersecurity system in wartime has been formed. Novelty. The study of the specifics of assessing the maturity of the country's cybersecurity system identifies key elements, vectors, approaches, and methods for assessing the cyber defence system. Weaknesses and vulnerabilities, existing progress in the development of cyber defence of the system are identified, and the necessary activities to enhance the effectiveness of national security in times of war are identified. Practical value. The experience of previous achievements in the functioning of cybersecurity systems is summarised, the most effective practices and methods of cyber resilience are identified, recommendations for assessing the maturity of the national cybersecurity system in times of war are proposed, which will optimise existing and potential resources, and will help to create the preconditions for further development of the latest model of cyber defence assessment.