Ігор Вишневський That's Life 20 April 2026, 16:08

The State Special Communications Service has developed a special formula by which cyber defense will be evaluated from now on. How will it be calculated?

The State Service for Special Communications and Information Protection has approved new methodological recommendations, based on which the level of cyber protection at a particular enterprise or institution will now be measured.

1 comment

The State Special Communications Service has developed a special formula by which cyber defense will be evaluated from now on. How will it be calculated?

The State Service for Special Communications and Information Protection has approved new methodological recommendations, based on which the level of cyber protection at a particular enterprise or institution will now be measured.

As reported by the press service of the State Special Communications Service, a set of documents regulating the processes of assessing the state of cyber defense was approved by the relevant order No. 285 of April 16.

«The new methodology turns the assessment into a transparent procedure through the use of mathematical tools. The state of cyber defense is calculated using the formula of the weighted average value for six key functions: management, identification, protection, detection, response, and recovery. Each function has its own weight coefficient,» the State Service for Special Communications explained.

The most important functions in this methodology are «protection» and «detection».

«An important innovation is the implementation of the critical link principle: if the compliance rate for at least one of the basic functions is less than 20%, the overall state of the facility’s cyber defense is automatically recognized as „critical“. This does not allow serious vulnerabilities to be hidden behind overall high scores,» the State Service for Special Communications added.

In addition to all of the above, a five-level maturity scale (from 0 to 4) is also being introduced, according to which not only the actual implementation of measures is assessed, but also the quality of their documentation and integration into work processes.

«From now on, state authorities and critical infrastructure operators have a clear algorithm: how to assess their cyber defense status, how to document the results, and what steps to take to increase the level of cyber defense,» the State Special Communications Service concluded.

As dev.ua wrote, the State Service for Special Communications previously blocked a number of domains of Russian crypto services and payment platforms that were available in Ukraine.