Security monitoring of computerized boiler rooms with network access and risk assessment on a logicalprobabilistic model

We consider one of the existing technologies, scilicet of the multi-shift safety monitoring, which implies tracking of the integrity of the information system (IS) by periodically replacing each other operators in the interval between diagnostics of the system, in relation to computerized boiler-rooms with network access. Herein the IS of the boiler-house is taken into account as protected from dangerous software-engineering influences through the computer network only if to the beginning of the specified period of time the integrity of the system is ensured and throughout this set period the sources of danger do not penetrate the system (with a calculated probability). Here the operator of the boiler-room figures as an eventual link of the series of the controlled, including the program level, barriers for (external) network malefactor. For computerized boiler-houses, depending on the ratios for the duration of the operator’s work during each shift, the specified period of safe operation and the period between diagnostics, three variants are considered that are typical for this technology. The possibilities of applying the latter in the foreshortening of risk assessment of emergency situations (ES) within the previously developed by the author logical-probabilistic model for computerized boiler-houses are discussed.

unauthorized access (uaA), reliability, risk, computer intrusion detection system

1. Federal law of 21 July 2011 № 256-FL "About safety of objects of fuel-energy complex" (with changes and additions).

2. ISO/IEC 27002:2012. Information technology. Security techniques. Code of practice for information security management.

3. Court S. S. Theoretical foundations of information security: the training manual. Moscow: Helios ARV, 2004. 240 p.

4. Kostogryzov A. I., Petukhov A. V., Shcherbina A. M. The basis of evaluation, providing and improving the quality of output information in MIS of the organizational type. M.: Weapon. Policy. Conversion, 1994. 278 p.

5. Melnikov V. V. Information security in automated systems. M.: Finance and statistics, 2003. 368 p.

6. Ryabinin I. A. Reliability and safety of structural-complex systems. SPb.: Polytechnic, 2000. 248 p.

7. Sokolov Yu. I. A new type of risks: cyber risks // Issues of risk analysis. 2016. V. 13. No. 6. P. 6—21.

8. Sheptunov M. V. Boiler-houses as the computerized objects of protection at foreshortening of reliability and safety of structuralcomplex systems // Issues of risk analysis. 2018. V. 15. No. 1. P. 80—88.