Sustainable Development of Smart Regions via Cybersecurity of National Infrastructure: A Fuzzy Risk Assessment Approach

Abstract

This article proposes a scientifically grounded approach to risk assessment for infrastructural and functional systems that underpin the development of digitally transformed regional territories under conditions of high threat dynamics and sociotechnical instability. The core methodology is based on modeling of multifactorial threats through the application of fuzzy set theory and logic–linguistic analysis, enabling consideration of parameter uncertainty, fragmented expert input, and the lack of a unified risk landscape within complex infrastructure environments. A special emphasis is placed on components of technogenic, informational, and mobile infrastructure that ensure regional viability across planning, response, and recovery phases. The results confirm the relevance of the approach for assessing infrastructure resilience risks in regional spatial–functional systems, which demonstrates the potential integration into sustainable development strategies at the level of regional governance, cross-sectoral planning, and cultural reevaluation of the role of analytics as an ethically grounded practice for cultivating trust, transparency, and professional maturity.

1. Introduction

The challenges of sustainable development for smart regions require a rethinking of critical national infrastructure not only as a physical resource but also as the basis of digital sovereignty, regional resilience, and strategic trust. Smart regions are considered spatial–functional systems that integrate technological progress, environmental efficiency, and social integration. They need a reliable, adaptive, and cyber-resilient infrastructure that is capable of withstanding hybrid threats and protecting essential public services.

Critical infrastructure—including energy, communications, transportation, environmental, and informational systems—serves as a foundation for sustainable territorial development. Its cyber-resilience is not only a component of national security but also a prerequisite for achieving the UN Sustainable Development Goals, particularly Goal 9 (“Industry, Innovation, and Infrastructure”), Goal 11 (“Sustainable Cities and Communities”), Goal 13 (“Climate Action”), and Goal 16 (“Peace, Justice, and Strong Institutions”). This highlights the necessity for a comprehensive risk assessment approach that considers the functional, regulatory, and social interdependence of systems.

The multifaceted, adaptive, and dynamic nature of current threats demands models capable of operating with incomplete, contradictory, or ambiguous data. Fuzzy set theory and logical–linguistic modeling form the methodological foundation of this study. It allows the integration of expert judgement, linguistic rule sets, scenario variability, and structural–regulatory logic for management. These tools support the prioritization of threats and the development of adaptive solutions under conditions of uncertainty.

The study emphasizes mobile infrastructure components, particularly information-communication and technogenic systems that perform monitoring, logistics, ecological evaluation, and response functions. The integration of these elements into the broader architecture of risk management expands the spatial and functional boundaries of cyber-resilience, which is especially relevant for smart regions undergoing active reconstruction.

The aim of this work is to develop a fuzzy model for assessing risks to critical infrastructure within the sustainable development framework of smart regions. This model:

• Accommodates the multi-tier structure of technogenic, informational, and mobile components;
• Aligns with international standards and local governance contexts;
• Integrates indicators of infrastructural, social, and environmental resilience;
• Supports the development of ethically mature, strategically grounded, and culturally relevant analytics.

The research outcomes aim to enhance the capability of regional systems to adapt to emerging risks, build public trust in digital solutions, and ensure the sustainability of governance processes in complex spatial–social configurations.

2. State of the Art

The assessment of critical infrastructure risks under hybrid threat conditions is the subject of active interdisciplinary research. Several distinct directions have emerged in the literature that directly resonate with the topic of this paper: fuzzy risk management models, cyber-resilience of mobile and stationary infrastructure components, and the impact of digital security on the sustainability of territorial development.

A significant part of recent studies focuses on hybrid threats—both in the context of hybrid warfare and the perspective of risk management, response scenario development, and systems analysis. Works [1,2,3] explore approaches to threat identification, comparative evaluation methodologies, and administrative capacity building. Other authors [4,5] have proposed preventive frameworks to anticipate adversarial actions and enhance strategic resilience. The use of AI for cyber threat detection [6], game theory [7], and analysis of the role of intelligence and defense structures [8,9,10] demonstrates the inter-sectoral nature of the issue. Additional publications investigate administrative agency roles [11], regional actors [12,13,14,15], strategic communication, and the broader scientific role in countering hybrid threats [16,17].

Risk modeling increasingly leverages human-factor-based assessments [18,19], early warning scenarios [20,21], composite indicators [22], and classical management frameworks [23,24,25]. However, many of these models remain limited in addressing uncertainties, ambiguity, and subjective expert evaluations.

A growing interest surrounds fuzzy set theory (FST) applications in strategic planning, management, cognitive modeling [26,27,28,29,30,31], technical systems [32,33,34,35], and risk assessment [36,37,38,39,40,41], including hybrid FST–Monte Carlo methods [42], ontological uncertainty modeling [43], and dynamic system evaluation [44,45]. Studies such as [36,46,47,48] confirm the effectiveness of variable fuzzification in multidimensional risk analysis, strengthening system resilience to hybrid disruptions. Nevertheless, their use in civil critical infrastructure (CCI) systems remains fragmented and underdeveloped.

It is particularly important to highlight a set of studies addressing current challenges at the intersection of digital security and sustainable development. Specifically, recent analyses have examined the impact of cybersecurity measures in financial technology platforms on the sustainability of urban service systems [49], proposing the integration of risk management models into smart regional governance frameworks. Other research has focused on the protection of ADS-B data from unmanned aerial systems using spectral steganography [50], enabling consideration of mobile threat vectors within critical infrastructure architectures. Another contribution involves autonomous unmanned aerial vehicle (UAV) navigation, based on long short-term memory algorithms and reinforcement learning [51], directly linked to the implementation of Sustainable Development Goals, particularly Goals 9, 11, and 13. At the institutional level, the Organization for Economic Cooperation and Development (OECD) [52] provides frameworks for digital safety and instruments for resilient regional administration, which are especially pertinent to recovery and strategic modernization efforts.

Also promising are studies [53] that propose fuzzy risk assessment models for multifactor scenarios, utilizing geometric transformations and normalized indicators to enable comprehensive analytical architecture.

In summary, recent scientific literature demonstrates the following key trends:

• Expansion of the “critical infrastructure” concept to include mobile platforms for ecology, logistics, and finance.
• Institutionalization of cyber-resilience as a foundational element of sustainable development.
• Widespread application of fuzzy models as adaptive tools under uncertainty.
• Emergence of interdisciplinary approaches integrating engineering, economic, and legal dimensions of risk evaluation.

These findings form the conceptual and methodological foundation for the next stage: designing a fuzzy risk assessment framework that accounts for the structural, functional, and strategic role of critical infrastructure in the sustainable development of smart regions.

3. Materials and Methods

Systematic assessment of the risks of hybrid threats is a necessary prerequisite for ensuring the stability of the functioning of both individual information resources and state or critical systems in general. Successful integration of such an assessment into cybersecurity management processes allows the identification of threats, as well as the prevention of disruptions to the continuity of critical infrastructure operations in a timely manner. That is why this study proposes a method that ensures both the accuracy of the assessment and the determination of the impact on the stability of systems under the changing conditions of hybrid threats.

Based on the strategic analysis of hybrid threats performed in Ukraine in the civil security sector (CSS), an expert group developed a special questionnaire to assess the risk of threats related to the cybersecurity sphere in the state. Using the questionnaire, a survey of experts in the relevant subject area was completed to establish the values of the quantities “Possible consequences (Impact)” (PC) and “Probability (Assessment Level)” (L) of the occurrence of a hybrid threat [3]. The survey was completed with the participation of a certain number (SR) of expert respondents. To assess the corresponding hybrid threat, each expert (respondent) was offered a three-level scoring scale for L (15 points—high value, 10 points—medium value, 5 points—low value) and a four-level scale for PC (20 points—catastrophe, 15 points—critical condition, 10 points—severe condition, 5 points—minor consequences). In total, 298 respondents (SR = 298) were involved in the assessment process.

A risk assessment, taking into account the obtained judgments of each expert regarding the values of L and PC, is proposed to be carried out on the basis of a logical–linguistic approach using fuzzy set theory [3,36,46]. This allows consideration of the nature of expert assessment based on the judgments of specialists in the relevant subject area and makes it possible to reflect the characteristics of risk with extended indicators that allow determination of the affiliation of current data to a certain level. This, in contrast to the method based on average values [3], reduces the sensitivity to threshold values in the risk measurement scales and to the attribution of almost identical values, for example, 50% and 50.01% to different levels, due to the implementation of the fuzzification procedure. As a result, the application of urgent measures to reduce the risk of spreading threats according to certain indicators remains out of consideration. This approach makes it possible to perform rating, which ultimately will allow more effective allocation of resources to reduce risks, rather than directing core assets to one resource and ignoring another that is characterized by almost the same level.

The method is proposed for risk assessment, which consists of 9 stages: threat identification; expert threat assessment; interval fuzzification; expert judgment fuzzification; finding the average value; forming benchmarks for risk assessment; risk calculation; calculation of the generalized Hamming distance (GHD) [46]; determining the risk level; and interpreting the results.

3.1. Development Stages

Let us describe each stage in detail.

3.1.1. Stage 1—Threat Identification

Based on the strategic analysis in CSS, hybrid cybersecurity threats are identified, and a corresponding list is formed. An example of the implementation of this stage is given in

Table 1. Results of the analysis of hybrid threats (excerpt).

	Hybrid Threat Identifier of the CSS (Likely Unwanted (Negative) Phenomena, Actions: Cyber Security Aspect)
1	Malware: “Virus”
2	Malware: “Worm”
3	Malware: “Ransomware”
4	Malware: “Trojan”
5	Malware: “Dialer”
6	Malware: “Rootkit”
7	Malware: “Polymorphic and Metamorphic”
8	Malware: “XSS”
9	Malware: “Keylogger”
10	Web-based attacks
11	Phishing
12	Spam
13	Botnets
14	Data breaches
15	Insider threat
16	Physical manipulation, damage, theft and loss
17	Information leakage
18	Identity theft
19	Cryptojacking
20	Covert information gathering
21	Cyberespionage

, where the first column indicates the current number $nt=\overline{1,st}$ of the identified hybrid threat ($st=21$, where $st$ is the number of threats), and the second column indicates its identifier.

3.1.2. Stage 2—Expert Assessment of Threats

The assessment is carried out on the basis of a questionnaire of experts on the values of $L$ and $PC$ for each hybrid threat identified a stage 1. An example of the implementation of this stage is given in

Table 2. Example of survey results for threat 1: Malware: “Virus”.

$nr=\overline{1,sr} (sr=298)$			1	2	3	…	296	297	298
Threat Assessment Results 1: Malware: “Virus”	Marks	$L$	10	5	5	…	10	10	10
		$PC$	10	5	5	…	10	15	10

, which shows the results of the assessment of the first threat ($nt=1$: Malware: “Virus”) by experts using a defined scoring scale for L and PC.

3.1.3. Stage 3—Interval Fuzzification

The practice of solving problems in the field of information and cybersecurity [47,48] has shown that for processing expert data, it is the most effective to use fuzzy set theory. In this regard, linguistic variables (LV) “LIKELIHOOD” (L) and “CONSEQUENCES” (PC) are introduced, which are represented by the tuple [36] <L, $\underset{\sim }{T}$_L, X_L> and <PC, $\underset{\sim }{T}$_PC, X_PC>, where the basic term-sets are defined by $l$ and $p$ terms, respectively.

$${\underset{\sim }{T}}_L=\left\{\bigcup _{j=1}^l{{\underset{\sim }{T}}_L(nt,nr)}_j\right\}$$

(1)

and

$${\underset{\sim }{T}}_{PC}=\left\{\bigcup _{i=1}^p{{\underset{\sim }{T}}_{PC}(nt,nr)}_i\right\},$$

(2)

where $nt$ is the threat number and $nr$ is the respondent number.

Taking into account the intervals determined (for L and PC) based on the fuzzification method [47], the set of values of the LV L and PC at $l=3$ and $p=4$, respectively, for trapezoidal LR numbers is formed:

$${{\underset{\sim }{T}}_L(nt,nr)}_j=\left\{\bigcup _{k=1}^4\mu ({T_L\left(nt,nr\right)}_{jk}\mathbf{/}{T_L(nct,nr)}_{jk}\right\}={\left(\bigcup _{k=1}^4{T_L(nt,nr)}_{jk}\right)}_{LR}$$

(3)

and

$${{\underset{\sim }{T}}_{PC}(nt,nr)}_i=\left\{\bigcup _{k=1}^4\mu \left({T_{PC}(nt,nr)}_{ik}\right)\mathbf{/}{T_{PC}(nt,nr)}_{ik}\right\}={\left(\bigcup _{k=1}^4{T_{PC}(nt,nr)}_{ik}\right)}_{LR}$$

(4)

Taking into account (3) and (4), Formulas (1) and (2) are written in the following form:

$$\begin{gathered} {\underset{\sim }{T}}_L=\left\{\bigcup _{j=1}^3{\underset{\sim }{T}}_L{\left(nt,nr\right)}_j\right\}=\left\{\bigcup _{j=1}^3\left\{\bigcup _{k=1}^4\mu \left({T_L(nt,nr)}_{jk}\right)\mathbf{/}{T_L(nt,nr)}_{jk}\right\}\right\}= \\ \left\{{\bigcup _{j=1}^3\left(\bigcup _{k=1}^4{T_L(nt,nr)}_{jk}\right)}_{LR}\right\}= \end{gathered}$$

(5)

$\left\{\mu \right({T_L(nt,nr)}_{11})\mathbf{/}{T_L(nt,nr)}_{11}; \mu ({T_L(nt,nr)}_{12})\mathbf{/}{T_L(nt,nr)}_{12}; \mu ({T_L(nt,nr)}_{13})\mathbf{/}{T_L(nt,nr)}_{13}; \mu ({T_L(nt,nr)}_{14})\mathbf{/}{T_L(nt,nr)}_{14}\},$ $\left\{\mu \right({T_L(nt,nr)}_{21})\mathbf{/}{T_L(nt,nr)}_{21}; \mu ({T_L(nt,nr)}_{22})\mathbf{/}{T_L(nt,nr)}_{22}; \mu ({T_L(nt,nr)}_{23})\mathbf{/}{T_L(nt,nr)}_{23}; \mu ({T_L(nt,nr)}_{24})\mathbf{/}{T_L(nt,nr)}_{24}\},$ $\left\{\mu \right({T_L(nt,nr)}_{31})\mathbf{/}{T_L(nt,nr)}_{31}; \mu ({T_L(nt,nr)}_{32})\mathbf{/}{T_L(nt,nr)}_{32}; \mu ({T_L(nt,nr)}_{33})\mathbf{/}{T_L(nt,nr)}_{33}; \mu ({T_L(nt,nr)}_{34})\mathbf{/}{T_L(nt,nr)}_{34}\}$} = {{0/0; 1/0; 1/3.6; 0/6.9}, {0/3.6; 1/6.9; 1/9.9; 0/12.6}, {0/9.9; 1/12.6; 1/15; 0/15}} = {(0; 0; 3.6; 6.9)_LR, (3.6; 6.9; 9.9; 12.6)_LR, (9.9; 12.6; 15; 15)_LR};

$$\begin{gathered} {\underset{\sim }{T}}_{PC}=\left\{\bigcup _{i=1}^4{\underset{\sim }{T}}_{PC}{\left(nt,nr\right)}_i\right\}=\left\{\bigcup _{i=1}^4\left\{\bigcup _{k=1}^4\mu \left({T_{PC}(nt,nr)}_{ik}\right)\mathbf{/}{T_{PC}(nt,nr)}_{ik}\right\}\right\}= \\ \left\{\bigcup _{i=1}^4{\left(\bigcup _{k=1}^4{T_L(nt,nr)}_{ik}\right)}_{LR}\right\}= \end{gathered}$$

(6)

{$\left\{\mu \right({T_{PC}(nt,nr)}_{11})\mathbf{/}{T_{PC}(nt,nr)}_{11}; \mu ({T_{PC}(nt,nr)}_{12})\mathbf{/}{T_{PC}(nt,nr)}_{12}; \mu ({T_{PC}(nt,nr)}_{13})\mathbf{/}{T_{PC}(nt,nr)}_{13}; \mu ({T_{PC}(nt,nr)}_{14})\mathbf{/}{T_{PC}(nt,nr)}_{14}\},\left\{\mu \right({T_{PC}(nt,nr)}_{21})\mathbf{/}{T_{PC}(nt,nr)}_{21}; \mu ({T_{PC}(nt,nr)}_{22})\mathbf{/}{T_{PC}(nt,nr)}_{22}; \mu ({T_{PC}(nt,nr)}_{23})\mathbf{/}{T_{PC}(nt,nr)}_{23}; \mu ({T_{PC}(nt,nr)}_{24})\mathbf{/}{T_{PC}(nt,nr)}_{24}\}, \left\{\mu \right({T_{PC}(nt,nr)}_{31})\mathbf{/}{T_{PC}(nt,nr)}_{31}; \mu ({T_{PC}(nt,nr)}_{32})\mathbf{/}{T_{PC}(nt,nr)}_{32}; \mu ({T_{PC}(nt,nr)}_{33})\mathbf{/}{T_{PC}(nt,nr)}_{33}; \mu ({T_{PC}(nt,nr)}_{34})\mathbf{/}{T_{PC}(nt,nr)}_{34}\},$ $\left\{\mu \right({T_{PC}(nt,nr)}_{41})\mathbf{/}{T_{PC}(nt,nr)}_{41}; \mu ({T_{PC}(nt,nr)}_{42})\mathbf{/}{T_{PC}(nt,nr)}_{42}; \mu ({T_{PC}(nt,nr)}_{43})\mathbf{/}{T_{PC}(nt,nr)}_{43}; \mu ({T_{PC}(nt,nr)}_{44})\mathbf{/}{T_{PC}(nt,nr)}_{44}\}$} = {{0/0; 1/0; 1/3.43; 0/6.57}, {0/3.43; 1/6.57; 1/9.43; 0/12.29}, {0/9.43; 1/12.29; 1/15.14; 0/17.71}, {0/15.14; 1/17.71; 1/20; 0/20}} = {(0; 0; 3.43; 6.57)_LR, (3.43; 6.57; 9.43; 12.29)_LR, (9.43; 12.29; 15.14; 17.71)_LR, (15.14; 17.71; 20; 20)_LR}, where ${\underset{\sim }{T}}_L({nt,nr)}_j$ and ${\underset{\sim }{T}}_{PC}{(nt,nr)}_i$ are the term-sets for L and PC, respectively. $\mu \left({T_L(nt,nr)}_{jk}\right)\mathbf{/}{T_L(nt,nr)}_{jk}$ and $\mu \left({T_{PC}(nt,nr)}_{ik}\right)\mathbf{/}{T_{PC}(nt,nr)}_{ik}$ denote their fuzzy numbers (FNs), and $j=\overline{1,3}, i=\overline{1,4}$, $k=\overline{1,4}$.

The graphical interpretation of the fuzzy numbers $\underset{\sim }{T}$_L and $\underset{\sim }{T}$_PC formed on the basis of (5) and (6) is given in Figure 1 and Figure 2, respectively.

3.1.4. Stage 4—Expert Judgment Fuzzification

Taking into account [47], the fuzzification is implemented using the FNs obtained at stage 3. An example of the implementation of this stage is given in

Table 3. The result of the fuzzification of expert judgments for the first threat ($nt=1$): Malware: “Virus”.

	Malware: “Virus”
	L			PC
	Assessment	Interval	$\mathbf{FN}$ ${\underset{\sim }{\mathit{T}}}_{\mathit{L}}{(1,\mathit{n}\mathit{r})}_{\mathit{j}}$	Assessment	Interval	$\mathbf{FN}$ ${\underset{\sim }{\mathit{T}}}_{\mathit{P}\mathit{C}}{(1,\mathit{n}\mathit{r})}_{\mathit{i}}$
1	10	[6; 11]	${\underset{\sim }{T}}_L(1,1)$2 = (3.6; 6.9; 9.9; 12.6)LR	10	[6; 11]	${\underset{\sim }{T}}_{PC}(1,1)$2 = (3.43; 6.57; 9.43; 12.29)LR
2	5	[0; 6]	${\underset{\sim }{T}}_L(1,2)$1 = (0; 0; 3.6; 6.9)LR	5	[0; 6]	${\underset{\sim }{T}}_{PC}(1,2)$1 = (0; 0; 3.43; 6.57)LR
3	5	[0; 6]	${\underset{\sim }{T}}_L(1,3)$1 = (0; 0; 3.6; 6.9)LR	5	[0; 6]	${\underset{\sim }{T}}_{PC}(1,3)$1 = (0; 0; 3.43; 6.57)LR
…	…	…	…	…	…	…
296	10	[6; 11]	${\underset{\sim }{T}}_L(1,296)$2= (3.6; 6.9; 9.9; 12.6)LR	10	[6; 11]	${\underset{\sim }{T}}_{PC}(1,296)$2 = (3.43; 6.57; 9.43; 12.29)LR
297	10	[6; 11]	${\underset{\sim }{T}}_L(1,297)$2 = (3.6; 6.9; 9.9; 12.6)LR	15	[11; 16]	${\underset{\sim }{T}}_{PC}(1,297)$3 = (9.43; 12.29; 15.14; 17.71)LR
298	10	[6; 11]	${\underset{\sim }{T}}_L(1,298)$2 = (3.6; 6.9; 9.9; 12.6)LR	10	[6; 11]	${\underset{\sim }{T}}_{PC}(1,298)$2 = (3.43; 6.57; 9.43; 12.29)LR

, where each interval corresponds to its FN determined at stage 4.

3.1.5. Stage 5—Finding the Average Value

Using the linear approximation method by local maxima (LALM) [46], we find the average values of the survey results for the $nt$ threat using the following formulas:

$${\underset{\sim }{AV}}_L\left(nt\right)= {\displaystyle \frac{1}{sr}}\sum _{nt=1}^{\underset{\sim }{sr}}{\underset{\sim }{T}}_L{\left(nt, nr\right)}_j,$$

(7)

$${\underset{\sim }{AV}}_{PC}\left(nt\right)={\displaystyle \frac{1}{sr}}\sum _{nt=1}^{\underset{\sim }{sr}}{\underset{\sim }{T}}_{PC}{\left(nt, nr\right)}_i,$$

(8)

where $nr=\overline{1,sr}$, $nt=\overline{1,st}$,  $\tilde{\Sigma }$ is the sign of the fuzzy sum operation, $nr$ is the respondent number, $nt$ is the threat number, $sr$ is the number of respondents, $st$ is the number of threats, and ${\underset{\sim }{AV}}_L\left(nt\right)$ and ${\underset{\sim }{AV}}_{PC}\left(nt\right)$ are the average values of the FNs for L and PC, respectively.

Therefore, for example, for trapezoidal LR numbers, taking into account (3) ÷ (6) at $sr=298$ and $nt=1$, Formulas (7) and (8) take the following form:

$${\underset{\sim }{AV}}_L\left(1\right)= {\displaystyle \frac{1}{298}} \sum _{nt=1}^{\underset{\sim }{298}}{\underset{\sim }{T}}_L{\left(1, nr\right)}_j=$$

(9)

$({{\underset{\sim }{T}}_L\left(1,1\right)}_2\stackrel{\sim }{\oplus }{{\underset{\sim }{T}}_L\left(1,2\right)}_1\stackrel{\sim }{\oplus }\dots \stackrel{\sim }{\oplus }{{\underset{\sim }{T}}_L\left(1,298\right)}_2)\mathbf{/}298=$ ($\left\{\mu \right({T_L(1,1)}_{21})\mathbf{/}{T_L(1,1)}_{21}; \mu ({T_L(1,1)}_{22})\mathbf{/}{T_L(1,1)}_{22}; \mu ({T_L(1,1)}_{23})\mathbf{/}{T_L(1,1)}_{23}; \mu ({T_L(1,1)}_{24})\mathbf{/}{T_L(1,1)}_{24}\}$ $\stackrel{\sim }{\oplus }$ $\left\{\mu \right({T_L(1,2)}_{11})\mathbf{/}{T_L(1,2)}_{11}; \mu ({T_L(1,2)}_{12})\mathbf{/}{T_L(1,2)}_{12}; \mu ({T_L(1,2)}_{13})\mathbf{/}{T_L(1,2)}_{13}; \mu ({T_L(1,2)}_{14})\mathbf{/}{T_L(1,2)}_{14}\}$ $\stackrel{\sim }{\oplus }$ … $\stackrel{\sim }{\oplus }$ $\left\{\mu \right({T_L\left(1,298\right)}_{21})\mathbf{/}{T_L\left(1,298\right)}_{21};\mu ({T_L\left(1,298\right)}_{22})\mathbf{/}{T_L\left(1,298\right)}_{22}; \mu ({T_L\left(1,298\right)}_{23})\mathbf{/}{T_L\left(1,298\right)}_{23}; \mu ({T_L\left(1,298\right)}_{24})\mathbf{/}{T_L\left(1,298\right)}_{24}\})$/298 = {0/6.8; 1/11.5; 1/12.2; 0/13.4} = (6.8; 11.5; 12.2; 13.4)_LR,

$${\underset{\sim }{AV}}_{PC}\left(1\right)={\displaystyle \frac{1}{298}}\sum _{nt=1}^{\underset{\sim }{298}}{{\underset{\sim }{T}}_{PC}\left(1, nr\right)}_i=$$

(10)

$({{\underset{\sim }{T}}_{PC}\left(1,1\right)}_2\stackrel{\sim }{\oplus }{{\underset{\sim }{T}}_{PC}\left(1,2\right)}_1\stackrel{\sim }{\oplus }\dots \stackrel{\sim }{\oplus }{{\underset{\sim }{T}}_{PC}\left(1,298\right)}_2)\mathbf{/}298=$ ($\left\{\mu \right({T_{PC}(1,1)}_{21})\mathbf{/}{T_{PC}(1,1)}_{21}; \mu ({T_{PC}(1,1)}_{22})\mathbf{/}{T_{PC}(1,1)}_{22}; \mu ({T_{PC}(1,1)}_{23})\mathbf{/}{T_{PC}(1,1)}_{23}; \mu ({T_{PC}(1,1)}_{24})\mathbf{/}{T_{PC}(1,1)}_{24}\}$ $\stackrel{\sim }{\oplus }$ $\left\{\mu \right({T_{PC}(1,2)}_{11})\mathbf{/}{T_{PC}(1,2)}_{11}; \mu ({T_{PC}(1,2)}_{12})\mathbf{/}{T_{PC}(1,2)}_{12}; \mu ({T_{PC}(1,2)}_{13})\mathbf{/}{T_{PC}(1,2)}_{13}; \mu ({T_{PC}(1,2)}_{14})\mathbf{/}{T_{PC}(1,2)}_{14}\}$ $\stackrel{\sim }{\oplus }$ … $\stackrel{\sim }{\oplus }$ $\left\{\mu \right({T_{PC}\left(1,298\right)}_{21})\mathbf{/}{T_{PC}\left(1,298\right)}_{21};\mu ({T_{PC}\left(1,298\right)}_{22})\mathbf{/}{T_{PC}\left(1,298\right)}_{22}; \mu ({T_{PC}\left(1,298\right)}_{23})\mathbf{/}{T_{PC}\left(1,298\right)}_{23}; \mu ({T_{PC}\left(1,298\right)}_{24})\mathbf{/}{T_{PC}\left(1,298\right)}_{24}\})$/298 = {0/6.66; 1/11.66; 1/12.11; 0/14.49} = (6.66; 11.66; 12.11; 14.49)_LR.

By analogy, using Formulas (9) and (10), the average values of the FNs ${\underset{\sim }{T}}_L\left(nt, nr\right)$ and ${\underset{\sim }{T}}_{PC}\left(nt, nr\right)$ of the LV L and PC for all identified threats are calculated. The results are listed in

Table 4. Average values of FNs ${\underset{\sim }{T}}_L\left(nt, nr\right)$ and ${\underset{\sim }{T}}_{PC}\left(nt, nr\right)$ $\mathbf{L}\mathbf{V}$ $\mathbf{L}$ and $\mathbf{P}\mathbf{C}$ for all identified threats.

	${\underset{\sim }{\mathit{A}\mathit{V}}}_{\mathit{L}}($$\mathit{nt}), \mathit{n}\mathit{t}=\overline{1,\mathit{s}\mathit{t}}$	${\underset{\sim }{\mathit{A}\mathit{V}}}_{\mathit{P}\mathit{C}}($$\mathit{nt}), \mathit{n}\mathit{t}=\overline{1,\mathit{s}\mathit{t}}$
1.	{0/6.8; 1/11.5; 1/12.2; 0/13.4}	{0/6.66; 1/11.66; 1/12.11; 0/14.49}
2.	{0/6; 1/10.9; 1/11.4; 0/13}	{0/6.09; 1/11.1; 1/11.52; 0/14.01}
3.	{0/5.5; 1/10.4; 1/10.9; 0/12.6}	{0/6.50; 1/11.46; 1/11.87; 0/14.23}
4.	{0/7.0; 1/11.7; 1/12.4; 0/13.6}	{0/7.27; 1/12.26; 1/12.70; 0/14.93}
5.	{0/3.9; 1/9.1; 1/9.3; 0/11.7}	{0/4.80; 1/9.76; 1/10.01; 0/12.60}
6.	{0/4.8; 1/9.9; 1/10.2; 0/12.3}	{0/6.43; 1/11.48; 1/11.87; 0/14.25}
7.	{0/4.7; 1/9.8; 1/10.1; 0/12.1}	{0/7.58; 1/12.50; 1/13.01; 0/15.23}
8.	{0/4.9; 1/10.0; 1/10.4; 0/12.4}	{0/5.51; 1/10.50; 1/10.90; 0/13.49}
9.	{0/4.4; 1/9.4; 1/9.7; 0/11.9}	{0/6.32; 1/11.25; 1/11.66; 0/14.06}
10.	{0/6.0; 1/11.0; 1/11.5; 0/13.1}	{0/6.49; 1/11.53; 1/11.99; 0/14.42}
11.	{0/6.3; 1/11.2; 1/11.8; 0/13.3}	{0/5.88; 1/10.81; 1/11.25; 0/13.77}
12.	{0/7.3; 1/11.7; 1/12.5; 0/13.5}	{0/3.13; 1/7.44; 1/7.60; 0/10.36}
13.	{0/5.6; 1/10.5; 1/11.0; 0/12.7}	{0/4.67; 1/9.49; 1/9.77; 0/12.40}
14.	{0/5.9; 1/10.7; 1/11.3; 0/12.9}	{0/8.65; 1/13.55; 1/14,10; 0/16.12}
15.	{0/4.8; 1/9.9; 1/10.2; 0/12.2}	{0/7.19; 1/12.15; 1/12.57; 0/14.78}
16.	{0/4.7; 1/9.7; 1/10.0; 0/12.0}	{0/7.64; 1/12.61; 1/13.07; 0/15.24}
17.	{0/6.3; 1/11.1; 1/11.7; 0/13.1}	{0/8.68; 1/13.54; 1/14.11; 0/16.12}
18.	{0/6.3; 1/11.2; 1/11.8; 0/13.2}	{0/7.77; 1/12.62; 1/13.12; 0/15.26}
19.	{0/4.8; 1/9.9; 1/10.2; 0/12.2}	{0/5.28; 1/10.10; 1/10.50; 0/13.10}
20.	{0/5.0; 1/10.0; 1/10.4; 0/12.4}	{0/6.17; 1/11.00; 1/11.43; 0/13.86}
21.	{0/5.9; 1/10.8; 1/11.4; 0/13.0}	(0/7.76; 1/12.72; 1/13.19; 0/15.33}

.

3.1.6. Stage 6—Forming the Benchmarks for Risk Assessment

The construction of the necessary standards was implemented on the basis of the introduced LV “RISK LEVEL” (RL), which is defined as a tuple [3, 36] <RL, ${\underset{\sim }{T}}_{RL}$, X_RL>, where the basic term-set is formed on the basis of $n$ terms, for each of which

$${\underset{\sim }{T}}_{RL}\left(nt\right)=\left\{\bigcup _{i=1}^n{{\underset{\sim }{T}}_{RL}\left(nt\right)}_i\right\},$$

(11)

($i=\overline{1,n}$,—the number of terms), accordingly, its intervals of values are formed, which lie within the limits $\left[r_1;r_{n+1}\right]=\left[0;300\right]$ and are denoted as $\left[r_1;r_2\right[,...,\left[r_i;r_{i+1}\right[,\dots ,\left[r_n;r_{n+1}\right]$. For example, for $n=4$, the following intervals were defined for RL:

$$\left[r_1;r_2\right[,\left[r_2;r_3\right[,\left[r_3;r_4\right[,\left[r_4;r_5\right]=\left[0;75\right[,\left[75;150\right[,\left[150;225\right[,\left[225;300\right]$$

Further, using the interval transformation method [47], the corresponding mappings of the LV RL into the FNs are implemented (for$n=4$), as a result of which the following term-values are obtained for trapezoidal LR numbers (see Figure 3), and, taking into account (5) and (6), Formula (11) takes the following form:

$$\begin{gathered} {\underset{\sim }{T}}_{RL}=\left\{\bigcup _{i=1}^4{{\underset{\sim }{T}}_{RL}\left(nt\right)}_i\right\}=\left\{\bigcup _{i=1}^4\left\{\bigcup _{k=1}^4\mu \left({T_{RL}\left(nt\right)}_{ik}\right)\mathbf{/}{T_{RL}\left(nt\right)}_{ik}\right\}\right\}= \\ \left\{\bigcup _{i=1}^4{\left(\bigcup _{k=1}^4{T_{RL}\left(nt\right)}_{ik}\right)}_{LR}\right\}= \end{gathered}$$

(12)

• {{$\mu \left({T_{RL}\left(nt\right)}_{11}\right)\mathbf{/}{T_{RL}\left(nt\right)}_{11}; \mu \left({T_{RL}\left(nt\right)}_{12}\right)\mathbf{/}{T_{RL}\left(nt\right)}_{12}; \mu \left({T_{RL}\left(nt\right)}_{13}\right)\mathbf{/}{T_{RL}\left(nt\right)}_{13}; \mu \left({T_{RL}\left(nt\right)}_{14}\right)\mathbf{/}{{\underset{\sim }{T}}_{RL}\left(nt\right)}_{14}\},$ $\left\{\mu \right({T_{RL}\left(nt\right)}_{21})\mathbf{/}{T_{RL}\left(nt\right)}_{21}; \mu ({T_{RL}\left(nt\right)}_{22})\mathbf{/}{T_{RL}\left(nt\right)}_{22}; \mu ({T_{RL}\left(nt\right)}_{23})\mathbf{/}{T_{RL}\left(nt\right)}_{23}; \mu ({T_{RL}\left(nt\right)}_{24})\mathbf{/}{T_{RL}\left(nt\right)}_{24}\},$ $\left\{\mu \right({T_{RL}\left(nt\right)}_{31})\mathbf{/}{T_{RL}\left(nt\right)}_{31}; \mu ({T_{RL}\left(nt\right)}_{32})\mathbf{/}{T_{RL}\left(nt\right)}_{32}; \mu ({T_{RL}\left(nt\right)}_{33})\mathbf{/}{T_{RL}\left(nt\right)}_{33}; \mu ({T_{RL}\left(nt\right)}_{34})\mathbf{/}{T_{RL}\left(nt\right)}_{34}\},$ $\left\{\mu \right({T_{RL}\left(nt\right)}_{41})\mathbf{/}{T_{RL}\left(nt\right)}_{41}; \mu ({T_{RL}\left(nt\right)}_{42})\mathbf{/}{T_{RL}\left(nt\right)}_{42}; \mu ({T_{RL}\left(nt\right)}_{43})\mathbf{/}{T_{RL}\left(nt\right)}_{43}; \mu ({T_{RL}\left(nt\right)}_{44})\mathbf{/}{T_{RL}\left(nt\right)}_{44}\}$} = {{0/0; 1/0; 1/42.86; 0/85.71}, {0/42.86; 1/85.71; 1/128.57; 0/171.43}, {0/128.57; 1/174.43; 1/214.29; 0/257.14}, {0/214.29; 1/257.14; 1/300; 0/300}} = {(0; 0; 42.86; 85.71)_LR, (42.86; 85.71; 128.57; 171.43)_LR, (128.57; 174.43; 214.29; 257.14)_LR, (214.29; 257.14; 300; 300)_LR},
• where ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$ are term-sets of LV RL, and $\mu \left({T_{RL}\left(nt\right)}_{ik}\right)\mathbf{/}{T_{RL}\left(nt\right)}_{ik}$ are values of their trapezoidal FNs ($k=\overline{1,4}$, $i=\overline{1,4}$).

Figure 3. Value terms ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$ for LV RL.

Figure 3. Value terms ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$ for LV RL.

3.1.7. Stage 7—Risk Calculation

Since a risk in many standards and approaches is determined by the product of probability and possible consequences [54], on this basis, for example, using the LALM method [46], the risk calculation is implemented by multiplying the obtained FN values for $L$ and $PC$ (see Table 4) using the following formula:

$$\underset{\sim }{RL}\left(nt\right)={\underset{\sim }{AV}}_{\mathit{L}}\left(nt\right)\stackrel{\sim }{\odot }{ \underset{\sim }{AV}}_{\mathit{P}\mathit{C}}\left(nt\right)$$

(13)

where $nt=\overline{1,st}$, $\stackrel{\sim }{\odot }$ is the fuzzy multiplication sign, and ${\underset{\sim }{AV}}_{\mathit{L}}\left(nt\right)$ ta ${\underset{\sim }{AV}}_{\mathit{P}\mathit{C}}\left(nt\right)$ are the average FN values for L and PC of the $nt$-th threat

Taking Formulas (7) and (8) into account, Expression (13) is presented as follows:

$$\underset{\sim }{RL}(nt)=\left\{\bigcup _{k=1}^4\mu \left({{AV}_L\left(nt\right)}_k\right)\mathbf{/}{{AV}_L\left(nt\right)}_k\right\} \stackrel{\sim }{\odot } \left\{\bigcup _{k=1}^4\mu \left({{AV}_{PC}\left(nt\right)}_k\right)\mathbf{/}{{AV}_{PC}\left(nt\right)}_k\right\}=$$

$${\left(\bigcup _{k=1}^4{{AV}_L\left(nt\right)}_k\right)}_{LR}\stackrel{\sim }{\odot }{\left(\bigcup _{k=1}^4{{AV}_{PC}\left(nt\right)}_k\right)}_{LR}=$$

{$\mu \left({{AV}_L\left(nt\right)}_1\right)\mathbf{/}{{AV}_L\left(nt\right)}_1;$ $\mu \left({{AV}_L\left(nt\right)}_2\right)\mathbf{/}{{AV}_L\left(nt\right)}_2$; $\mu \left({{AV}_L\left(nt\right)}_3\right)\mathbf{/}{{AV}_L\left(nt\right)}_3$; $\mu \left({{AV}_L\left(nt\right)}_4\right)\mathbf{/}{{AV}_L\left(nt\right)}_4$} $\stackrel{\sim }{\odot }$ {$\mu \left({{AV}_{PC}\left(nt\right)}_1\right)\mathbf{/}{{AV}_{PC}\left(nt\right)}_1;$ $\mu \left({{AV}_{PC}\left(nt\right)}_2\right)\mathbf{/}{{AV}_{PC}\left(nt\right)}_2$; $\mu \left({{AV}_{PC}\left(nt\right)}_3\right)\mathbf{/}{{AV}_{PC}\left(nt\right)}_3$; $\mu \left({{AV}_{PC}\left(nt\right)}_4\right)\mathbf{/}{{AV}_{PC}\left(nt\right)}_4$}.

So, for example, using (13) for the first threat ($nt=1$: Malware: “Virus”), $RL\left(1\right)={\underset{\sim }{AV}}_{\mathit{L}}\left(1\right)\stackrel{\sim }{\odot }{\underset{\sim }{AV}}_{\mathit{P}\mathit{C}}\left(1\right)$ = {0/6.8; 1/11.5; 1/12.2; 0/13.4} $\stackrel{\sim }{\odot }$ {0/6.66; 1/11.66; 1/12.11; 0/14.49} = {0/45.60; 1/139.73; 1/147.97; 0/194.75} = (45.60; 139.73; 147.97; 194.75)_LR. The obtained results for $nt=\overline{1,21}$ are listed in

Table 5. Risk assessment results.

	Hybrid Threat Identifier of the CSS (Likely Unwanted (Negative) Phenomena, Actions: Cybersecurity Aspect)	$\underset{\sim }{\mathit{R}\mathit{L}}\left(\mathit{n}\mathit{t}\right)=\left\{{\displaystyle \bigcup _{\mathit{k}=1}^4}\mathit{\mu }(\mathit{R}\mathit{L}{\left(\mathit{n}\mathit{t}\right)}_{\mathit{k}}\mathbf{/}\mathit{R}\mathit{L}{\left(\mathit{n}\mathit{t}\right)}_{\mathit{k}})\right\}$
1.	Malware: “Virus”	{0/45.60; 1/139.73; 1/147.97; 0/194.75}
2.	Malware: “Worm”	{0/36.24; 1/125.50; 1/131.57; 0/182.13}
3.	Malware: “Ransomware”	{0/35.42; 1/123.33; 1/128.83; 0/179.51}
4.	Malware: “Trojan”	{0/50.79; 1/148.48; 1/157.33; 0/202.56}
5.	Malware: “Dialler”	{0/18.54; 1/91.23; 1/93.33; 0/147.35}
6.	Malware: “Rootkit”	{0/22.15; 1/117.30; 1/121.38; 0/174.72}
7.	Malware: “Polymorphic and Metamorphic”	{0/35.28; 1/126.85; 1/131.22; 0/184.98}
8.	Malware: “XSS”	{0/26.81; 1/109.15; 1/113.02; 0/166.85}
9.	Malware: “Keylogger”	{0/27.71; 1/109.89; 1/113.52; 0/167.01}
10.	Web-based attacks	{0/39.14; 1/131.95; 1/138.29; 0/188.91}
11.	Phishing	{0/37.02; 1/126.43; 1/132.83; 0/182.93}
12.	Spam	{0/22.71; 1/88.82; 1/94.73; 0/139.74}
13.	Botnets	{0/25.97; 1/102.98; 1/107.57; 0/157.97}
14.	Data breaches	{0/51.06; 1/151.51; 1/159.08; 0/207.20}
15.	Insider threat	{0/34.79; 1/123.97; 1/128.63; 0/180.65}
16.	Physical manipulation, damage, theft and loss	{0/36.27; 1/126.38; 1/131.32; 0/183.39}
17.	Information leakage	{0/54.49; 1/156.68; 1/164.94; 0/211.80}
18.	Identity theft	{0/49.31; 1/147.10; 1/154.80; 0/201.98}
19.	Cryptojacking	{0/25.39; 1/103.50; 1/107.31; 0/160.11}
20.	Covert information gathering	{0/30.95; 1/114.81; 1/119.30; 0/171.38}
21.	Cyberespionage	{0/46.16; 1/143.06; 1/150.08; 0/198.64}

.

3.1.8. Stage 8—Calculation of the Generalized Hamming Distance

To determine the risk level for each threat, it is necessary to calculate the GHD [46] $H(nt, i)$ and compare the current results $\underset{\sim }{RL}\left(nt\right)$ with their benchmarks formed at stage 6. To compare the indicated FNs, the GHD set is used:

$$\left\{\bigcup _{nt=1}^{st}\left\{\bigcup _{i=1}^n\left\{H(nt,i)\right\}\right\}\right\}=\left\{\bigcup _{nt=1}^{st}\left\{\bigcup _{i=1}^{n}h\left(\underset{\sim }{RL}\left(nt\right), {\underset{\sim }{T}}_{RL}{\left(nt\right)}_i\right)\right\}\right\}=$$

$$\left\{\bigcup _{nt=1}^{st}\left\{\bigcup _{i=1}^n\sum _{k=1}^4\left|{\underset{\sim }{RL}\left(nt\right)}_k-{\underset{\sim }{T}}_{RL}{\left(nt\right)}_{ik}\right|\right\}\right\},$$

where, for the $nt$-th threat, the minimum value $H_{min}\left(nt\right)$ of all

$$\bigcup _{i=1}^n\left\{H\left(nt,i\right)\right\}$$

indicates the greatest proximity of the NF to the reference [46] ($nt=\overline{1,st}$, where $st$ is the number of threats, and $i=\overline{1,n}$, where $n$ is the number of term-sets). So, for example, for $nt=1$ and $n=4$:

$$\left\{\bigcup _{i=1}^{4}H(1,i)\right\}=\left\{\bigcup _{i=1}^{4}h\left({\underset{\sim }{RL}\left(1\right)}_k, {\underset{\sim }{T}}_{RL}{\left(1\right)}_i\right)\right\}=\left\{\bigcup _{i=1}^4\sum _{k=1}^4\left|{\underset{\sim }{RL}\left(1\right)}_k-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{ik}\right|\right\}=$$

$$\{\left|{\underset{\sim }{RL}\left(1\right)}_1-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{11}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_1-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{12}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_1-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{13}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_1-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{14}\right|;$$

$$\left|{\underset{\sim }{RL}\left(1\right)}_2-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{21}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_2-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{22}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_2-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{23}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_2-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{24}\right|;$$

$$\left|{\underset{\sim }{RL}\left(1\right)}_3-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{31}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_3-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{32}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_3-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{33}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_3-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{34}\right|;$$

$$\left|{\underset{\sim }{RL}\left(1\right)}_4-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{41}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_1-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{42}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_4-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{43}\right|+\left|{\underset{\sim }{RL}\left(1\right)}_4-{\underset{\sim }{T}}_{RL}{\left(1\right)}_{44}\right|\}=$$

{399.47; 99.47; 243.38; 543.38}.

The obtained results for $nt=\overline{1,21}$ are listed in

Table 6. GHD calculation results.

	$\underset{\sim }{RL}\left(nt\right)$	Low	Medium	High	Critical
		${{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$ (i=$\overline{1,4}$, $nt=\overline{1,st}$)
		${{\underset{\sim }{T}}_{RL}\left(nt\right)}_1$	${{\underset{\sim }{T}}_{RL}\left(nt\right)}_2$	${{\underset{\sim }{T}}_{RL}\left(nt\right)}_3$	${{\underset{\sim }{T}}_{RL}\left(nt\right)}_4$
		GHD
		$H\left(nt,1\right)$	$H\left(nt,2\right)$	$H\left(nt,3\right)$	$H\left(nt,4\right)$
1.	{0/45.60; 1/139.73; 1/147.97; 0/194.75}	399.47	99.47	243.38	543.38
2.	{0/36.24; 1/125.50; 1/131.57; 0/182.13}	346.88	60.11	295.98	595.98
3.	{0/35.42; 1/123.33; 1/128.83; 0/179.51}	338.52	53.39	304.34	604.34
4.	{0/50.79; 1/148.48; 1/157.33; 0/202.56}	430.59	130.59	212.26	512.26
5.	{0/18.54; 1/91.23; 1/93.33; 0/147.35}	221.88	89.16	420.97	720.97
6.	{0/22.15; 1/117.30; 1/121.38; 0/174.72}	306.98	62.78	335.88	635.88
7.	{0/35.28; 1/126.85; 1/131.22; 0/184.98}	349.76	64.92	293.09	593.09
8.	{0/26.81; 1/109.15; 1/113.02; 0/166.85}	287.26	59.61	355.60	655.60
9.	{0/27.71; 1/109.89; 1/113.52; 0/167.01}	289.56	58.80	353.30	653.30
10.	{0/39.14; 1/131.95; 1/138.29; 0/188.91}	369.71	77.14	273.15	573.15
11.	{0/37.02; 1/126.43; 1/132.83; 0/182.93}	350.63	62.32	292.22	592.22
12.	{0/22.71; 1/88.82; 1/94.73; 0/139.74}	217.43	88.79	425.43	725.43
13.	{0/25.97; 1/102.98; 1/107.57; 0/157.97}	265.92	68.62	376.94	676.94
14.	{0/51.06; 1/151.51; 1/159.08; 0/207.20}	440.28	140.28	202.57	502.57
15.	{0/34.79; 1/123.97; 1/128.63; 0/180.65}	339.48	55.60	303.38	603.38
16.	{0/36.27; 1/126.38; 1/131.32; 0/183.39}	348.78	61.96	294.07	594.07
17.	{0/54.49; 1/156.68; 1/164.94; 0/211.80}	459.33	159.33	183.52	483.52
18.	{0/49.31; 1/147.10; 1/154.80; 0/201.98}	424.61	124.61	218.25	518.25
19.	{0/25.39; 1/103.50; 1/107.31; 0/160.11}	267.75	67.82	375.11	675.11
20.	{0/30.95; 1/114.81; 1/119.30; 0/171.38}	307.87	50.32	334.99	634.99
21.	{0/46.16; 1/143.06; 1/150.08; 0/198.64}	409.37	109.37	233.49	533.49

.

3.1.9. Stage 9—Determining the Risk Level and Interpreting the Results

According to the properties of the method used in stage 8, and taking into account that the minimum of the values of $H\left(nt,i\right)$ indicates the greatest proximity of FN to the reference one, the minimum GHD of the values of $H\left(nt,i\right)$, $(i=\overline{1,n})$ are calculated by Formula (14):

$$H_{min}(nt)= \underset{i=1}{\overset{n}{\bigwedge }}H\left(nt,i\right),$$

(14)

where $H_{min} \left(nt\right)$ = $H\left(nt,i\right)$ at $min=i$.

Next, the basic pair of arguments $H_{min}\left(nt\right)$ and $H_{min}^{\prime }\left(nt\right)$ are formed to construct the associative rules necessary for determining risk, as follows:

$$H^{\prime }(nt)=\left\{\begin{array}{c}H(nt,min-1) \mathrm{at} H(nt,min-1)\le H(nt,min+1)\\ H\left(nt,min+1\right)\mathrm{at} H\left(nt,min-1\right)> H\left(nt,min+1\right),\end{array}\right.$$

(15)

which is closest to $H_{min}\left(nt\right)$.

A normalizing coefficient is introduced regarding the belonging of the current value to the reference one, which is calculated using the following expression:

$$k\left(nt\right)={\displaystyle \frac{1}{H_{min}\left(nt\right)+H^{\prime }\left(nt\right)}}.$$

(16)

Next, indicators of the expert’s level of confidence regarding the belonging of current values to a certain level of risk are formed, which are calculated using the following expression:

$${ECL}_i\left(nt\right)=1-k\left(nt\right)\ast H(nt,i)\mathrm{and} {EC{L}^{\prime }}_i\left(nt\right)=1-k\left(nt\right)\ast H^{\prime }\left(nt,i\right).$$

(17)

For example, according to (14) for $\underset{\sim }{RL} \left(1\right)$ ($nt=1$: Malware: “Virus”):

$H_{min}\left(1\right)$ = $H\left( 1,1\right) \bigwedge$ $H\left( 1,2\right) \bigwedge$H$\left( 1,3 \right)\bigwedge$ $H\left( 1,4\right)=$ 399.47 $\bigwedge$ 99.47 $\bigwedge$ 243.38$\bigwedge$ 543.38 = 99.47, and $min=2$, and according to (15): $H^{\prime }\left(1\right)=\left\{\begin{array}{c}399.47 \mathrm{at} 399.47\le 243.38\\ 243.38 \mathrm{at} 399.47>243.38,\end{array}\right.$ then $H^{\prime }\left(1\right)$= $243.38$.

Next, it is necessary to calculate the coefficient of belonging of the current value to the reference using Formula (16):

$$k\left(1\right)={\displaystyle \frac{1}{99.47+243.38}}\approx 0.003$$

and according to (17), the indicator is formed:

$${ECL}_2\left(1\right)=1-0.003\ast 99.47\approx 0.71 \mathrm{a}\mathrm{n}\mathrm{d}{ EC{L}^{\prime }}_2\left(1\right)=1-0.003\ast 243.38\approx 0.29$$

Next, a template of $IR$ rules is formed for interpreting the results: $IR( \underset{\sim }{RL}(nt);$ ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$/$ECL$; ${{\underset{\sim }{T}}^{\prime }}_{RL}{\left(nt\right)}_i$/${ECL}^{\prime }$), where $\underset{\sim }{RL}\left(nt\right)$ is the risk level of the $nt$-th threat, $(i=\overline{1,n},){{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$ are terms of values for LV $\mathbf{RL}$. For this threat, at $\underset{\sim }{RL}\left(1\right)={{\underset{\sim }{T}}_{RL}\left(1\right)}_i$, $\underset{\sim }{RL}\left(1\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_2$ = “Medium”, $ECL={ECL}_2\left(1\right)\approx$0.71, ${\underset{\sim }{RL}}^{\prime }\left(1\right)=$ ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_3$ = “High”, ${EC{L}^{\prime }=ECL}_3\left(1\right)\approx 0.29$, the result is as follows:

$$IR( \underset{\sim }{RL}(nt);“\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}{EC{L}^{\prime }}_2\left(1\right),\mathbf{“}\mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathrm{”}\mathbf{/}{ECL}_3\left(1\right) ) = \mathrm{IR} (\mathit{“}\mathrm{R}\mathrm{I}\mathrm{S}\mathrm{K} \mathrm{L}\mathrm{E}\mathrm{V}\mathrm{E}\mathrm{L}\mathit{”};\mathit{“}\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}0.71; \mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathbf{/}0.29)$$

The proposed nine-stage procedure for assessing hybrid threats formalizes the process of risk management under conditions of uncertainty. To enhance its cross-sector compatibility, it is advisable to show the correspondence of the stages of the method to the basic phases of risk management according to the international frameworks ISO 31000 and NIST CSF. Such correspondence demonstrates the applied integrativeness of the proposed approach in both the public and private regulatory environments.

Below is the summary table (see

Table 7. The correspondence of the method stages to the standard risk management phases.

Stage Number	Name of the Author’s Method Stage	ISO 31000 Corresponding Phase	NIST CSF Corresponding Function	Compliance Comment
1	Risk identification	Risk Identification	Identify	Identifying sources and types of hybrid threats
2	Expert assessment	Risk Analysis	Identify/Detect	Quantitative and qualitative assessment based on a survey
3–4	Fuzzification of intervals and judgments	Risk Analysis	Detect	Fuzzy data processing that complements classic analytics
5	Finding average values	Risk Evaluation	Detect/Analyze	Aggregation of assessments to construct a risk profile
6	Standards formation	Risk Evaluation	Analyze	Creating reference templates for comparison
7	Risk assessment	Risk Assessment	Analyze	Determining the integral risk of each threat
8	Generalized Hamming distance	Risk Evaluation	Analyze	Measurement of proximity to risk standards
9	Results interpretation	Risk Treatment/Communication	Respond/Recover	Formation of associative rules for risk management

) showing the correspondence of the method stages to the ISO/NIST phases.

The correspondence of individual stages to the procedures “Identify”, “Analyze”, “Respond”, etc., allows adapting the logic of risk assessment to existing frameworks without changing the mathematical basis of the method. This, in turn, paves the way for further integration into standardized cyber-resilience management models.

To enhance the comprehensiveness of the assessment, it is appropriate to incorporate additional parameters that combine the technical, regulatory, and social logic of cyber-resilience formation. The methodology of this study also includes the following:

• Analysis of mobile critical infrastructure, particularly systems based on unmanned aerial vehicles, which increasingly play a role in supporting civil safety, ecological monitoring, and crisis logistics. The risks associated with their deployment require dedicated modeling efforts that account for both physical threats and informational attacks.

In this context, the application of specialized risk management models focused on the dynamic behavior of mobile platforms in highly uncertain environments becomes especially relevant. UAV systems, as autonomous and remotely operated components of infrastructure, function at the intersection of several domains—aviation safety, telecommunications, navigation, sensor data acquisition, and algorithmic control. This necessitates the combination of techniques for assessing physical vulnerabilities (e.g., the impact of weather conditions, mechanical overloads, or loss of connectivity) with an analysis of cyber risks, including signal spoofing, command channel intrusion, falsification of navigational data, and algorithmic sabotage.

Within a fuzzy logic–linguistic framework, such risks can be represented through multidimensional evaluations characterized by high variability in input parameters, including a system’s adaptability to change, resilience against inaccurate or incomplete data, capacity for self-organization, and scenario-specific responsiveness. For instance, flight trajectory analysis in conjunction with GPS data loss assessment may serve as an indicator of technical cyber-resilience, while interaction with the smart region’s ecosystem reflects infrastructure-level integration.

Consequently, the analysis of mobile critical infrastructure requires a holistic approach that considers the hybrid nature of threats, which simultaneously encompass technical, informational, and societal dimensions of system functionality. This opens a pathway for designing specialized fuzzy risk scenarios that can be incorporated into the overarching cyber-resilience framework for smart regions.

• Integration with the Sustainable Development Goals (SDGs). Here, cyber-resilience is understood not merely as a technological attribute, but also as a determinant of social and ecological sustainability within regional systems. Particular emphasis is placed on Goals 9, 11, 16, and 17, which reinforce the interlinkages between infrastructure, governance, and partnership networks.

From this perspective, cyber-resilience analysis transcends technical audits and standard risk evaluations. It evolves into a strategic modeling tool for sustainable development, one that considers the interconnectedness of digital infrastructure, social cohesion, environmental stability, and institutional effectiveness.

Goal 9 (Industry, Innovation, and Infrastructure) supports the concept of digital infrastructure resilience, encompassing secure technologies not only for their ability to drive economic growth and service accessibility. Goal 11 (Sustainable Cities and Communities) calls for embedding cybersecurity into the management systems of urban critical infrastructure, especially amid hybrid threats and technological disruptions. Goal 16 (Peace, Justice, and Strong Institutions) emphasizes digital trust, personal data protection, and the role of analytics in enabling transparency, counteracting disinformation, and strengthening the rule of law. Goal 17 (Partnerships for the Goals) envisions cyber-resilience as a platform for multistakeholder collaboration across government, private, and civil sectors, including academic and technical communities.

This broadened analytical approach enables cyber-resilience to be viewed not as a reactionary function, but as a proactive regional capacity for adaptation, learning, innovation uptake, and ecosystem formation that is simultaneously technologically robust and socially inclusive. In turn, this reinforces the strategic foundations of digital sovereignty and creates a framework for “smart recovery” in post-crisis governance.

• Adaptation of international standards. This includes principles drawn from ISO/IEC 27005, NIST SP 800-30, and OECD guidance on public sector digital transformation. The methodology is localized, taking into account the specifics of the post-conflict period, the necessity of rebuilding institutional trust, and enhancing digital sovereignty.

Risk assessment and digital transformation based on adapted international standards become key instruments of strategic management, particularly in the context of comprehensive institutional recovery and reinforcement of digital autonomy. The localized context demands not mere implementation of global frameworks, but their deep transformation—aligned with local regulatory structures, resource limitations, digital ecosystem architecture, and societal expectations.

ISO/IEC 27005 offers a structured methodology for evaluating information security risks, which—in localized form—includes adjusting risk acceptance criteria to conditions of armed conflict and recovery, such as temporary access constraints, unstable supply chains, and the potential for technological innovation. NIST SP 800-30 underpins scenario-based risk modeling that accommodates not only conventional threats (external attacks, system vulnerabilities) but also emergent vectors such as fragmented digital services in disrupted regions. OECD guidelines on open governance, civic inclusion, and efficient digital public services are reframed within post-conflict recovery as a methodology for transparent community engagement in evaluating, monitoring, and reimagining institutional digital resilience.

This adaptation involves not only technical interpretation of standards but also their conceptual rethinking as part of a broader process of trust restoration, development of local competencies, and formulation of a strategic vision for digital sovereignty. The outcome is a flexible and contextually relevant analytical framework that can be scaled both to national policy and to regional implementation within the scope of smart recovery.

4. Results

According to the example, the final risk variant is interpreted by the associative rule as: “RISK LEVEL” of the threat implementation ($nt=1$: Malware: “Virus”) and is within the range between “Medium” with the expert confidence coefficient of 0.71 and “High” with the expert confidence coefficient of 0.29.

By analogy, rules have been calculated and formed for $nt=\overline{2,4}$. For example, according to (14) for $\underset{\sim }{RL} \left(2\right)$ ($nt=2$: Malware: “Worm”): $H_{min}\left(2\right)$ = $H\left(2,1\right) \bigwedge$ $H\left(2,2\right) \bigwedge$H$\left(2,3\right)\bigwedge$ $H\left(2,4\right) =$ 346.88 $\bigwedge$ 60.11 $\bigwedge$ 295.98$\bigwedge$ 595.98 = 60.11, and $min=2$, and according to (15):

$$H^{\prime }\left(2\right)=\left\{\begin{array}{c}346.88 \mathrm{at} 346.88\le 295.98\\ 295.98 \mathrm{at} 346.88>295.98,\end{array}\right.\mathrm{then} H^{\prime }\left(2\right) = 295.98.$$

Next, using (16), the coefficient of belonging of the current value to the reference value has been calculated $k\left(2\right)\approx 0.003$and according to (17) the indicator has been formed ${ECL}_2\left(2\right)=1-0.003\ast 60.11\approx 0.83$ ta${ EC{L}^{\prime }}_2\left(2\right)=1-0.003\ast 295.98\approx 0.17$.

Further, to interpret the results, the $IR$ has been formed. For this threat, at $\underset{\sim }{RL}\left(2\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$, $\underset{\sim }{RL}\left(2\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_2$= “Medium”, $ECL={ECL}_2\left(2\right)\approx$0.83, ${\underset{\sim }{RL}}^{\prime }\left(2\right)=$ ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_3$= “High”, ${EC{L}^{\prime }=ECL}_3\left(2\right)\approx 0.17$, the result is as follows: $IR( \underset{\sim }{RL}(2);$ $“\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}{EC{L}^{\prime }}_2\left(2\right),\mathbf{“}\mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathrm{”}\mathbf{/}{ECL}_3\left(2\right)$) = IR $(\mathit{“}\mathrm{R}\mathrm{I}\mathrm{S}\mathrm{K} \mathrm{L}\mathrm{E}\mathrm{V}\mathrm{E}\mathrm{L}\mathit{”};\mathit{“}\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}0.83; \mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathbf{/}0.17)$.

Next, for $\underset{\sim }{RL} \left(3\right)$ ($nt=3$: Malware: “Ransomware”): $H_{min}\left(3\right)$ = 338.52 $\bigwedge$ 53.39 $\bigwedge$ 304.34$\bigwedge$ 604.34 = 53.39, $min$ = 2: $H^{\prime }\left(3\right)$= $304.34$, and the coefficient of belonging of the current value to the reference is $k\left(3\right)\approx 0.003.$ The indicator ${ECL}_2\left(3\right)=1-0.003\ast 53.39\approx 0.85 \mathrm{a}\mathrm{n}\mathrm{d}{ EC{L}^{\prime }}_2\left(3\right)=1-0.003\ast 304.34\approx 0.15$. Then at $\underset{\sim }{RL}\left(3\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$, $\underset{\sim }{RL}\left(3\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_2$= “Medium”, $ECL={ECL}_2\left(3\right)\approx$ 0.85, ${\underset{\sim }{RL}}^{\prime }\left(3\right)=$ ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_3$ = “High”, ${EC{L}^{\prime }=ECL}_3\left(3\right)\approx 0.15$, the result is $IR( \underset{\sim }{RL}(3);$ $“\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}{EC{L}^{\prime }}_2\left(3\right),\mathbf{“}\mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathrm{”}\mathbf{/}{ECL}_3\left(3\right)$) = IR $(\mathit{“}\mathrm{R}\mathrm{I}\mathrm{S}\mathrm{K} \mathrm{L}\mathrm{E}\mathrm{V}\mathrm{E}\mathrm{L}\mathit{”};\mathit{“}\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}0.85; \mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathbf{/}0.15).$

And for $\underset{\sim }{RL} \left(4\right)$ ($nt=4$: Malware: “Trojan”): $H_{min}\left(4\right)$ = 130.59, $min$ = 2, then $H^{\prime }\left(4\right)$= $212.26$. The coefficient of belonging of the current value to the reference is $k\left(4\right)\approx 0.003$, and indicators are ${ECL}_2\left(4\right)\approx 0.62$ and ${ EC{L}^{\prime }}_2\left(4\right)\approx 0.38$. Then at $\underset{\sim }{RL}\left(4\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_i$, $\underset{\sim }{RL}\left(4\right)={{\underset{\sim }{T}}_{RL}\left(nt\right)}_2$= “Medium”, $ECL={ECL}_2\left(4\right)\approx$0.62, ${\underset{\sim }{RL}}^{\prime }\left(4\right) =$ ${{\underset{\sim }{T}}_{RL}\left(nt\right)}_3$ = “High”, ${EC{L}^{\prime }=ECL}_3\left(4\right)\approx 0.38$, the result is $IR( \underset{\sim }{RL}(4);$ $“\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}{EC{L}^{\prime }}_2\left(4\right),\mathbf{“}\mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathrm{”}\mathbf{/}{ECL}_3\left(4\right)$) = IR $(\mathit{“}\mathrm{R}\mathrm{I}\mathrm{S}\mathrm{K} \mathrm{L}\mathrm{E}\mathrm{V}\mathrm{E}\mathrm{L}\mathit{”};\mathit{“}\mathrm{M}\mathrm{e}\mathrm{d}\mathrm{i}\mathrm{u}\mathrm{m}\mathrm{”}\mathbf{/}0.62; \mathrm{H}\mathrm{i}\mathrm{g}\mathrm{h}\mathbf{/}0.38)$.

Figure 4 presents a graphical interpretation of the evaluation results for $nt=\overline{1,4}$.

The proposed approach has applied significance not only for risk assessment but it can also directly affect their assessments the stability of the functioning of civil security systems. In particular, a clear ranking of hybrid cyber threats allows for timely identification of critical vulnerabilities, predicts the consequences of attacks, and ensures preventive strengthening of the critical infrastructure resilience. Due to the logical–linguistic approach and data fuzzification, the assessment system functions stably even under conditions of incomplete or contradictory data, which is key in crises. Thus, the proposed method directly contributes to reducing the risk of destabilization within the cyberspace of the state, which is one of the basic factors of its stable development.

Given the technical results obtained, it is relevant to expand the analytical framework for assessing the impact of decisions not only on security but also on the social and environmental parameters of sustainable development. The research results demonstrate that the implementation of fuzzy risk assessment models related to mobile components of critical infrastructure, in particular UAVs, enables effective identification of systemic vulnerabilities under conditions of limited information and dynamic threats.

These models can position their relevance in the context of the following:

-

Environmental monitoring (identification of potential zones of environmental degradation);

-

Safety of humanitarian aid operations (optimization of delivery routes and associated risks);

-

Information counteraction (identification of anomalies in UAV data flows).

Additional comparison of the results with relevant SDG indicators (Goals 9, 11, 16, and 17) allows for a broader evaluation of the proposed methodology’s impact on regional resilience, digital trust, and social integration. This points to the model’s potential use not only for security but also for strategic recovery planning.

At the same time, localized integration of international standards (ISO/NIST/OECD) ensures a high level of consistency between technical solutions and public expectations regarding resilience, trust, and transparency.

An important outcome of this approach is the possibility of implementing tangible measures based on the development of a structured roadmap for cyber-resilience implementation within the context of the state’s regional sustainable development strategies. It combines three key analytical frameworks (mobile infrastructure, SDGs, and standards) and transforms them into a logic of practical realization. This roadmap envisions a phased transformation of analytical approaches into practical management tools. Its structure is based on three key concepts: analysis of mobile critical infrastructure (in particular UAV systems), integration with Sustainable Development Goals (SDGs), and adaptation of international standards for risk assessment and digital transformation (ISO/IEC 27005, NIST SP 800-30, and OECD).

In the first phase, which lasts up to six months, strategic diagnostics are conducted. Focus is placed on identifying regional mobile infrastructure assets, analyzing their vulnerability to hybrid threats, and preliminary mapping of the digital capacity of territorial communities. In parallel, evaluation begins with compliance with international standards in the field of information security and the determination of relevant sustainable development benchmarks (particularly SDGs 9, 11, 16, and 17).

The second phase (6–12 months) involves localization of international standards according to the realities of the post-conflict period. This includes adapting risk criteria and scenario modeling to account for instability, fragmentation of digital services, and resource constraints. In addition to technical transformation of standards, digital indicators of social trust and environmental resilience are developed. A compatibility matrix between adapted standards and Sustainable Development Goals is formulated, laying the groundwork for integrated models of digital transformation.

The third phase (12–24 months) focuses on pilot implementation of regional cyber-resilience programs. Special attention is given to the creation of dashboards for risks and cyber incidents, the launch of educational campaigns on digital ethics, and the formation of cross-sectoral partnerships. Within this phase, program impact is verified through the system of SDG indicators, including infrastructure innovation (SDG 9), sustainability of urban governance (SDG 11), institutional transparency (SDG 16), and partnership effectiveness (SDG 17).

The fourth phase (24–36 months) involves interregional expansion of the developments and their integration into national frameworks for digital sovereignty. Cyber resilience is institutionalized as a component of regional sustainable development plans. An interregional platform is established for the exchange of risk models and innovations, and mechanisms are built for collaboration with international donors, analytical centers, and the academic community.

Overall, such a consistent roadmap structure allows not only for the integration of cyber-resilience concepts into sustainable development strategies but also for their adaptation to complex reality, forming the foundation for strategic modernization of public administration, infrastructure, and societal trust in the digital age.

5. Discussion

The work is devoted to the development of an approach to assessing the risks of hybrid threats in the civil security sector based on fuzzy set theory. This method consists of nine stages and takes into account the following aspects:

• Threat identification.
• Expert threat assessment.
• Fuzzification of intervals and expert judgments.
• Use of indicators of average values and benchmarks.
• Calculating risks and generalized Hamming distance.

This method allows taking into account the uncertainty and subjectivity of expert judgments, ensuring flexibility and adaptability in decision-making. This is especially important for systems that require stable and continuous operation even under conditions of external hybrid pressure.

The theoretical significance of this approach is that the approach demonstrates how the fuzzy set theory can be applied to the processing of weakly formalized, vaguely defined data in complex risk management systems. This makes it promising for research in areas where traditional approaches are ineffective. Thanks to the clearly defined nine stages, the process becomes not only understandable but also easily adaptable to different contexts, such as other aspects of hybrid threats (for example, information or physical security). The use of tools such as the generalized Hamming distance increases the accuracy of risk identification, reducing the risk of erroneous conclusions with minimal data discrepancies. This, in turn, allows maintaining the stability of the functioning of various systems, reducing the likelihood of failures or interruptions in critical processes.

The proposed assessment system has the potential to integrate with existing risk management frameworks such as ISO31000, NIST Cybersecurity Framework (CSF), and ENISA Risk Management Framework. Its logical–linguistic approach allows for the alignment of the identification, assessment, ranking, and response phases with risk management structures already in place in the public and private sectors. Such integration provides the dual effect of maintaining regulatory compliance and increasing assessment accuracy in conditions of data ambiguity.

The proposed stages form the basis for creating software that will significantly accelerate risk assessment, providing the ability to integrate with existing threat monitoring systems. In addition, this approach opens up opportunities for combination with artificial intelligence technologies (e.g., for risk forecasting) and Big Data to expand analytical potential. The mathematical structure of the method does not limit its application only to the Civil Security Sector. For example, in the financial sector, it is possible to classify hybrid threats as attacks on payment systems, cyber fraud, or data integrity violations. The linguistic variables “probability” and “consequences” retain semantic consistency, which allows for the formation of risk profiles similar to those described in the article, without changing the structure of the nine-stage assessment.

From a practical point of view, this method allows solving specific tasks of threat assessment and ranking, providing more informed decision-making on resource allocation and implementation of various preventive measures that will ensure the stability of critical infrastructures. This is of particular value for organizations that seek to maintain stable functioning even under complex hybrid influences. Using the method allows assessing critical threats (e.g., cyber espionage, data breach) and ensuring their ranking for priority response. This is key in preventing large-scale cyber incidents that can destabilize entire industries and negatively affect the sustainable development of the state.

The method allows you to adapt to the specific needs of organizations operating in different CSS. Its implementation contributes to increasing resilience to hybrid threats and ensuring the stability of key elements of the information infrastructure, which is a key aspect for modern cybersecurity of the state. For example, it can be used to protect critical infrastructure facilities, such as energy or financial systems. Taking into account a clear ranking of threats, it becomes possible to direct resources to handle the most significant risks, avoiding overspending on minor threats and at the same time maintaining the stability of the systems.

Moreover, the implementation of this approach is essential for increasing stability in the CSS. Clear structuring of risks and fuzzification mechanisms allows avoiding excessive dependence on individual sources of information, ensuring the stability of management decisions in conditions of limited time or data scarcity. The adaptability of the method to new threats contributes to the long-term stability of the functioning of critical infrastructure, which is especially important in conditions of hybrid aggression.

Thus, the method of assessing the risks of hybrid threats based on fuzzy set theory has significant theoretical and practical value as a tool for processing complex and uncertain data. It provides effective risk management in the face of modern challenges in the field of cybersecurity, especially for countries such as Ukraine, which are under the influence of multi-component hybrid threats. The implementation of this approach contributes to the creation of a more secure information space, reducing risks for both public and private structures.

In addition to technical efficiency, it is also relevant to comprehend the role of analytics in building trust, restoring regions, and shaping a culture of digital resilience.

The discussion of the research findings gains particular significance in the context where analytical tools perform technical and cultural–strategic functions. The fuzzy risk modeling related to mobile critical infrastructure and the integration of SDG indicators enables the formation of a new quality of managerial decisions based on flexibility, humanity, and evidence.

Analytics is regarded as an institutional practice that contributes to the following:

• the restoration of trust between citizens, the state, and technologies;
• the professionalization of cyber-resilience culture through coordinated actions, ethical transparency, and strategic thinking;
• the localization of global standards in a manner that preserves the dignity and autonomy of regions.

This shift toward analytics as a cultural process opens opportunities for transforming the role of a specialist from a technical executor to a strategic and trusted agent of change.

Such a rethinking of the methodology and results not only allows analytics to be seen as a response to threats but also as a proactive tool for shaping holistic regional policy based on principles of dignity, resilience, and social partnership.

6. Conclusions

According to the results obtained (see Table 1 and Table 6), the characteristic risk level of all the mentioned CSS hybrid threats in Ukraine is “Medium”. At the same time, taking into account the associative rules formed at stage 9 and the expert’s confidence coefficients, in order to more effectively use the necessary resources to ensure the appropriate level of cybersecurity in the state, the priority of cyber threats (using the example of the first four) was determined in terms of reducing their risk level: (1) $nt=4$: Malware: “Trojan”; (2) $nt=1$: Malware: “Virus”; (3) $nt=2$: Malware: “Worm”; (4) $nt=4$: Malware: “Ransomware”, since the values of their terms are closer to the “High” level with the expert confidence coefficients ${ECL}_3\left(4\right)\approx 0.38$, ${ECL}_3\left(1\right)\approx 0.29$, ${ECL}_3\left(2\right)\approx 0.17$, and ${ECL}_3\left(3\right)\approx 0.15$, respectively.

Thus, the method for assessing the level of risk has been developed, which, through the procedures of identifying threats, their expert assessment, forming linguistic variables, fuzzifying intervals and expert judgments, finding average values, forming standards, forming a set of characteristics of objects under review, the process of initial measurement, determining current values of the risk level, forming a generalized Hamming distance, and determining the risk level, which are formalized by the corresponding stages, allows implementing the process of assessing the level of cybersecurity risk of hybrid threats in the CSS of Ukraine and, based on the data obtained, rationally distributing the available resources to protect the critical infrastructure of the state.

Moreover, the implementation of this method contributes to increasing the stability of various systems, in particular the CSS, through timely response to priority threats, reducing the impact of uncertainty and enabling effective risk management. Adaptation to specific scenarios of hybrid aggression allows minimizing destabilizing effects, ensuring the stable functioning of state and infrastructure systems even in difficult security situations.

In the future, it is necessary to build an appropriate software system that will allow automating such an assessment process when forming a new survey or a list of new threats, as well as generating recommendations for rational resource allocation. The implementation of the proposed method also opens up the possibility of combining it with international risk assessment frameworks. For example, the calculated levels of hybrid impact risks can be used to form integrated cyber risk maps within the framework of ISO31000 or NIST CSF structures, including the “Protect” and “Respond” categories. This will not only contribute to the unification of approaches to risk management and ensure the stability of critical infrastructures at the cross-sectoral level, as well as reduce risks, but also generally increase the stability and reliability of the information environment in conditions of hybrid impact. It is advisable to use the proposed approach for regular monitoring of the stability of critical infrastructure facilities of the state as one of the tools for ensuring its sustainable development.

Moreover, it is advisable to expand the scope of the method to other segments of critical infrastructure, taking into account the specific threats of each sector. This will allow creating a universal platform for assessing the risks of hybrid impact with the ability to adapt to the requirements of a specific industry without the necessity to change the basic model.

According to the results obtained, the model demonstrates the potential for adaptation to various scenarios of digital risk management under conditions of uncertainty. The conclusions of this study go beyond purely technical analytics. They reveal the model’s potential as a tool for interdisciplinary transformation of practices in security, management, and sustainable development. The localized integration of international standards (ISO, NIST, OECD), taking into account challenges of digital sovereignty, post-conflict recovery, and institutional trust, enables the formation of a new culture of strategic analytics.

The ethical component of the model, particularly the emphasis on flexibility, transparency, and social responsibility, gives opportunities for building a professional community capable of acting not only as technical experts but also as strategic facilitators of change.

In the international context, the proposed solution demonstrates adaptability to polycentric scenarios of digital development, where cyber-resilience intersects with humanitarian security, environmental monitoring, and cultural integration of standards. The model is not only technically effective but also institutionally, strategically, and philosophically relevant.

Thus, analytics in this study is regarded as the fundamental component of modern governance that contributes to the construction of more dignified, mature, and resilient societies.