Matters of trusted development framework creation and implementation of intelligent water transportation systems.

Aim. Threats of a non-physical nature have a significant effect on the security of intelligent transportation systems (ITS). They may have the form of unlawful interference in the development and implementation of ITS. The creation of a trusted framework for the development and implementation of ITS is examined as in the case of intelligent water transportation systems (IWTS). Problems. By decree of the President of the Russian Federation, ITS, telecommunications and security of information processing are among the priority areas of scientific and technological development. ITS technologies, as well as those involved in the creation of trusted, secure system and application software are among the most important critical high technologies. The operation of ITS involves wide use of computerised systems that implement the latest information and telecommunication technologies, automated and automatic control technologies, artificial intelligence that can pose security threats. ITS are to be developed and operated in a trusted environment. Methods. The paper used the methodology for ensuring the security of IWTS, development of secure hardware and software platforms for secure automated systems, methods of system analysis, dependability theory, information protection, and law. Results. The paper defines the problem of creating a trusted framework for the development and implementation of IWTS, the applicable terminology is developed. The author examined the effect of IWTS on the security of critical information infrastructure (CII) and national security, developed a model of relationships between the IWTS security domains taking into account threats of physical and non-physical origin. Examples of computer incidents within IWTS that caused consequences at the national and international levels are given. The composition of the IWTS facilities attributed to CII is defined, critical processes implemented by standard CII facilities as part of the IWTS are set forth. The author lists conceptual problems of IWTS security, defines the principles of creating a trusted framework for the development and implementation of IWTS. Conclusion. Ensuring the security of IWTS against modern threats requires solving a number of problems associated with the creation of a trusted framework for the development and implementation of IWTS. For the purpose of improving the timeliness and quality of their solution, the paper proposes an intuitive terminology that reflects the subject area and helps finding a common understanding of the security domain by experts from various industries. IWTS facilities have an effect on CII security and national security in general. That is taken into account in the model of relationships between IWTS security domains, demonstrated using cases of computer incidents within IWTS that caused consequences at the national and international level. Given the above, the paper lists IWTS facilities attributed to CII and sets forth examples of critical processes implemented by standard CII facilities as part of the IWTS. The defined list of conceptual IWTS security problems take into account the growing landscape of IWTS security threats that includes insecure software, hardware and software platforms, software and hardware systems and emerging technologies. When developing the principles for the creation of a trusted IWTS development and implementation framework, the author took into account the best practice of implementing the methodology for creating national secure hardware and software platforms of CII facilities that enables the creation of secure automated systems for various applications that are based on domestically-developed solutions. The examined matters are of a systemic nature, which allows using the findings in the development and implementation of ITS in other modes of transportation.

1. Mikhalevich I.F. Conceptual problems of transportation security of intelligent water transportation systems. Dependability 2024;24(2):72-87. (in Russ.) DOI: 10.21683/1729-2646-2024-24-2-72-87.

2. Mikhalevich I.F. [Challenges in ensuring safe autonomous navigation on inland waterways]. Moscow: Goriachaya liniya – Telekom; 2024. (in Russ.)

3. Shubinsky I.B., Rozenberg E.N. General provisions of the substantiation of functional safety of intelligent systems in railway transportation. Dependability 2023;3:38-45. (in Russ.) DOI: 10.21683/1729-2646-2023-23-3-38-45.

4. Shubinsky I.B., Rozenberg E.N, Bochkov A.V. [Dependability, risks, safety of control systems in railway transportation]. Moscow; Vologda: Infra-Engineering; 2024. (in Russ.)

5. Shubinsky I.B., Rozenberg E.N. [Functional safety of control systems in railway transportation]. Moscow; Vologda: Infra-Inzheneria; 2023. (in Russ.)

6. Maritime Cyber Attack Database (MCAD). (accessed 30.03.2025). Available at: https://maritimecybersecurity.nl/.

7. Semenov S.A. [Cybersecurity of sea and river transport]. Transport Rossiuskoy Federatsii 2018;1(74):43-46. (in Russ)

8. Legusha S.F. Cyber problems in water transport concerning the efforts of the main players in the maritime industry and classification societies on the example of the Russian Maritime Shipping Register. Transport law and security 2022;4(44):183-194. (in Russ).

9. Annual Threat Assessment 2024. The Nordic Maritime Cyber Resilience Centre. (accessed 30.03.2025). Available at: https://static1.squarespace.com/static/5fae4682cc2b52123f436f99/t/6614e6a60fbde93c9dfdc4e3/1712645824622/Norma+Cyber+Annual+Threat+Assessment+-+Spreads.pdf.

10. Q2 2024 – a brief overview of the main incidents in industrial cybersecurity. Kaspersky ICS CERT Analytical Report. (accessed 30.03.2025). Available at: https://ics-cert.kaspersky.com/publications/reports/2024/11/08/q2-2024-a-brief-over-view-of-the-main-incidents-in-industrial-cybersecurity.

11. Threat landscape for industrial automation systems. Q2 2024. Kaspersky ICS CERT Analytical Report/ (accessed 30.03.2025). Available at: https://ics-cert.kaspersky.com/publications/reports/2024/09/26/threat-landscape-for-industrial-automation-systems-q2-2024.

12. Namiot D., Ilyushin E., Chizov I. Artificial intelligence and cybersecurity. International Journal of Open Information Technologies 2022;10(9):135-147. (in Russ.)

13. Yamin M.M. et al. Weaponized AI for cyber attacks. Journal of Information Security and Applications 2021;57:102722. DOI: 10.1016/j.jisa.2020.102722.

14. Nwakanma C.I., Ahakonye L.A.C., Njoku J.N. et al. Explainable Artificial Intelligence (XAI) for Intrusion Detection and Mitigation in Intelligent Connected Vehicles: A Review. Appl. Sci. 2023;13:1252. DOI: 10.3390/app13031252.

15. Mikhalevich I.F. Methodological foundations of creation of national protected hardware-software platforms for critical information infrastructures. T-Comm 2018;12(3):75-81. (in Russ.).

16. Mikhalevich I.F. [Challenges in creating a trusted environment for the operation of secure automated control systems]. In: Proceedings of the XII All-Russian Meeting on Management Problems (VSPU-2014, Moscow). Moscow: V.A. Trapeznikov Institute of Control Sciences of the Russian Academy of Sciences; 2014. Pp. 9201-9207. (in Russ.)

17. Zegzhda D.P., Ivashko A.M. [Towards the creation of secure information processing systems]. Information Security Problems. Computer Systems 1999;1:99-107. (in Russ.)

18. Zegzhda D.P., Ivashko A.M. [Process of creating secure information processing systems using a domestically-developed secure operating system]. Information Security Problems. Computer Systems 1999;2:59-66. (in Russ.)

19.