Proceedings of the International scientific and practical conference ―Science and Society‖ (February 26-28, 2026) / Publisher website: www.naukainfo.com. – Kharkiv, Ukraine, 2026. - 355 p.
105 on cyber resilience, the case of the Ukrainian national carrier demonstrates a transition from a classical perimeter defense model to a strategy of active survival under conditions of permanent breach attempts. The scale of the system-comprising thousands of nodes, massive arrays of personal data, and automated traffic control systems-transforms it into a heterogeneous environment where the vulnerability of a single element could theoretically lead to a cascading collapse of the country's entire transport logistics. However, the architectural prudence underlying the railway's digitalization is based on principles of strict segmentation and determinism, which allows for the localization of cyber incident consequences within the information circuit, preventing them from affecting the physical control of rolling stock. An analysis of the technical tools used during attacks in 2024-2025 indicates that threat actors utilized complex methods to exploit application logic and system software vulnerabilities. Specifically, SQL injections and Cross-Site Scripting (XSS) aimed at compromising passenger segment databases occupy a significant place in the attack structure. However, the most dangerous are targeted attacks using ransomware that aims not for ransom, but for the irreversible destruction of information – so-called "wipers." Scientific research into such attacks shows they often masquerade as ordinary software bugs or hardware failures, complicating early detection by IDS/IPS systems. In this context, implementing deep learning algorithms for anomalous traffic behavior analysis becomes a critical necessity for ensuring data integrity [1]. A vital aspect of cybersecurity is countering the exploitation of the "human factor" through sophisticated phishing and social engineering schemes targeting railway personnel. Since the enterprise's internal network has a hierarchical structure with varying access levels, the compromise of even a single mid-level administrator account can serve as an entry point for an APT attack [2]. Modern information security theory in such conditions appeals to the Zero Trust Architecture concept, where every internal request for data access undergoes multi-factor authentication and cryptographic verification. This mitigates the risks of internal breaches even if an attacker gains physical access to a network terminal. Such an approach makes the
Made with FlippingBook
RkJQdWJsaXNoZXIy MTAxMzIwNA==