Sharing the Cyber Threat Intelligence on Cyber Crises: The Appropriate Role of the National Intelligence Agency

사이버위기에 대응하기 위한 국가정보기관의 사이버위협정보 공유 역할에 대한 고찰

  • Kim, Daegeon (Center for Information Security Technologies, Korea University) ;
  • Baek, Seungsoo (Center for Information Security Technologies, Korea University) ;
  • Yoo, Donghee (Dept. of Management Information Systems, Gyeongsang National University)
  • 김대건 (고려대학교 정보보호대학원) ;
  • 백승수 (고려대학교 정보보호대학원) ;
  • 유동희 (경상대학교 경영정보학과)
  • Received : 2017.04.05
  • Accepted : 2017.06.20
  • Published : 2017.06.28


The role of government is to defend its lands and people from enemies. The range of that defense has now extended into the cyber domain, regarded as the fourth domain of the conventional defense domains (i.e., land, sea, sky, and universe). Traditionally, a government's intelligence power overrides that of its civilians, and government is exclusively responsible for defense. However, it is difficult for government to take the initiative to defend in the cyber domain because civilians already have a greater means for collecting information, which is known as being "intelligence inverse" in the cyber domain. To this end, we first define the intelligence inverse phenomenon and then analyze its main features. Then we investigate foreign countries' efforts to overcome the phenomenon and look at the current domestic situation. Based on these results, we describe the appropriate role of the National Intelligence Agency to handle cyber threats and offer a cyber threat intelligence model to share with civilians to help protect against these threats. Using the proposed model, we propose that the National Intelligence Agency should establish a base system that will respond to cyber threats more effectively.


  1. H. Rha and H. Chung, "A Theoretical Comparative Study of Human Resource Security Based on Korean and Int'l Information Security Management Systems," Journal of Convergence for Information Technology, Vol. 6, No. 3, pp. 13-19, 2016.
  2. M. Gu and Y. Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code," Journal of Convergence for Information Technology, Vol. 5, No. 4, pp. 37-42, 2015.
  3. D. T. Kuehl, "From cyberspace to cyberpower: Defining the problem," In F. Kramer, S. Starr, & L. K. Wentz (Eds.), Cyberpower and national security, pp. 24-42, Washington, DC: National Defense University Press, 2009.
  4. K. Lee, "Cyber security strategies for world and security policy direction for Korea - focused on U.S.A.," ICT & Media Policy, Vol. 23, No. 16, pp. 1-27, 2011.
  5. O. S. Saydjari, "Cyber Defense: Art to Science," Communications of the ACM, Vol. 47, No. 3, pp. 53-57, 2004.
  6. T. Ring, "Threat intelligence: why people don't share," Computer Fraud and Security, Vol. 2014, No. 3, pp. 5-9, 2014.
  7. R. McMillan, "Definition: Threat intelligence," Gartner, 2013,
  8. Joint Chief of Staff, Joint Publication 2-0, Joint Intelligence, US DoD, 2013,
  9. P. Duvenage and S. Solms, "Putting Counterintelligence in Cyber Counterintelligence: Back to the Future," In proceedings of 13th European Conference on Cyber Warfare and Security, Piraeus, Greece, July, 2014.
  10. J. Verble, "The NSA and Edward Snowden: surveillance in the 21st century," ACM SIGCAS Computers and Society, Vol. 44, No. 3, pp. 14-20, 2014.
  11. National Security Agency, XKeyscore: NSA tool collects 'nearly everything a user does on the internet', 2008,
  12. National Security Agency, Peeling back the layers of Tor with EgotisticalGiraffe, 2007,
  13., H.R.234 - Cyber Intelligence Sharing and Protection Act, 114th Congress, 2015,
  14., S.754 - Cybersecurity Information Sharing Act of 2015, 114th Congress, 2015.
  15. C. Johnson, L. Badger, D. Waltermire, J. Snyder, and C. Skorupka, "Guide to cyber threat information sharing," Technical report, NIST, 2016.
  16. Information-Technology Promotion Agency, Initiative for cyber security information sharing partnership of Japan (J-CSIP), Annual Activity Report FY2012, 32417.pdf
  17. NATO Cooperative Cyber Defence Centre of Excellence,
  18. European Union Agency for Network and Information Security,
  19. National Assembly, National Cyber Security Management Act, 2005.
  20. Korea Communications Commission, Compre-hensive National Cyber Crisis Plan, 2009.
  21. Ministry of Science, ICT and Future Planning, Comprehensive National Cyber Security Plan, 2013.
  22. National Assembly, Legislative Bill for Cyber Threat Intelligence Sharing, 2015.
  23. National Assembly, Korea Ministry of Government Legislation, Legislative Bill for National Cyber Terror Prevention, 2016.
  24. National Assembly, Legislative Notice: AFundamental Law for the National Cyber Security, 2016.
  25. J. Kim, "National information security agenda and policies," Journal of Digital Convergence, Vol. 10, No. 1, pp. 105-111, 2012.
  26. K. Lee, "Analysis of Threats Factor in IT Convergence Security," Journal of the Korea Convergence Society, Vol. 1, No. 1, pp. 49-55, 2010.
  27. H. Lee, O. Na, S. Sung, and H. Chang, "A Design on Security Governance Framework for Industry Convergence Environment," Journal of the Korea Convergence Society, Vol. 6, No. 4, pp. 33-40, 2015.