Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Case studies : Security issues of IT products in terms of supply chain

사례 위주로 본 공급자망을 중심으로 한 IT제품 보안 위험

  • 최웅철 (광운대학교 컴퓨터소프트웨어학과)
  • Received : 2016.11.20
  • Accepted : 2016.12.14
  • Published : 2016.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Before an IT product is used, there is a sequence of the process such as the components supply-demand of the product, their assembly and production, their logistics and delivery, and then finally, the product can be used by a user. During this sequence of the process, there can be many security exposures and risks. In this paper, we show, by examining security cases of various IT products, that there are many security exposures in the process of IT products from their production to their delivery to end users and in their use, and also show how critical the security exposures are. Even though there are various security theories, technologies and security controls, there is still weak link from the production of an IT product to its use, and this weak link can lead to security vulnerabilities and risks. This paper tries to call attention to the importance of the execution of the security control and the control components. We examine the practical cases to find out how the security control is paralyzed, and to show how it is compromised by asymmetric security resources. Lastly, from the cases, we examine and review the possible domestic security issues and their countermeasures.

Keywords

References

  1. ISO 28000:2007, http://www.iso.org/iso/catalogue_detail?csnumber=44641, ISO
  2. Raul Roldan, http://www.zdnet.com/article/fbi-counterfeit-cisco-routers-risk-it-subversion/, ZDNET, 2008.
  3. Andover Test for Real/Fake Cisco, http://www.andovercg.com/services/cisco-counterfeit-wic-1dsu-t1.shtml, Andover.
  4. Zeriva Anti-Counterfeit Process, http://www.zeriva.com/cisco-refurb/refurb-process/zerivaanti-counterfeit-process/, Zeriva.
  5. Dept. of Homeland Security. https://www.dhs.gov/, US Government.
  6. Robert McMillan, http://www.infoworld.com/article/2650800/security/seagate-ships-virus-laden-hard-drives.html, Infoworld, 2007.
  7. Michael Lee, http://www.zdnet.com/article/aldi-sells-hard-drives-with-malware-inside/, ZDNET, 2011.
  8. Darren Pauli, http://www.crn.com.au/news/aldi-recalls-conficker-infected-hard-drives-265264, CRN, 2011.
  9. Virus Bulletin, https://www.virusbulletin.com/blog/2008/04/hp-ships-infected-usb-keys, Virus Bulletin, 2008.
  10. HP 고객지원센터, http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_nac01404119, HP, 2008.
  11. Anonymous, http://blog.irreverence.co.uk/?p=509, 2008.
  12. Associated Press, https://www.theguardian.com/technology/2012/sep/14/malware-installed-computers-factories-microsoft, TheGuardian, 2012.
  13. Robert Charette, http://spectrum.ieee.org/riskfactor/computing/it/thumb_drive_security _peril_at, IEEE Spectrum, 2008.
  14. 성상훈, http://www.ittoday.co.kr/news/articleView.html?idxno=58403, 아이티투데이, 2015.
  15. Swati Khandelwal, http://thehackernews.com/2016/09/xiaomi-android-backdoor.html, The Hacker News, 2016.
  16. 정병호, "기밀정보 유출 경험을 가진 기업들의 정보사고 대응역량 강화에 관한 연구," 디지털산업정보학회 논문지, 제12권, 제2호, pp. 73-86.
  17. 김정은, 김성준, "정보보호관리체계(ISMS)를 이용한 중소기업 기술보호 개선방안 연구," 디지털 산업정보학회 논문지, 제12권, 제3호, pp. 33-54.