Regulatory Framework for the Military Information Systems Support and Operation: Problems and Ways of Improvement
Abstract
Purpose: is to analyze regulatory challenges in maintaining and operating military information systems and justify the need for a unified military standard to ensure effective organization and management.
Method: system analysis, comparative analysis of regulatory documents, and expert assessments of current regulation effectiveness.
Research results: Key regulatory challenges in maintaining and operating military information systems have been identified, including fragmented regulations, misalignment with modern technological challenges, and the lack of unified security and lifecycle management standards. The need for a military standard establishing uniform requirements for these processes is substantiated.
Theoretical implications: The article contributes to the scientific foundation of regulatory support for maintaining and operating military information systems by proposing a systematic approach to their regulation. The developed conceptual approaches can be used to establish the methodological basis for military standards in this field.
Practical implications: The research findings can be used in the development and improvement of regulatory documents governing the maintenance and operation of information systems in the defense sector. The proposed solutions will enhance the efficiency and security of military information systems.
Originality / Value: The scientific novelty of the study lies in the comprehensive analysis of regulatory challenges in maintaining and operating military information systems and the justification for the creation of a military standard. For the first time, a systematic approach is proposed for developing a unified regulatory document that will ensure standardized and effective management of information system maintenance processes in the defense sector.
Type of article: theoretical with practical recommendations.
Downloads
References
On the Protection of Information in Information and Communication Systems: Law of Ukraine No. 80/94-ВР dated 05.07.1994 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/80/94-вр. (Date of access: 10.03.2025).
For information: Law of Ukraine No. 2657-XII of 02.10.1992 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/2657-12. (Date of access 10.03.2025).
On public procurement: Law of Ukraine No. 922-VIII of 25.12.2015 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/922-19. (Date of access 11.03.2025).
On approval of requirements for cyber protection of critical infrastructure facilities: Resolution of the Cabinet of Ministers of Ukraine No. 518 of 19.06.2019 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/518-2019. (Date of access 25.03.2025).
On approval of the Procedure for financial support of the needs of the national defense of the state, mobilization training, mobilization measures and the Armed Forces at the expense of charitable donations from individuals and legal entities: Resolution of the Cabinet of Ministers of Ukraine No. 339 of 27.05.2015. Available from : https://zakon.rada.gov.ua/laws/show/339-2015. (Date of application 14.03.2025).
Some issues of ensuring the development of innovations and technologies for defense needs: Resolution of the Cabinet of Ministers of Ukraine No. 262 of 08.03.2024. Available from : https://zakon.rada.gov.ua/laws/show/262-2024. (Date of access 18.03.2025).
On approval of the Procedure for the use of funds provided for in the state budget for the implementation of state target programs for the reform and development of the defense-industrial complex, the development, mastering and implementation of new technologies, and the expansion of existing production capacities for the manufacture of defense products: Resolution of the Cabinet of Ministers of Ukraine No. 544 of 23.08.2016 (as amended). Available from : https://zakon.rada.gov.ua/laws/show/544-2016. (Date of application 18.03.2025).
On approval of the Procedure for organizing technical support of information (automated), information and communication, electronic communication systems, special communication systems and users of such systems in the system of the Ministry of Defense of Ukraine: Order of the Ministry of Defense of Ukraine No. 240/nm dated 17.04.2024. Available from : https://zakon.rada.gov.ua/rada/show/v0240322-24. (Date of application 19.03.2025).
ISACA. COBIT 2019 Framework: Governance and Management Objectives. ISACA, 2018. 252 р.
DSTU ISO/IEC/IEEE 12207:2018. Systems and software engineering. Software life cycle processes. Valid from 15.08.2018. "UkrNDNC", 2018.
DSTU ISO/IEC/IEEE 15288:2016. Systems and Software Engineering. Systems Life Cycle Processes. Valid from 01.01.2018. "UkrNDNC", 2016.
DSTU ISO/IEC/IEEE 27001:2023. Information security, cybersecurity and privacy protection. Information security management systems. Requirements. Valid from 22.08.2023. "UkrNDNC", 2023.
DSTU ISO/IEC 27002:2023. Information security, cybersecurity and privacy protection. Information security controls. Valid from 22.08.023. "UkrNDNC", 2023.
DSTU ISO/IEC 27004:2018 Information technologies. Protection methods. Information security management systems. Monitoring, measurement, analysis and evaluation. Valid from 01.10.2018. "UkrNDNC", 2018.
DSTU ISO/IEC 27005:2023. Information security, cybersecurity and privacy protection. Information security risk management guidance. Valid from 22.08.2023. "UkrNDNC", 2023.
DSTU ISO/IEC 27007:2018. Information technologies. Protection methods. Guidance on auditing information security management systems. Valid from 01.01.2019. "UkrNDNC", 2018.
DSTU ISO/IEC TS 27008:2019. Information technologies. Protection methods. Guidance on assessing information security protection. Valid from 01.11.2019. "UkrNDNC", 2019.
DSTU ISO/IEC 27031:2015. Information technologies. Protection methods. Guidelines for the readiness of information and communication technologies for business continuity. Valid from 01.01.2016. "UkrNDNC", 2015.
DSTU ISO/IEC 27032:2024 Information technology. Protection methods. Guidelines for cybersecurity. Valid from 01.02.2025. "UkrNDNC", 2024.
Series of standards DSTU ISO/IEC 27033. Information technologies. Protection methods. Network protection. Parts 1 – 6. "UkrNDNC".
Series of standards DSTU ISO/IEC 27035. Information technologies. Protection methods. Information security incident management. Parts 1 – 3. "UkrNDNC".
DSTU ISO/IEC 20000 series of standards. Information technology. Service management. Parts 1 – 12. "UkrNDNC".
DSTU ISO/IEC 14764:2014. Software engineering. Software life cycle processes. Maintenance. Valid from 01.01.2016. "UkrNDNC", 2014.
DSTU EN ISO 22301:2021. Security and stability. Business continuity management systems. Requirements. Effective from 01.09.2022. "UkrNDNC", 2021.
DSTU ISO/IEC 15408 series of standards. Information technologies. Cybersecurity and privacy protection. IT security assessment criteria. Parts 1 – 5. "UkrNDNC".
DSTU ISO/IEC 29128-1:2024 Information security, cybersecurity and privacy protection. Verification of cryptographic protocols. Part 1. Structure. Valid from 01.02.2025. "UkrNDNC", 2024.
DSTU ISO/IEC 38500:2016 Information technology. IT management in the organization. Valid from 01.10.2017. "UkrNDNC", 2016.
DSTU V 15.003:2021. System for the development and commissioning of weapons and military equipment. Life cycle processes of weapons and military equipment. Effective from 01.09.2022. "UkrNDNC", 2021.
AAP-20. NATO Programme Management Framework (NATO Life Cycle Model). Ed. C, v. 1. NSO, Brussels, 1110 Belgium, 2015, 78 p.
AAP-48. NATO System Life Cycle Processes. Ed. C, v. 1. NSO, Brussels, 1110 Belgium, 2022, 202 p.
STANAG 4728. System Life Cycle Management. Ed. 2. NSO, Brussels, 1110 Belgium, 2022, 5 p.
ADatP-4774. Confidentiality metadata. Label Syntax. Ed. A, Ver. 1. NATO, Allied Data Processing Publication, 2017, 108 p.
ADatP-4778. Metadata Binding Mechanism. Ed. A, Ver. 1. NATO, Allied Data Processing Publication, 2018, 72 p.
MC 0458/4. NATO Education, Training, Exercises and Evaluation Policy. NATO, 2023, 48 p.
NIST SP 800-37 Rev. 2. Risk Management Framework (RMF) For Information System and Organizations. A System Life Cycle Approach for Security and Privacy. National Institute of Standards and Technology, U.S., Gaithersburg, 2018, 183 p.
NIST SP 800-53 Rev. 5. Security and Privacy Controls for Information System and Organizations. National Institute of Standards and Technology, U.S., Gaithersburg, 2020, 492 p.
NIST SP 800-83 Rev. 1. Guide to Malware Incident Prevention and Handling for Desktops and Laptops. National Institute of Standards and Technology, U.S., Gaithersburg, 2013, 47 p.
NIST SP 800-128. Guide for Security – Focused Configuration Management of Information System. National Institute of Standards and Technology, U.S., Gaithersburg, 2019, 99 p.
NIST SP 800-160 V. 1, Rev. 1. Engineering Trustworthy Secure System. National Institute of Standards and Technology, U.S., Gaithersburg, 2022, 195 p.
Serebro M.V. Peculiarities of administrative and legal regulation of the use and development of information technologies under martial law. Kyiv Law Journal, No. 3, 2024, pp. 177-183. https://doi.org/10.32782/klj/2024.3.26.
Rudenska G.V. Models and processes of the life cycle of the information system for managing defense resources. Collection of scientific papers of the Central Scientific and Technical University of Ukraine, No. 1(68), Kyiv, NUOU, 2020, pp. 59-65. https://doi.org/10.33099/2304-2745/2020-0/59-65.
Rybydaylo A., Galahan V., Vasyukhno S., Mulyavka A., Rudenska G. The procedure for organizing the creation of special software for military information systems. Collection of scientific works of the Central Scientific and Technological Center, No. 1(77), Kyiv, NUOU, 2023, pp. 69-78. https://doi.org/10.33099/2304-2745/2023-1-77/69-78.
Bondarchuk S., Vasyukhno S., Galahan V., Grinenko O. Proposals for the organization of information and analytical support for conducting informatization projects. Collection of scientific works of the Central Scientific and Technological Center, No. 3(73), Kyiv, NUOU, 2021, pp. 67-72. https://doi.org/10.33099/2304-2745/2021-3-73/68-73.
Andrii Diadechko, Ivan Datsenko, Oleksandr Holovchenko. Conceptual aspects of technological support of the information infrastructure of the Ministry of Defense of Ukraine. Modern information technologies in the sphere of security and defense, No. 51(3), Kyiv, NUOU, 2024, pp. 96-107. https://doi.org/10.33099/2311-7249/2024-51-3-96-107.
Abstract views: 18 PDF Downloads: 9
Copyright (c) 2025 Andrii Diadechko, Galyna Rudenska
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors agree with the following conditions:
1. Authors retain copyright and grant the journal right of first publication (Download agreement) with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors have the right to complete individual additional agreements for the non-exclusive spreading of the journal’s published version of the work (for example, to post work in the electronic repository of the institution or to publish it as part of a monograph), with the reference to the first publication of the work in this journal.
3. Journal’s politics allows and encourages the placement on the Internet (for example, in the repositories of institutions, personal websites, SSRN, ResearchGate, MPRA, SSOAR, etc.) manuscript of the work by the authors, before and during the process of viewing it by this journal, because it can lead to a productive research discussion and positively affect the efficiency and dynamics of citing the published work (see The Effect of Open Access).
