RESOLUTION OF THE CABINET OF MINISTERS OF UKRAINE

of December 23, 2020 No. 1295

Some questions of ensuring functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks

For the purpose of ensuring functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks the Cabinet of Ministers of Ukraine decides:

1. Approve the Procedure for functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks which is applied.

2. Determine that and response to cyberincidents and cyber attacks the State center of cyberprotection of Public service of special communication and information protection is responsible for functioning of system of detection of vulnerabilities.

3. To provide to the ministries and other central executive bodies for the purpose of operational identification and response to cyberincidents and cyber attacks possibility of installation on subjects to cyberprotection which are in the field of their management, sets of the equipment of subsystem of collection of telemetry of information communications systems.

4. To give administrations of Public service of special communication and information protection annually till January 10 to the Cabinet of Ministers of Ukraine information on results of functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks.

Approved by the Resolution of the Cabinet of Ministers of Ukraine of December 23, 2020 , No. 1295

Procedure for functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks

1. This Procedure determines bases of functioning of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks which are performed concerning the subjects to cyberprotection determined by part two of article 4 of the Law of Ukraine "About the basic principles of ensuring cyber security of Ukraine".

Features of functioning of system of detection of vulnerabilities and response to cyberincidents and cyber attacks in bank system of Ukraine it is determined by National Bank.

Action of this Procedure does not extend to objects of critical information infrastructure of the Ministry of Defence and Armed Forces in the conditions of emergency and warlike situation.

2. Terms which are used in this Procedure have such value:

security administrator of subject to cyberprotection - person from number of persons employed of subject to cyberprotection which is responsible for security policy observance which tasks include ensuring processes of operation, functioning, setup program, hardware-software both hardware of information protection of subject to cybernetic protection and implementation of the current control of them;

security administrator of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks - person from number of persons employed (workers) of the State center of cyberprotection of Gosspetssvyaz which is responsible for security policy observance which tasks include ensuring processes of operation, functioning, setup program, hardware-software and hardware of information protection of subject to cybernetic protection, the system of detection of vulnerabilities and response to cyberincidents and cyber attacks and implementation of the current control of them;

the industry center for management of cyber security - the control center cyber security which functions on subject to cyberprotection of certain industry of national economy;

network telemetry (telemetric information) - set of information on condition of functioning program, hardware-software or the hardware of electronic communications or technological system;

security policy is set of the documentary decisions made by management of subject to cybernetic protection and directed to protection of telecommunication and (or) technological networks and systems, information and the resources (assets) associated with it;

the system of detection of vulnerabilities and response to cyberincidents and cyber attacks - set program and software and hardware tools which provide carrying out the round-the-clock monitoring, the analysis and transfer of telemetric information on cyberincidents and cyber attacks which happened or occur on subjects to cyberprotection and can have negative impact on their steady functioning;

the control center cyber security - set of organizational technical means, algorithms, decisions concerning collection, the analysis, visualization and data exchange on the revealed incidents of information security.

Other terms are used in the value given in the Laws of Ukraine "About information protection in information communications systems", "About electronic communications", "About Public service of special communication and information protection of Ukraine", "About the basic principles of ensuring cyber security of Ukraine".

3. Enter structure of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks:

1) subsystem of government team of response to computer extraordinary events of Ukraine of CERT-UA which provides centralized collection and accumulating of information on cyberthreats and cyberincidents received from different sources, including also open;

2) subsystem of detection and response to cyber attacks at the level of working and server stations ("ending points") which provides detection of harmful activity on them, response to it with actions for liquidation, minimization or isolation, blocking of the processes used by the malicious software;

3) subsystem of collection of telemetry of information communications systems (active sensors) (further - sensor) which provides:

collection and correlation of events of safety, including collection of network telemetry with the detailed information about network flows and sessions;

carrying out monitoring of electronic communication traffic for the purpose of identification of cyber attacks and cyberincidents;

detection and the analysis of the malicious software, including tracking and prevention of attempts of its distribution at the network layer;

The subsystem of the operational center of response to cyberincidents which is the central component of the system of detection of vulnerabilities and response to cyberincidents and cyber attacks and provides 4):

centralized operation by all subsystems of the system of detection of vulnerabilities and responses to cyberincidents and cyber attacks;

centralized collection and accumulating of information on network events of information security;

carrying out monitoring and processing in real time cyberthreats and cyberincidents.

4. The subsystem of the operational center of response to cyberincidents finds harmful activity, and also system and network anomalies on the subjects to cyberprotection by data analysis received from network devices (active sensors, fire-walls, vulnerability scanners), working and server stations, systems of authorization, internal and external data sources about cyberthreats.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info