The article addresses the challenge of making well-grounded architectural decisions in the field of cybersecurity for critical infrastructure facilities under increasing threats, limited resources, and complex interdisciplinary system structures. Modern approaches to building protection systems are analyzed, including the Zero Trust Architecture concept, Explainable AI methods, and risk-based models applied for threat detection and response in highly critical environments. It is identified that existing solutions lack sufficient adaptability and fail to account for the set of interrelated criteria that influence the effectiveness of the protection system architecture. The aim of the research is to develop an integrated decision support system (DSS) that considers the multidimensional nature of cybersecurity tasks and enables the selection of optimal architectures taking into account technical, organizational, and economic factors. A multi-criteria approach based on AHP is proposed, complemented by a structural impact analysis module and a dynamic mechanism for updating criterion weights in accordance with evolving threats and risks. Evaluation criteria for protection architectures (MTTD, MTTR, threat detection rate, automation level, cost, policy compliance, etc.) are formalized with consideration of their functional characteristics and types of utility functions. The practical implementation of the DSS is carried out using Python and the Streamlit library, which provides interactive user engagement, construction of comparison matrices, visualization of causal relationships, and generation of ranked solutions in a user-friendly format. The article presents the architecture of the software module, an example of system functionality based on three architectural models (classical, ZTA, cloud-based), and justifies the choice of an alternative in the context of critical infrastructure. The proposed approach improves the justification and transparency of cybersecurity-related decisions and allows for system adaptation to real-world operational environments, ensuring resilience to complex multi-vector attacks. The results can be applied for the automated design of security architectures in sectors such as energy, transportation, telecommunications, and other critical domains.
Dolgova et al. (Fri,) studied this question.