METHODOLOGICAL PRINCIPLES OF CREATING A STRUCTURAL-FUNCTIONAL MODEL OF SPECIALIZED SOC-CENTERS FOR AVIATION ENTITIES OF UKRAINE

Abstract

The article is devoted to the study of the role of the Security Operations Center (SOC) as an organizational and operational mechanism for ensuring cyber resilience of civil aviation entities. The relevance of the topic is due to the high level of digitalization of the aviation industry, the integration of information and technological systems and the increase in the number of cyber threats that can affect the continuity of the functioning of critical aviation infrastructure.

The paper analyzes modern approaches to the organization of monitoring and response centers for cyber incidents, considers the conceptual principles of the functioning of SOC in the cybersecurity system and their role in ensuring continuous monitoring of information security events, detection and response to cyber incidents. An analysis of the world practice of creating and operating SOCs at critical civil aviation infrastructure facilities is conducted. Typical organizational models, functional tasks and features of their implementation in the infrastructure of airports certified under international law (ICAO) are identified.

Based on the analysis of international experience, regulatory requirements of the European Union and national legislation of Ukraine, the need to create specialized SOCs for aviation entities as a component of the system for ensuring cyber resilience of critical infrastructure is substantiated. A structural and functional model of the SOC of an ICAO-certified airport is proposed, which provides centralized monitoring of information security events in IT and OT environments, analysis of cyber incidents, coordination of response and integration of results into the risk management system. Methodological principles for the construction and implementation of SOCs are also formed, which provide for the formation of an operational monitoring circuit, analytical capabilities, response procedures and interaction with the national cyber incident response system.

The practical feasibility of the study lies in the formation of conceptual approaches to the creation of SOC for aviation entities in Ukraine, which allows to increase the efficiency of detecting and responding to cyber incidents, ensure the integration of airports into the national cybersecurity system, and increase the level of cyber resilience of critical civil aviation infrastructure.