Application of a Hybrid Method for Key Energy Facilities Safety Assessment

Information Technologies (hereinafter – the “IT”) without security functions (hereinafter – the “SF”) are the exception rather than the rule nowadays [1 – 4]. Components of IT without SF are not a big problem since they can be replaced by analogs, which SF have, or can be supplemented by the necessary "imposed" SF, or we can "import" the required SF from the adjacent components of IT, which are an integral part of the information processing system (hereinafter – the “IPS”). Speaking further of IT, we will assume that the modern IT components presented in the competitive market for energy facilities (hereinafter – the “EF”) already have a certain set of SF and are able to support IT-security tasks (hereinafter – the “IST”). Many scientists have done enough research on various safety issues at facilities and published their results [5 – 13]. These studies also concern the causes of various incidents at key facilities, especially energy ones, risk identification, and the analysis of the consequences for safety. Against this background, the problem of adequate IT-security assessment of the EF is particularly relevant [14 – 16]. Indeed, why should we spend the resources on the implementation of additional "superimposed" SF in IPS, if there is an opportunity to optimize costs by using existing and practically "spent" SF? In this case, a reasonable solution would be to assess the existing level of IT-security related to the architecture of IPS resulting from the composition of IT-components that have SF for key EF [17 – 21]. Based on the results of the evaluation, it is possible to make a decision on the implementation of new additional SF in IPS based on documented facts.