Method for Cybersecurity Level Evaluation in the Civil Aviation Critical Infrastructure

In a country that is currently in the active phase of a full-scale war, the protection of critical information infrastructure is an extremely important and complex process that consists of many factors, such as: determining a list of critical objects, assessing the degree of their vulnerability and possible options for preventing attacks. Despite the importance of this task, at the time of writing no method has been identified that would allow to fully determine the level of cybersecurity of critical infrastructure objects or the state in general. The paper presents a list of the advantages and drawbacks of the found approaches, and subsequently introduces the new method for evaluating the cybersecurity level of a nation’s critical information infrastructure. Using the developed method, experiments were conducted to test the response of the method to changes in the input data using special software, which was also created. As a result, it is shown that this method and software can provide quantitative parameters characterizing the security level of the analyzed industry (civil aviation) and allow to compare the security level of critical objects before and after the implementation of security mechanisms. In other words, our approach can help improve the effectiveness of cybersecurity measures for critical information infrastructures.