QO‘RIQLANADIGAN OBYEKTLAR INFRATUZILMASI KIBERXAVFSIZLIGINING ZAMONAVIY-NAZARIY YONDASHUVLARI VA TAMOYILLARI
Keywords:
kiberxavfsizlik, qo‘riqlanadigan obyektlar, infratuzilma, xavfsizlik tamoyillari, texnologik himoya, kiberxavflar, xavfni boshqarishAbstract
ushbu maqolada qo‘riqlanadigan obyektlar infratuzilmasining kiberxavfsizligi bo‘yicha zamonaviy nazariy yondashuvlar va tamoyillar tahlil qilinadi. Kiberxavfsizlik sohasidagi dolzarb muammolar, xavf-xatarlar va ularning oldini olishga qaratilgan strategiyalar ko‘rib chiqilib, korxona va davlat obyektlari infratuzilmasini himoya qilishda amaliy tavsiyalar beriladi. Shuningdek, zamonaviy texnologiyalar va xalqaro tajribalar asosida himoya mexanizmlarining samaradorligini oshirish yo‘llari ko‘rsatib o‘tiladi.
References
1. Anderson, R. J. (1994). Why cryptosystems fail. Communications of the ACM, 37(11), 32-40. https://doi.org/10.1145/188699.188719
2. Smith, T. (1996). Risks in SCADA systems: Early warnings and emerging concerns. Journal of Infrastructure Security, 4(2), 45-57.
3. Slay, J., & Miller, M. (2008). Lessons learned from the Maroochy water breach. In E. Goetz & S. Shenoi (Eds.), Critical Infrastructure Protection (pp. 73-82). Springer. This case study examines the 2000 Maroochy Water Services cyber-attack in Australia, where a disgruntled former employee remotely accessed the SCADA system and released sewage into local waterways. The incident demonstrated how malicious actors could compromise industrial control systems to cause physical damage, revealing critical vulnerabilities in infrastructure protection approaches. The analysis highlights how this watershed event catalyzed significant reconsideration of cybersecurity approaches for critical infrastructure.
4. Brown, K. (2006). Critical infrastructure protection: Legislative frameworks and regulatory approaches. International Journal of Critical Infrastructure Protection, 1(1), 42-53.
5. Citron, D. K. (2007). Reservoirs of danger: The evolution of public and private law at the dawn of the information age. Southern California Law Review, 80(2), 241-297.
6. Lewis, T. G. (2006). Critical infrastructure protection in homeland security: Defending a networked nation. Wiley-Interscience.
7. Stouffer, K., Falco, J., & Scarfone, K. (2008). Guide to industrial control systems (ICS) security (NIST Special Publication 800-82). National Institute of Standards and Technology.
8. European Parliament and Council. (2016). Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union, L 194, 1-30.
9. Farwell, J. P., & Rohozinski, R. (2011). Stuxnet and the future of cyber war. Survival, 53(1), 23-40. https://doi.org/10.1080/00396338.2011.555586
10. Zetter, K. (2016). Inside the cunning, unprecedented hack of Ukraine's power grid. Wired. Retrieved from https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
11. Schmitt, M. N. (Ed.). (2017). Tallinn manual 2.0 on the international law applicable to cyber operations. Cambridge University Press.
12. United Nations Commission on International Trade Law. (2018). UNCITRAL model law on electronic transferable records. United Nations.
13. International Organization for Standardization. (2022). Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022). ISO/IEC.
14. European Parliament and Council. (2019). Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification. Official Journal of the European Union, L 151, 15-69.
15. Cybersecurity and Infrastructure Security Agency. (2023). Critical infrastructure security and resilience guidance. US Department of Homeland Security.
16. Mitrakas, A. (2018). The emerging EU framework on cybersecurity certification. Datenschutz und Datensicherheit, 42(7), 411-414.
17. Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). Integrating cost-benefit analysis into the NIST Cybersecurity Framework. Journal of Cybersecurity, 6(1), tyaa005. https://doi.org/10.1093/cybsec/tyaa005
18. Kerr, O. S. (2009). Computer crime law. Thomson/West.
19. World Bank. (2020). The economics of cybersecurity: Principles and policy options. World Bank Group.
20. Suter, M. (2018). Economics of cybersecurity. In M. Christen, B. Gordijn, & M. Loi (Eds.), The ethics of cybersecurity (pp. 195-210). Springer.
21. FAIR Institute. (2019). Fair risk analysis methodology. Factor Analysis of Information Risk Institute.
22. Laube, S., & B?hme, R. (2017). Strategic aspects of cyber risk information sharing. ACM Computing Surveys, 50(5), 1-36. https://doi.org/10.1145/3124398
23. World Economic Forum. (2019). Partnering for cyber resilience: Towards the quantification of cyber threats. World Economic Forum.
24. United States Department of Homeland Security. (2019). Information sharing and analysis organizations (ISAOs): Overview and characterization. DHS.
25. Israel National Cyber Directorate. (2018). Israel national cyber security strategy in brief. Government of Israel.
26. Shanghai Cooperation Organization. (2009). Agreement on cooperation in the field of international information security. SCO.
27. Eurasian Economic Commission. (2018). On the strategy for ensuring the information security of the member states of the Eurasian Economic Union. Eurasian Economic Commission.
28. United Nations Group of Governmental Experts. (2015). Report of the Group of Governmental Experts on developments in the field of information and telecommunications in the context of international security (A/70/174). United Nations.
29. Healey, J., & Jervis, R. (2020). The escalation inversion and other oddities of situational cyber stability. Texas National Security Review, 3(4), 30-53.
30. Greenleaf, G. (2017). Global data privacy laws 2017: 120 national data privacy laws, including Indonesia and Turkey. Privacy Laws & Business International Report, 145, 10-13.
31. European Parliament and Council. (2016). Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Official Journal of the European Union, L 119, 1-88.
