Unofficial transfer (c) Soyuzpravoinform LLC

ORDER OF THE DEPARTMENT OF ENERGY OF UKRAINE

of December 15, 2022 No. 417

About requirements for cyber security of the fuel and energy sector of critical infrastructure

According to Item 14 of general requirements to cyberprotection of the objects of critical infrastructure approved by the resolution of the Cabinet of Ministers of Ukraine of June 19, 2019 No. 518, for the purpose of realization of state policy of protection of objects of critical infrastructure of the fuel and energy sector of critical infrastructure I order:

1. Approve the enclosed requirements for cyber security of the fuel and energy sector of critical infrastructure.

2. To provide to management of digital development and cyber security submission of this order on state registration in the Ministry of Justice of Ukraine in accordance with the established procedure.

3. This order becomes effective from the date of its official publication.

4. To impose control over the implementation of this order on the deputy minister concerning digital development, digital transformations and digitalization of SAFAROVA Farid.

Approved by the Order of the Department of Energy of Ukraine of December 15, 2022 No. 417

Requirements to cyber security of the fuel and energy sector of critical infrastructure

1. These requirements determine measures of cyberprotection of the objects of critical information infrastructure operated on objects of critical infrastructure of the fuel and energy sector of critical infrastructure for achievement of specific target condition of cyber security.

2. In these requirements terms are used in the following value:

1) assets data, personnel, devices and data carriers allowing the operator of critical infrastructure to provide provision of the vital services and functions;

2) virtual private network (VirtualPrivateNetwork, VPN) - the technology allowing to create separately allocated virtual networks with one or several ciphered connections through the Internet;

3) ecosystem set of objects of critical infrastructure which interact and / or are interdependent from each other as suppliers or receivers of the main services, or are integrated among themselves on industry (sectoral) sign and/or process of provision of the main service or which directly influence possibility of provision of the main service;

4) cyberprotection profile - the structured description of the measures of cyberprotection realized on object of the critical information infrastructure operated on object of critical infrastructure of the fuel and energy sector of critical infrastructure considering practice of implementation of measures of cyberprotection and requirement of activities of object of critical infrastructure of the fuel and energy sector of critical infrastructure;

5) system (taxonomy) of measures of cyberprotection - the arranged set of measures for cyberprotection and desirable results of cyberprotection.

Other terms are used in the values given in the Laws of Ukraine "About critical infrastructure", "About the basic principles of cyber security of Ukraine", resolutions of the Cabinet of Ministers of Ukraine of October 09, 2020 No. 943 "Some questions of objects of critical information infrastructure" of October 09, 2020 No. 1109 "Some questions of objects of critical infrastructure", of June 19, 2019 No. 518 "About approval of general requirements to cyberprotection of objects of critical infrastructure" (further - the resolution No. 518).

3. In these requirements the reducings having the following values are used:

X - information and communication system;

KSZI-kompleksnaya system of information security;

OKI-object of critical infrastructure of the fuel and energy sector of critical infrastructure;

The OKII-object of critical information infrastructure operated on object of critical infrastructure of the fuel and energy sector of critical infrastructure;

Program-by-program providing;

SUIB-management system of information security.

4. These requirements enter the identical description of the used mechanisms of cyberprotection determined by the resolution No. 518, regulating documents in the field of technical information security, international standards concerning information security, cyber security and cyberprotection, and also information security mechanisms which are already implemented on OKA by operators of critical infrastructure.

5. These requirements are obligatory when implementing activities with:

implementation of the measures of cyberprotection directed to risk management of cyber security for OKII which are elements of one OKA and in cooperation with others of OKA, operators of critical infrastructure of the fuel and energy sector of critical infrastructure and other sectors of critical infrastructure;

implementation of system process for determination, assessment and risk management in the field of cyber security, plan development of enhancement of these activities for the corresponding approval of critical infrastructure by the operator and planning of financing of actions for its realization;

information security or implementation of KSZI for comparison to the cyberprotection measures stated in these requirements for the purpose of determination of shortcomings of the current activities for information security and risk management of cyber security, and also enhancement of system of information security;

at all stages of creation of KSZI, SUIB, information security systems or other systems of information security determined by the international and national standards;

development, production, testing, acceptance and delivery on;

designing, completing, installation, adjustment works, commissioning, operation and modification X;

development of the documents proving safety X and/or their components.

6. These requirements describe the general approach to ensuring cyber security allowing:

carry out the analysis and provide the characteristic of current status of cyber security of OKII;

describe target condition of cyber security of OKII;

determine and determine priorities, the level of implementation died cyberprotection in the context of the continuous and repeating risk management process in the field of cyber security of OKII;

estimate progress in achievement of target condition of cyber security of OKII;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info