IMPROVING QUALIMETRIC APPROACHES TO RISK ASSESSMENT OF ENERGY COMPANIES TAKING INTO ACCOUNT CYBERSECURITY ASPECTS

Lysenko A. V. N. Karazin Kharkiv National University https://orcid.org/0009-0007-3916-8029
Nos R. V. N. Karazin Kharkiv National University https://orcid.org/0009-0006-5391-7703
Mazorchuk K. V. N. Karazin Kharkiv National University https://orcid.org/0009-0001-0769-4872
Nehodov S. V. N. Karazin Kharkiv National University https://orcid.org/0000-0003-3561-6924

Keywords: risk, qualimetric approach, energy companies, cyber threats, assessment, risk matrices

Abstract

DOI: https://doi.org/10.26565/2079-1747-2025-36-10

The article considers the possibility of applying qualimetric approaches to risk assessment, taking into account modern aspects of cyber threats arising in energy enterprises. For the purpose of risk assessment and management, the scientific, technical and regulatory framework was analysed and an algorithmic scheme was proposed that takes into account the cyber component, which is both a separate threat to the functioning of an energy enterprise and can influence other threats of various nature, and as a result increase the overall risk level. In the course of the study, a scientifically based methodology for assessing the level of enterprise security, taking into account cyber threats, was developed. The proposed approach combines qualimetric methods and a modified system of weighting coefficients, which made it possible to form an integrated risk analysis model that provides a more comprehensive view of the state of security of the and enables the timely detection of critical vulnerabilities both at the stage of planning security measures and during the adoption of management decisions in the course of operations. The study analysed the basic threats to a nuclear power plant, which made it possible to identify hidden threats, namely, it was established that the failure of cooling systems can be caused not only by physical malfunctions, but also by deliberate interference with software or distortion of sensor signals, which is taken into account when assessing risks. The paper presents a visualisation of risk assessment in the form of a 3D risk matrix with a cyber component, which provides a better understanding and helps energy company managers quickly identify the most critical risks in which the cyber factor significantly increases the threat. The application of the integrated model has shown that the actual level of risk at a nuclear power plant increases significantly due to the cyber component. Compared to the baseline assessment, the integrated risk indicator, taking into account the cyber component, increases by 10–25%, confirming the need for the systematic inclusion of cyber protection measures in the overall nuclear energy security policy.

Downloads

Download data is not yet available.

References

Khimicheva, H & Volivach, A 2020, ‘Mathematical model of an educational program quality assessment’, Proceedings of National Aviation University, 84(3), Pp. 71–79. DOI: https://doi.org/10.18372/2306-1472.84.14956

Hrinchenko, HS & Matsko, AM 2024, ‘Intehratsiia kvalimetrychnykh pidkhodiv u suchasni informatsiino-vymiriuvalni tekhnolohii osvity’ [ Integration of qualitative approaches into modern information and measurement technologies in education ], Mashynobuduvannia, Iss. 34, Pp. 39–50, DOI: https://doi.org/10.26565/2079-1747-2024-34-04

Kucheruk, VYu & Hlushko, MV 2022, ‘Pokrashchennia yakosti rekomendatsiinykh system na osnovi kvalimetrychnykh metodiv vymiriuvannia’ [ Improving the quality of recommender systems based on qualimetric measurement methods. ], Vymiriuvalna ta obchysliuvalna tekhnika v tekhnolohichnykh protsesakh, no 2, Pp. 65–72, DOI: https://doi.org/10.31891/2219-9365-2022-70-2-9

Bilovodska, O 2021, ‘Kvalimetrychnyi pidkhid otsiniuvannia stratehichnoi diialnosti upravlinnia dystrybutsieiu innovatsiinykh produktiv u marketynhovii lohistytsi [ Qualimetric approach to evaluating strategic activities of distribution management of innovative products in marketing logistics ], Ekonomichnyi chasopys Volynskoho natsionalnoho universytetu imeni Lesi Ukrainky, no 1(25), Pp. 175–183, DOI: https://doi.org/10.29038/2786-4618-2021-01-175-183

Trishch, R, Nechuiviter, O, Dyadyura, K, Vasilevskyi, O, Tsykhanovska, I & Yakovlev, M 2021, ‘Qualimetric method of assessing risks of low quality products’, MM Science Journal, no (10), Pp. 4769–4774, DOI: https://doi.org/10.17973/MMSJ.2021_10_2021030

Trishch, R, Cherniak, O, Zdenek, D & Petraskevicius, V 2024, ‘Assessment of the occupational health and safety management system by qualimetric methods’, Engineering Management in Production and Services, no 16(2), Pp. 118–127, DOI: https://doi.org/10.2478/emj-2024-0017

Trishch, R, Nechuiviter, O, Hrinchenko, H, Bubela, T, Riabchykov, M & Pandova, I 2023, ‘Assessment of safety risks using qualimetric methods’, MM Science Journal, no (10), P. 6668, DOI: https://doi.org/10.17973/MMSJ.2023_10_2023021

Hrinchenko, HS, Kiporenko, OV, Nehodov, SS, Lysenko, AYa, Mazorchuk, KK & Nos, RS 2024, ‘Rozvytok normatyvnoho pidkhodu do otsiniuvannia ryzykiv enerhopidpryiemstv’ [Development of a regulatory approach to assessing the risks of energy enterprises ], Mashynobuduvannia, Iss. 34, Pp. 17–30, DOI: https://doi.org/10.26565/2079-1747-2024-34-02

Peček, B & Kovačič, A 2019, ‘Methodology of monitoring key risk indicators’, Economic Research-Ekonomska Istraživanja, no 32(1), Pp. 3485–3501, DOI: https://doi.org/10.1080/1331677X.2019.1658529

Budanov, PF, Hrinchenko, HS, Nechuiviter, OP, Boiko, TH & Tsykhanovska, IV 2022, ‘Zastosuvannia metodiv kvalimetrii dlia otsinky kompleksnykh pokaznykiv yakosti bahatoparametrychnykh ob'iektiv’ [ Application of qualimetry methods to assess complex quality indicators of multiparametric lenses ], Mashynobuduvannia, Iss. 30, Pp. 73–84, DOI: https://doi.org/10.32820/2079-1747-2022-30-73-84

Sorokolat, NA & Fatieieva, LYu 2022, ‘Zastosuvannia funktsii pomylok dlia otsiniuvannia yakosti ob’iektiv kvalimetrii’ [Application of the error function to assess the quality of quality objects], Visnyk NTU «KhPI». Seriia: Novi rishennia v suchasnykh tekhnolohiiakh, no 4(14), Pp. 53–58. DOI: https://doi.org/10.20998/2413-4295.2022.04.08

Ginevičius, R, Trishch, H & Petraškevičius, V 2015, ‘Quantitative assessment of quality management systems’ processes’, Economic Research-Ekonomska Istraživanja, no 28(1), Pp. 1096–1110, DOI: https://doi.org/10.1080/1331677X.2015.1087676

U.S. Department of Energy 2024, Risk assessment essentials guide for state energy security plans. Office of Cybersecurity, Energy Security, and Emergency Response, viewed <https://www.energy.gov/sites/default/files/2024-05/DOE%20CESER-Risk%20Assessment%20Essentials%20Guide%20for%20State%20Energy%20Security%20Plans.pdf>

Urbano, EM, Martinez-Viol, V, Kampouropoulos, K & Romeral, L 2023, ‘Quantitative and qualitative risk-informed energy investment for industrial companies’, Energy Reports, no 9, Pp. 3290–3304, DOI: https://doi.org/10.1016/j.egyr.2023.01.131

Pye, S, Li, FGN, Petersen, A, Broad, O, McDowall, W, Price, J & Usher, W 2018, ‘Assessing qualitative and quantitative dimensions of uncertainty in energy modelling for policy support in the United Kingdom’, Energy Research & Social Science, no 46, Pp. 332–344, DOI: https://doi.org/10.1016/j.erss.2018.07.028

Solangi, YA, Tan, Q, Mirjat, NH & Ali, S 2019, ‘Evaluating the strategies for sustainable energy planning in Pakistan: An integrated SWOT-AHP and Fuzzy-TOPSIS approach’, Journal of Cleaner Production, no 236, 117655, DOI: https://doi.org/10.1016/j.jclepro.2019.117655

Cornwell, N, Bilson, C, Gepp, A, Stern, S & Vanstone, BJ 2022, ‘The role of data analytics within operational risk management: A systematic review from the financial services and energy sectors’, Journal of the Operational Research Society, no 74(1), Pp. 374–402, DOI: https://doi.org/10.1080/01605682.2022.2041373

Gorzeń-Mitka, I & Wieczorek-Kosmala, M 2023, ‘Mapping the energy sector from a risk management research perspective: A bibliometric and scientific approach’, Energies, no 16(4), DOI: https://doi.org/10.3390/en16042024

Creamer, GG & Ben-Zvi, T 2021, ‘Volatility and risk in the energy market: A trade network approach’, Sustainability, no 13(18), 10199, DOI: https://doi.org/10.3390/su131810199

Kaka, S, Memon, M & Mari, S 2024, ‘A comprehensive analysis of factors influencing biogas plant location’, Proceedings of the 9th North American Conference on Industrial Engineering and Operations Management, DOI: https://doi.org/10.46254/NA09.20240143

Irfan, M, Zhao, ZY & Rehman, A 2021, ‘Consumers’ intention-based influence factors of renewable energy adoption in Pakistan: A structural equation modeling approach’, Environmental Science and Pollution Research, no 28, Pp. 432–445, DOI: https://doi.org/10.1007/s11356-020-10504-w

Zhang, Q, Nie, Y, Zhao, W & Du, L 2025, ‘Research on TBM parameter optimization based on failure probability’, Engineering Failure Analysis, no 167(B), 109036, DOI: https://doi.org/10.1016/j.engfailanal.2024.109036

Ikwan, F, Sanders, D & Hassan, M 2021, ‘Safety evaluation of leak in a storage tank using fault tree analysis and risk matrix analysis’, Journal of Loss Prevention in the Process Industries, no 73, 104597, DOI: https://doi.org/10.1016/j.jlp.2021.104597

Paltrinieri, N, Landucci, G, Nelson, WR & Hauge, S 2016, ‘Proactive approaches of dynamic risk assessment based on indicators’, In N. Paltrinieri & F. Khan (Eds.), Dynamic risk analysis in the chemical and petroleum industry, Butterworth-Heinemann, Pp. 63-73, DOI: https://doi.org/10.1016/B978-0-12-803765-2.00006-8

Gorzeń-Mitka, I & Wieczorek-Kosmala, M 2023, ‘Mapping the energy sector from a risk management research perspective: A bibliometric and scientific approach’, Energies, no 16(4), DOI: https://doi.org/10.3390/en16042024

Zhu, X, Meng, X & Zhang, M 2021, ‘Application of multiple criteria decision making methods in construction: A systematic literature review’, Journal of Civil Engineering and Management, no 27(6), Pp. 372–403. DOI: https://doi.org/10.3846/jcem.2021.15260

Haes Alhelou, H, Hamedani-Golshan, ME, Njenda, TC & Siano, P 2019, ‘A survey on power system blackout and cascading events: Research motivations and challenges’, Energies, no 12(4), P. 682. DOI: https://doi.org/10.3390/en12040682

Le Coq, C & Paltseva, E 2009, ‘Measuring the security of external energy supply in the European Union’, Energy Policy, no 37(11), Pp. 4474–4481, DOI: https://doi.org/10.1016/j.enpol.2009.05.069

International Organization for Standardization 2018, ISO 31000:2018 Risk management – Guidelines (2nd ed.), viewed <https://www.iso.org/standard/31000>

International Organization for Standardization 2022, ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements (3rd ed.), viewed <https://www.iso.org/standard/27001>

Stouffer, K, Lightman, S, Pillitteri, V, Abrams, M & Hahn, A 2015, Guide to industrial control systems (ICS) security (NIST Special Publication 800-82 Rev. 2), DOI: https://doi.org/10.6028/NIST.SP.800-82r2

Hussain, MA, Samrouth, K & Bakir, N 2025, ‘A survey on malware attacks in industrial air-gap systems’, International Journal of Information Security, no 24, P. 146, DOI: https://doi.org/10.1007/s10207-025-01044-w

Cao, Z, Liu, B, Gao, D, Zhou, D, Han, X & Cao, J 2025, ‘A dynamic spatiotemporal deep learning solution for cloud–edge collaborative industrial control system distributed denial of service attack detection’, Electronics, no 14, P. 1843. DOI: https://doi.org/10.3390/electronics14091843

National Institute of Standards and Technology 2014, NIST roadmap for improving critical infrastructure cybersecurity, viewed <http://www.nist.gov/cyberframework/upload/roadmap-021214.pdf>

European Commission 2006, Communication from the Commission on a European Programme for Critical Infrastructure Protection (COM(2006) 786 final), Brussels, viewed <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52006DC0786>

European Commission 2015, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee, the Committee of the Regions and the European Investment Bank: A framework strategy for a resilient energy union with a forward-looking climate change policy (COM(2015) 80 final), Brussels, viewed <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52015DC0080>

Torregosa, RF & Hu, W 2013, ‘Probabilistic risk analysis of fracture of aircraft structures using a Bayesian approach to update the distribution of the equivalent initial flaw sizes’, Fatigue & Fracture of Engineering Materials & Structures, no 36, Pp. 1092–1101. DOI: https://doi.org/10.1111/ffe.12103

Saiz, M, Calvet, L, Juan, A. A & Lopez-Lopez, D 2024, ‘A simheuristic for project portfolio optimization combining individual project risk, scheduling effects, interruptions, and project risk correlations’, Computers & Industrial Engineering, no 198, 110694. DOI: https://doi.org/10.1016/j.cie.2024.110694

Chu, C, Yang, W & Chen, Y 2024, ‘Dynamic fault tree generation and quantitative analysis of system reliability for embedded systems based on SysML models’, Sensors, no 24, 6021. DOI: https://doi.org/10.3390/s24186021

Markulik, Š, Šolc, M & Blaško, P 2024, ‘Use of risk management to support business sustainability in the automotive industry’, Sustainability, no 16, 4308. DOI: https://doi.org/10.3390/su16104308

Karanikas, N & Zerguine, H 2025, ‘Redefining health, risk, and safety for occupational settings: A mixed-methods study’, Safety Science, no 181, 106698. DOI: https://doi.org/10.1016/j.ssci.2024.106698