Cybersecurity system of the public sector of Ukraine: structural problems, governance models, and strategic modernization directions
DOI:
https://doi.org/10.33405/2786-8613/2025/2/6/350862Keywords:
cybersecurity, public sector, public administration, NIS 2, NIST CSF 2.0, Zero Trust, cyber maturity, cyber resilienceAbstract
The article provides a comprehensive theoretical and methodological justification of the strategic foundations for developing the cybersecurity system in the public sector of Ukraine amid digital transformation, European integration, and full-scale armed aggression. Based on an analysis of current legislation, the Cybersecurity Strategy and the Information Security Strategy of Ukraine, as well as international standards (NIS2, NIST CSF 2.0, Zero Trust Architecture), the study systematizes modern approaches to cybersecurity of public institutions. The content of key public administration categories adapted to the sphere of public-sector cybersecurity is clarified, including “public-sector cybersecurity system”, “strategic foundations for cybersecurity system development,” and “public-administration mechanisms in the field of cybersecurity".
Key global trends and national challenges are identified, along with structural problems of the national cybersecurity system: fragmented regulatory frameworks, uneven cybersecurity maturity of public authorities, workforce shortages, underdeveloped risk-oriented management and security culture, and limited partnership engagement with business and civil society.
A system of strategic goals and principles for developing public-sector cybersecurity is proposed, oriented toward ensuring the resilience of public services, integration of the governance framework, and institutionalization of multilevel partnerships. A conceptual model of strategic cybersecurity system development is elaborated, comprising normative-strategic, institutional-managerial, process-political, technological, human-resource/educational, partnership, and monitoring-evaluation components. A set of tools for implementation, monitoring, and performance evaluation–suitable for practical use in state and local government bodies—is also outlined.
References
Angyalos Z., & Szilágyi R. (2025). Cybersecurity risks in critical infrastructures: Insights from CISA and ENISA data. Journal of Agricultural Informatics. October, no. 16(2), pp. 1–11. DOI: https://doi.org/10.17700/jai.2025.16.2.759 [in English].
Potapovs M., & Kanasta K. E. (Eds.). (2025). Cybersecurity in Latvia: Forging resilience amidst emerging threats. Routledge. DOI: https://doi.org/10.4324/9781003638858 [in English].
Frey C. (2024). Future-proofing cybersecurity: Leveraging strategic foresight to enhance resilience. International Journal of Cyber Diplomacy, no. 5, pp. 23–40. DOI: https://doi.org/10.54852/ijcd.v5y202402 [in English].
Vevera A. V. (2024). The digitalization of critical infrastructures – Systemic considerations, evolutions of governance and elements of a national research agenda. Romanian Military Thinking. December, no. (3), pp. 104–125 [in English].
Ahokangas P., & Aagaard A. (Eds.). (2024). The changing world of mobile communications: 5G, 6G and the future of digital services. Palgrave Macmillan. DOI: https://doi.org/10.1007/978-3-031-33191-6 [in English].
Crowther A., Foulds C., Robison R., & Gladkykh G. (Eds.). (2024). Strengthening European energy policy: Governance recommendations from innovative interdisciplinary collaborations. Palgrave Macmillan. DOI: https://doi.org/10.1007/978-3-031-66481-6 [in English].
Daniel S. A., & Victor S. S. (2024). Emerging trends in cybersecurity for critical infrastructure protection: A comprehensive review. Computer Science & IT Research Journal, no. 5(3), pp. 576–593. DOI: https://doi.org/10.51594/csitrj.v5i3.872 [in English].
Simu S. J., & Zaman F. I. (2023). Advanced cybersecurity strategies for protecting critical infrastructure: Strengthening the backbone of national security. International Journal of Scientific Research and Management, no. 11(12), pp. 999–1016. DOI: https://doi.org/10.18535/ijsrm/v11i12.ec07 [in English].
Young D. (2025). Protecting critical infrastructure in Nigeria: A framework for integrated cybersecurity approach. International Journal of Research and Innovation in Social Science, no. 9(7), pp. 1151–1167. DOI: https://doi.org/10.47772/IJRISS.2025.90700095 [in English].
Chen J., Lu Y., Zhang Y., Huang F., & Qin J. (2023). A management knowledge graph approach for critical infrastructure protection: Ontology design, information extraction and relation prediction. International Journal of Critical Infrastructure Protection, no. 43, Article 100634. DOI: https://doi.org/10.1016/j.ijcip.2023.100634 [in English].
Maglaras L., Janicke H., & Ferrag M. A. (2022). Cybersecurity of critical infrastructures: Challenges and solutions. Sensors, no. 22(14), Article 5105. DOI: https://doi.org/10.3390/s22145105 [in English].
European Commission. (n.d.). NIS2 Directive: Securing network and information systems. Shaping Europe’s Digital Future. Retrieved from: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive (accessed 27 November 2025) [in English].
