Article

Received 19.01.2025

Revised 22.05.2025

Accepted 24.06.2025

Retrieved from Iss. 117, P. 2, 2025

Pages 394 -406

Strokan, D., & Tkachenko, V. (2025). INTEGRATION OF THE SURE-RM MODEL INTO THE IT RISK MANAGEMENT SYSTEM OF RENEWABLE ENERGY PROJECTS. Automobile Roads and Road Construction, (117.2), 394-406. https://doi.org/10.33744/0365-8171-2025-117.2-394-406

INTEGRATION OF THE SURE-RM MODEL INTO THE IT RISK MANAGEMENT SYSTEM OF RENEWABLE ENERGY PROJECTS

Dmytro Strokan Valentyn Tkachenko

The rapid digitalization of renewable energy facilities is creating a new class of risks related to information security, data integrity, and operational process resilience. With the growth in solar and wind power plant capacity, integration of intelligent control systems, and remote monitoring channels, the dependence of business indicators on the reliability of IT/OT landscapes is increasing. Existing international risk management standards (ISO 31000, ISO/IEC 27005, NIST RMF) do not fully take into account the geographical distribution of assets, seasonality of generation, hybridity of SCADA infrastructures, and the specifics of interaction with market and meteorological APIs. The article proposes the SURE RM model - a structured, practically oriented approach to IT risk management in renewable energy projects. The model covers the full life cycle: from the formation of an asset register and threat scanning to context analytics, development and implementation of response plans, and evaluation of the effectiveness of the measures taken. Special attention is paid to the semi-quantitative risk assessment method (P×I×D×C), which provides transparent prioritization of scenarios and optimization of costs for countermeasures. The proposed artifacts (asset register, threat catalog, risk heat maps, playbooks) are integrated with PMBOK, PRINCE2 and Agile methodologies, which makes the model compatible with traditional and agile project management. A demonstration example of a 10 MW solar power plant shows practical steps for building a threat map, ranking risks and choosing a response strategy, which allows reducing the average downtime, accelerating SCADA data recovery and reducing financial losses. SURE RM provides structured stakeholder engagement, generates performance metrics (MTTR, RTO, RPO, MFA coverage) and facilitates coordination with external audits. The model can be scaled for a portfolio of facilities of different generation types, supports threat catalog updating and analytics automation. The extended abstract reflects the scientific novelty, practical utility and potential directions for further research, including calibration of probabilistic models based on historical incidents, development of automated monitoring panels and economic assessment of the effectiveness of countermeasures in the long term

risk management, cybersecurity, renewable energy, SURE-RM, SCADA, OT/IT, ICS, risk assessment, operational resilience
  1. Semko, I.B., Strokan, D.V., & Bielov, O.Ye. (2022). Project, program, portfolio management. In Proceedings of the VII International Scientific and Practical Conference P3M-2022: Abstracts (Vol. 2, pp. 77-80). Odesa: Institute of Artificial Intelligence and Robotics.
  2. Strokan, D.V., & Tkachenko, V.F. (2025). SURE-RM model for managing IT risks in renewable energy projects. In Proceedings of the XXII International Conference “Project Management in Society Development” (pp. 267-271). Kyiv: Kyiv National University of Construction and Architecture.
  3. International Organization for Standardization. (2018). ISO 31000:2018. Risk management  guidelines. Geneva: International Organization for Standardization.
  4. International Organization for Standardization. (2018). ISO/IEC 27005:2018. Information technology  security techniques  information security risk management. Geneva: International Organization for Standardization.
  5. National Institute of Standards and Technology. (2018). Framework for risk management in information technology (RMF). Gaithersburg, MD: National Institute of Standards and Technology.
  6. Danchenko, O.B., & Strokan, D.V. (2024). Digital energy in Ukraine – building an innovative future. In Proceedings of the IX International Scientific and Practical Conference Project, Program, Portfolio Management. P3M-2024: Abstracts (Vol. 1, pp. 200-205). Odesa: Institute of Artificial Intelligence and Robotics.
  7. Prykhodko, I., Ihnatyshyn, V., & Prykhodko, Yu. (2024). Features of the development of renewable energy in Ukraine and the world. Economy and Society, 62.

https://doi.org/10.33744/0365-8171-2025-117.2-394-406