INDUSTRIAL CONTROL SYSTEMS (ICS) CYBER PREDICTION MODEL

. Acceleration of scientific and technical progress, speeding up of technological changes, IT process globalisation and integration of OT processes invoked new challenges in preparing cyber strategies. Issues with adapting strategy for a particular specificity, region and specific cyber-attacks are not applicable. Therefore, a natural need arises to adjust the process for future cyber-attacks. It should be noted that the vast majority of organisations still need to possess a strategy that has been developed in correlation with future cyber-attacks. A part of organisations, irrespective of the lack of methodology and necessary infrastructure at the initial stage, commenced applying strategic management methods as a more dynamic environment demanded adequate changes in the cyber security within the organisation itself. The organisation started to plan such changes because, at the initial stage of the strategic management theory development, the strategy was understood as a plan drawn up to achieve the set objectives, regardless of the future need. Implementing such strategic procedures is grounded on something other than scientific calculations and is often associated with excessive use of funds. Therefore, the main goal of this article is to determine how much the r-Interdiction Median Problem with Fortification (RIMF ) module can be used as a model for deciding methods for protecting critical infrastructure systems.


Introduction
Critical energy infrastructure often includes smart grids, which are used either for remote control or industrial automation contingent on electronic computers.These systems use two-way communication with a focus on the computational processing of information.It is a technology that has been widely used for several years.Wellestablished in energy production and management plants, a smart grid invokes the available resources by utilising a variety of operating tools and energy measures such as power control and energy production.A smart grid integrates the capabilities of information technology and networks with those of smart management.The exchange of information takes place in real-time with the help of various devices that need to be operated within a critical infrastructure by applying new algorithms.Smart grids can detect faults and problems in a system, such as energy automation, production and management systems.The available resources of the system in critical infrastructure are utilised due to their ability to analyse in real time, thus, meeting the requirements (Tvaronavičienė, Plėta, Beretas, & Lelešienė, 2022).It is easily scalable and can be connected to other energy plants supporting common technologies (Bitirgen & Filik, 2023).Smart grids offer two-way communication; these are crucially important security issues, or else the reverse flow of electricity can cause security problems and reliability increases simultaneously in the critical industrial infrastructure.
A smart grid in critical infrastructure must be adequately protected against external factors.Despite its convenience and reliability, it poses security challenges (Somogyi & Nagy, 2022).Smart grids feature a significant pathogen; precisely, they integrate information into the network that will entail the ci issues as this network uses industrial equipment communications and all digital devices, making it vulnerable to cyber-attacks and malware infection.A targeted attack on a smart grid is aimed at intercepting sensitive information, taking over personal data and, finally, taking control of automated industrial operations.As mentioned above, smart grids are always a part of critical infrastructure and are adequately protected for their ability to interact with other intelligent devices such as IIoT.Inadequate configuration on smart devices that interact with the smart grid can be a gateway for intruders to the smart grid.Finally, innovative/supervisory operational teams involved in critical industrial infrastructure are an essential advantage as they can significantly improve communication within the infrastructure and avoid possible decisions that eventually lead to vulnerable systems in the future.
Smart grids offer significant benefits to later rendered critical infrastructure and industrial infrastructure in general; therefore, the citizens then receive these benefits as an organised critical infrastructure can provide highquality benefits mainly to citizens with lower costs, including the security of energy production.In conclusion, the success of smart grids lies in the modern management techniques, their use, and the operation of all the teams involved in a critical industrial infrastructure, which provides an enhanced ability to solve many issues that may occur.Some countries are facing problems related to the application of new technologies, including smart grids, due to the complexity of the state's legal system implementing the necessary cultivation permits and regulations, resulting in the inefficiency of critical infrastructure and services rendered.The energy plants that are also classified as critical infrastructure were created years ago; some of their functions at the time of their initial operation had low priorities, or these functions were not intended for upgrades that may be expected in the future.Only efficiency production was a priority, neglecting cyber-security.These systems were designed for another era when the needs for energy production were less demanding.Later, the necessary improvements had to be gradually made to meet the increasing demand for energy production.Cyber-security concerns in making these upgrades were only sometimes the priority.
Studies on cyber-security strategies and improvement of existing systems are based on a theory called "Game theory", in which blockchain models are integrated into multiple levels of programs also known as "Leaderfollower".This hierarchical optimisation process presents the problem, where both the leader and the follower want to optimise their position at the same time, while the follower's solution is the reaction to the leader's solution.Optimal protection in critical infrastructure must be applied in such a way as to significantly reduce the rate of information loss and process failure (Parvasi et al. 2020).At this point, it is worth mentioning that, nowadays-critical infrastructure is significantly less vulnerable than in the past (Almaleh, & Tipper, 2022).
The goal of the research.Cyber strategy is a long-term planning tool, and it needs to have future insight to develop.Developing cyber strategies is mandatory for planning technical capabilities to protect organisations from cyber threats.It is a necessary forecast for future cyber-attacks, which should be integrated into cyber security strategy.

Methodology.
The article analyses scientific research on the description and practical application of the r-Interdiction Median Problem with Fortification (RIMF) method.The paper describes the theory of the method's origin and analyses its use.One example of the practical application of the method was selected to achieve this goal, which was carefully analysed and described.At the end of the article, a conclusion was drawn on how realistic it is to use this method for integration into a cybersecurity strategy.
RIMF model intended to identify cyber threat recognition practices for protecting critical infrastructure can be applied.The RIMF model is an extension of the RIM model, as a tracking model for identifying protection practices of essential infrastructure systems.For the implementation, the RIMF model is divided into two categories: the external category, which models the decisions of the defenders, and the internal category, which detects cyber-attack scenarios based on a given protection strategy.The choice of the optimal model for forecasting and evaluating critical infrastructure is the most important arm for the smooth and uninterrupted operation of the infrastructure.Using general models of future predictions and troubleshooting offers analysis and calculations of various ways and procedures using data collected in different methods.It presents results that are only sometimes accurate by failing to draw correct conclusions.The use of multiple models of predictions provides several outcomes and more ways for a comprehensive understanding of the issues.The RIMF model may improve identifying security practices connected to malicious attacks, systems, and multiple targets.Using models that are not ideal or insufficient to capture the problem may lead to inadequate application of security strategies and fail cyber-attack and system breaches.
The central part of this article consists of two sections.Section 2 describes the algorithm and how it can be used to identify vulnerabilities in the systems and implement cyber-security by applying best practices.In Section 3, critical infrastructure objects will be analysed to verify the algorithm's operation described in the second section.

Review of literature
The issue of security is one of the important moments of the modern world, which has been discussed more than once and will be discussed in the future since not only the economic or political state of the country but also the people depend on it.There are many articles, guides and methods you need to do to protect yourself, your property and your finances.Nevertheless, only a few ways can determine a particular system's safety.Much attention is paid to methods that, through data analysis and specific calculations, can determine the probability of attacks and the level of protection of systems.In their publications and articles, scientists describe the use of various models to establish a particular object's security level or to determine the likelihood of an attack on it.Recently, scientists have been actively studying and describing in their works the possibilities of using one of these methods in different areas, called the r-Interdiction Median Problem with Fortification method (Zhang, Li & Jin, 2022).
For a very long time, sources of risk, due to which you can lose not only the object but also the supply of goods and services, due to natural causes, such as floods and fires, and man-made causes, such as terrorism and military operations (Church, Scaparra & Middlenton, 2004), have attracted attention.In 689 BC, the king of Sennacherib built a dam on the Euphrates River to deliberately create a manufactured disaster by flooding the city of Babylon (Church & Scaparra, 2005).In turn, the military tried to identify critical points in the supply chain, the defeat of which would lead to delays or reduction in supplies to conflict zones (Church & Scaparra, 2005).
Critical infrastructure may be defined as those elements that, when lost, significantly disrupt the system's ability to perform its function.These elements can include transportation linkages (e.g.bridges, tunnels, rail, etc.), facilities (e.g.port terminals, production facilities, warehouses, operations centers, emergency response facilities, hospitals, etc.), critical stockpiles (e.g.smallpox vaccine, drugs, food, etc.), key personnel (e.g.water system operators) and landmarks that may contribute to loss of well-being.Grubesic et al. (2008) studied network survivability by calculating network connectivity given a specific node or link failure.These studies aim to study and identify critical components, not the reliability and safety of the entire system.For example, if one of the power supply facilities covering a large area fails, the remaining facilities will not have enough resources to provide electricity, which will disrupt the entire system (Azaiez & Bier, 2007;Su, Gao, & Zhang, 2022).Therefore, one of the research priorities is the development of methods for protecting critical infrastructure (Church, Scaparra, & Middlenton, 2004, Soto et al., 2015;Zhang et al., 2023).
Previously used mathematical models for identifying network vulnerabilities have focused on determining how the loss of one or more objects will affect the operation of the infrastructure.For early models of prohibitions, see a publication by Church, Scaparra and Middlenton (2004), "Identifying critical infrastructure: The median and covering facility interdiction problems".They provide a short list of previously developed models, systematized according their goals, types, special constraints and the main network model.
Deny models help to identify potential weaknesses in the system without optimising security.For example, how to understand which facilities should be strengthened or secured?All objects, if the security process is relatively inexpensive.However, what if resources are limited and security costs are high?It is not sure, then, that an object's security, defined as critical, can provide the most excellent protection against an intelligent antagonist (Scaparra & Middlenton, 2008).Therefore, the optimal interdiction depends on what needs to be strengthened to prevent the consequences as much as possible.For this, the assumption was introduced that resources are limited and only a part of objects can be protected.The fortification was necessary to expand the possibilities of applying the median r-prohibition model to things that should be protected and to minimise the impact of prohibitions on other objects (Church & Scaparra, 2005).
The r-Interdiction Median Problem with the Fortification method is based on the p-median system structure.The main task of which is to find the optimal solution by placing p objects in the network in such a way as to reduce the cost of their maintenance and delivery.Most studies use a game theoretic approach and formulate protection problems as bi-level defender-attacker models (Scaparra & Church, 2008;Xiao et al., 2019).Researchers studying two-level and three-level tasks have extended the prohibition models to include protection decisions.
They developed a maximum-minimum budget allocation model, which makes critical infrastructure more resistant to physical attacks.The researchers consider problems within budget constraints, maximising the minimum cost of a possible attack.
Analysing scientific articles describing the r-Interdiction Median Problem with the Fortification method, one can notice that the theory described in the publication by Church, Scaparra and Middlenton (2004) is taken as the basis for all calculations.Therefore, from all the studied articles (Higle, 2005;Berman, Krass, & Menezes, 2007;Liu, Fan, & Ordonez, 2009;Aksen, Piyade, & Aras, 2010;Jenelius, Westin & Holmgren, 2010;Akbari-Jafarabadi et al., 2017;Li, X., Kizito, & Paula, 2018;Roboredo, Pessoa, & Aizemberg, 2019) one was chosen for further research, which deals with attacks on critical objects.Only some scientific articles consider the possibility of using the method to integrate it into cyber strategy.Therefore, this article will analyse the methods of calculation and the results obtained, described in the article by Scaparra Liberation and Daskin (2011).According to the authors, this example can be used when creating a cybersecurity strategy.

The RIMF model
When forecasting infrastructure problems, it should be emphasised that a probability assessment should be carried out.The use of a highly reliable problem-solving model and the use of the best cyber-security practices must be implemented to design strategies against multiple numbers and vectors of attack, even when the probability distribution and intruders' behaviour are unknown.
Therefore, the information from conducting forecast studies and proposed solutions will not only focus on highprobability scenarios but will be more general in predicting all possible future scenarios.
Forecasting will focus on comparing parts of the infrastructure by invoking stochastic optimisation methods.This will be achieved by making the best use of security resources or energy management information systems, significantly limiting the extent of the damage.Creating proprietary security algorithms that leverage the capabilities of the infrastructure in this way could motivate the design and creation of more secure equipment, the result of innovative applications, and a significant reduction, if not elimination, of the risk of system breaches within critical infrastructure.
Vulnerability assessment and risk analysis models for cyber-attacks that are either human-induced are used to design plans for security policy upgrades or critical infrastructure upgrades, as well as an understanding of vulnerable systems that need upgrades.The study considers a range of data, including infrastructure users, how they access the equipment, the communication networks, the way of communication and the processes performed.The main concern is optimising the entire infrastructure to make it more efficient and secure.A well-known model for capturing vulnerabilities in systems that are a part of critical infrastructure is the r-Interdiction Median Problem with Fortification (RIMF) model.The model is used to identify vulnerabilities in the systems and to implement security practices by applying optimal solutions provided that managers of the model know in advance and try to evaluate the vulnerabilities of the model.Both are analysing and capturing problems is a process that distorts reality, as it captures malicious actions, cyber-attacks, and physical attacks on infrastructure, which without the use of predictive models would be uncertain thoughts about the future, which with time would lead to uncertainty and might repeat in the future without a clear understanding of events that would follow.
Over time, the use of the RIMF model has been expanded and upgraded as a stochastic component has been added, which can examine system problems against a range of cyber-attacks, which vary between one and a maximum number of R. In this way, every resulting output is associated with some probability, while for the minimisation of false or incomplete result which has a large exclusion from the actual data of the problem, so to minimise the loss of the worst case means to treat, through protection, all interference that further damages the systems so that only the least harmful ones can occur.A prediction model like RIMF is not infallible, it is likely to produce data that does not exactly address the problems and weaknesses, which is directly related to future cybersecurity and physical protection strategies that need to be implemented in critical infrastructure.Nevertheless, the model tends to identify with a high degree of precision future cyber-attacks and physical disasters.The model identifies optimal protection strategies that are considered satisfactory by correlating them with the number of problems.The design of the cyber and physical security analysis of critical infrastructure should take into account to a large extent the results of such studies, which often do not significantly deviate from their predictions, thinking that not all data may always be relevant, but something which is not related to problematic use or the lack of usefulness of the prediction model, but is often due to limited input such as critical historical data that may have been omitted.
Fortifying application is considered necessary to minimise the result's loss of accuracy and address the difficulties affecting the system under consideration.This phenomenon is called S-RIMF.RIMF can list all the interference in critical infrastructure and capture level by level the problems with the characteristic repressions of possible

INSIGHTS INTO REGIONAL DEVELOPMENT
ISSN 2669-0195 (online) https://jssidoi.org/ird/2023 Volume 5 Number 1 (March) http://doi.org/10.9770/IRD.2023.5.1(6) 91 obstructions (r) and installations (P).The model works as follows: Define with Hr where H is the obstruction points in the premises (r).Each obstruction point H is equivalent to a cyber-attack or a general threat, while lh denotes all obstructions to critical infrastructure.Ch captures correlations with interference standards, (h) represents the cost of systems when facilities (Lh) are inactive.Standard (h) is presented as covered if on the premises Ih is enhanced.
The barrier model relates exclusively to unprotected critical infrastructure.The worst-case scenario and the loss of information should always be considered to take the necessary measures to protect critical infrastructure in such a way as to include disruptive attack patterns in the forecast analysis.The S-RIMF standards are as follows: (3.1) The worst cost scenario is decoded by Wr, which (r) captures critical infrastructure.Therefore, the modelling will be as follows: , where It is worth noting at this point that S-RIMF is complex and sometimes difficult to understand.Its complexity is directly related to the number of interference patterns combined with the number of critical infrastructures denoted by (P).As it is understood, the number of constraints and variables is related to the number of constraint patterns, then the prediction model is impractical and exceeds its implementation objectives; it is concluded that there is an improvement in uncertainty, which satisfactorily addresses the S-RIMF, which is a significant breakthrough in the field of protection modelling.If someone compares the RIMF and the S-RIMF will notice a considerable improvement in the prediction of cyber-attacks and general damages.

Practical application of the RIMF algorithm for critical infrastructure
The method described in Chapter 2 is widely used to solve problems of finding the optimal solution in many areas of activity.Numerous articles describe this method and are used to develop service systems, determine security methods, establish how much infrastructure can be subject to terrorist attacks, and optimally allocate funds and other resources to solve security issues.
In this article, we are discussing predicting cyber-attacks on critical infrastructure, the main focus was kept on research related to the study of strategies for protecting critical infrastructure from possible attacks, analysing probable failures and studying the design of reliable systems The study uses a large data set, so they were optimally divided into groups with a specific number of objects using the P-median method.The number of attacks (R) is not large, in the range from 2 to 5, and the value of objects that can be protected (Q) is proportional to the number of objects tested (P): 10%, 15% and 20%.As a result, the combination of parameters after the optimisation process looks like this ( The model identifies optimal protection strategies that are considered satisfactory by correlating them with the number of problems.To minimise costs (Wr), for each value of r, the program calculates a probability (pr), which helps to model the average value of attacks directed at a small number of objects.For these purposes, one of the formulas is used: The results of the calculations are shown in Figures 1, 2 and 3 (Appendix I).As you can see, the first, second and third columns indicate the parameters P, Q and R. Further, the value of the optimal solution (Z *) for each data set and the average execution time of the algorithms.An asterisk marks those solutions that are not optimal for this data set.The last row shows the average running time of the algorithms for the entire data set.
Having analysed the studies described in the article "Analysis of Facility Protection Strategies Against Uncertain Number of Attacks: The Stochastic R-Interdiction Median Problem with Fortification" and the data obtained above, we can conclude that this method can also be used to find out the optimal solution for predicting cyberattacks on critical infrastructure.As the data of the algorithm demonstrates, the number of objects and, of course, the number of analysed attacks influence the determination of the optimal solution.This method can be applied to a specified number of attacks and an indefinite one, as in the example above.To achieve this, it is necessary to supplement the method with the definition of the upper and lower bounds.The exact number of attacks used in the calculations requires a long and detailed work of collecting data.
Using the results of the study described in the article "Analysis of Facility Protection Strategies Against Uncertain Number of Attacks: The Stochastic R-Interdiction Median Problem with Fortification", it is possible to improve the cyber prediction model for critical infrastructure, depending on what results have to be obtained.For example, by entering the maximum and minimum attack values for an indefinite number of threats, it is determined, in percentage terms, how far sub-optimal solutions are from optimal ones.

Conclusion
Unfortunately, the prediction models used to forecast future threats to critical infrastructure do not provide 100% accuracy, but they give essentially good forecasting for countering future attacks.More than just predicting threats from a single model is required, so more than one combination of prediction models is used, choosing a single threat prediction model can lead to ineffective future security strategies and result in sufficient security measures.Security control scenarios in critical infrastructure play an important role as for each scenario, an optimal security strategy has to be identified as determined by the prediction model.It should be noted that it might only be effective if there is a large number of interferences, and it may not be optimal if the foreseeable losses are small.The result will only be partially valid if the model identifies a low probability in combination with many failures.In implementing the model, the design of future security policies and critical protective infrastructure against multiple types of threats and cyber-attacks should be used, including those linked between multiple critical infrastructures and the elements should be considered.In addition, as mentioned above, the prediction models present an analysis that is approximately in line with the scenarios and data that were analysed.Based on the data that was evaluated, the potential threats, the extent of the damages and their costs are calculated.Finally, the prediction models and related tools are perfect for drafting the cyber-security strategy.
Cyber strategy is a long-term planning tool, and it needs to have future insight to develop.Developing cyber strategies is mandatory for planning technical capabilities to protect organisations from cyber threats.It is a necessary forecast for future cyber-attacks, which should be integrated into cyber security strategy.
Therefore, a method was analysed, using which it is possible to calculate not only the probability of a potential threat but also the amount of damage.Based on the data, their quantity and quality, it is possible to calculate for one separate object and several connected objects.Basically, the r-Interdiction Median Problem with Fortification (RIMF) method is used in logistics, economics, game development, the military, and more, but not in cybersecurity.Of course, there are many directions for future research related to the method and its application to ensure the safety of critical facilities.But, after analysing the application of the r-Interdiction Median Problem with Fortification (RIMF) method, the main task of this article is to decide whether it is possible to use it in practice, integrating it into a security strategy.Of course, using this method is possible and even necessary to properly plan the possibilities for protecting organisations from cyber threats.The practical application of this method will help improve the cyber strategy of critical infrastructure.By collecting and analysing information received about critical objects, their protection and attacks on them, in the future, improving the method, and using additional calculation formulas, will only enhance and strengthen cybersecurity.
above equation are the following: The notation with (Wr) identifies the sum of costs in combination with operating costs. r = with the number of cyber-attacks compared to the loss value denoted by(Wr). H = number of critical infrastructures covered in combination with prohibition methods denoted by In.  Q = symbolises the number of critical infrastructures, which shows increased protection. Confirmation of the variables that have been used.
. A very good practical application of the RIMF model, with possible adjustments, additions and calculations, is described in the article by Scaparra Liberation and Daskin (2011) "Analysis of Facility Protection Strategies Against Uncertain Number of Attacks: The Stochastic R-Interdiction Median Problem with Fortification", which will be analysed in this Chapter.The authors of the article "Analysis of Facility Protection Strategies against Uncertain Number of Attacks: The Stochastic R-Interdiction Median Problem with Fortification" use some geographical data in their research.More precisely, objects are located in the UK (150 objects) and USA (263 objects).Thus, to compare the results and test the method, 250 random evenly spaced objects were generated.All calculations were performed on a computer using the C ++ program.For optimisation, a special CPLEX 9.1 module allows to selection and set of the necessary parameters corresponding to the task.Using computer equipment and a particular program made it possible to reduce the calculation time and avoid errors associated with the human factor.

Table 1 .
Combination of parameters