Developing Reference Model for National Cybersecurity Strategy Establishment and Improvement

국가 사이버보안 전략 수립과 개선을 위한 참조 모델 개발

  • Received : 2016.05.31
  • Accepted : 2016.06.23
  • Published : 2016.06.30

Abstract

A number of countries have been developing and implementing national cybersecurity strategy to prevent damages caused by cyber threats and to minimize damages when they happened. However, there are a lot of differences and disparities in respective strategies with their own background and needs. A vulnerability in some places can be a global problem, so various guidelines have been developed by relevant organizations including international organizations to support the establishment of national cybersecurity strategies and improvement of them. In this paper, with analysis on the guidelines for the establishment of national cybersecurity strategies, reference model consisting of common elements of strategies was suggested. And several recommendations for the improvement measures for Korean national cybersecurity strategies were explained with a comparison of the reference model.

많은 국가들은 사이버위협으로 인한 피해를 사전에 예방하고, 사고 발생 시 그 피해를 최소화하기 위해 국가차원의 사이버보안 전략을 수립하여 이행하고 있다. 그러나 국가 사이버보안 전략은 해당 국가가 처한 환경과 필요에 따라 그 수준과 범위에 있어 상당한 편차를 보이고 있다. 어느 한 곳의 취약점은 전 세계적인 문제로 이어질 수 있다는 점에서 국가 사이버보안 전략 수립을 지원하고 개선하기 위해 국제기구를 비롯한 관련 기구, 기관에서 다양한 지침서가 개발되었다. 본 논문에서는 국가 사이버보안 전략 수립을 위해 발표된 각종 지침서를 분석하고, 주요 공통요소를 도출한 참조 모델을 제시하였다. 아울러 이를 우리나라 정책과 비교하여 미흡한 부분에 대한 보완대책을 제안하였다.

Keywords

References

  1. "Cybercrime Will Cost Businesses Over $2 Trillion by 2019." Juniper Research. Accessed May 24, 2016. http://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion.
  2. "National Strategies Repository." ITU. Accessed May 12, 2016. http://www.itu.int/en/ITU-D/Cybersecurity/Page s/National-Strategies-repository.aspx
  3. "National Cyber Security Strategies (NCSSs) Map", ENISA. Accessed May 21, 2016. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map
  4. "Cyber Security Strategy Documents", NATO CCDCOE. Accessed May 23, 2016. https://ccdcoe.org/strategies-policies.html.
  5. Newmeyer, Kevin P. "Elements of National Cybersecurity Strategy for Developing Nations." National Cybersecurity Institute Journal Volume 1, No3. (n.d.): 9-19.
  6. Mulligan, D. K., & Schneider, F.B., Doctrine for cybersecurity. Daedalus 140(4), 70-92. 2011.
  7. Luiijf, E., Besseling, K. and de Graaf, P. 'Nineteen national cyber security strategies', International journal of critical infrastructures, Vol. 9(1/2), 3-31. 2013. https://doi.org/10.1504/IJCIS.2013.051608
  8. 방송통신위원회, 국가 사이버위기 종합대책, 2009. 9.
  9. 방송통신위원회, 국가 사이버안보 마스터 플랜, 2011. 8.
  10. 미래부 등 관계부처 합동, 국가 사이버안보종합대책, 2013. 7.
  11. Moira J. West-Brown, Don Stikvoort, Klaus-Peter Kossakowski., Handbook for Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-HB-002. Carnegie Mellon University, 2003.
  12. Hasna ELKHANNOUBI, Mustapha BELAISSAOUI, "A Framework for an Effective Cybersecurity Strategy Implementation." Journal of Information Assurance & Security. 2016, Vol. 11 Issue 4, p233-241.
  13. JungMin Kang, HyunUk Hwang, JongMoon Lee, YoungTae Yun, ByungChul Bae, and SoonYoung Jung. "A Study on National Cyber Capability Assessment Methodology." Journal of the Korea Institute of Information Security and Cryptology 22, no. 5 (2012): 1039-1055.
  14. Wamala, Frederick. "ITU NATIONAL CYBERSECURITY STRATEGY GUIDE," September 2011. http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-national-cybersecurity-guide.pdf.
  15. Wamala, Frederick. "ITU NATIONAL CYBERSECURITY STRATEGY GUIDE," September 2011. http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-national-cybersecurity-guide.pdf.
  16. Loukas, George. Cyber-Physical Attacks: A Growing Invisible Threat. Butterworth-Heinemann, 2015.
  17. "Cyber Security Strategy Documents", NATO CCDCOE. Accessed May 23, 2016. https://ccdcoe.org/strategies-policies.html.
  18. "National Cyber Security Strategies : Practical Guide on Development and Execution." ENISA, December 2012.
  19. Liveri, Dimitra, Anna Sarri, An Evaluation Framework for National Cyber Security Strategies, ENISA, 2014. http://bookshop.europa.eu/uri?target=EUB:NOTICE:TP0714017:EN:HTML.
  20. "National Cyber Security Strategies : Practical Guide on Development and Execution." ENISA, December 2012.
  21. "Cybersecurity Policy Making at a Turning Point : Analysing a New Generation of National Cybersecurity Strategies for the Internet Economy", OECD, 2012.
  22. "Framework for Improving Critical Infrastructure Cybersecurity." NIST, February 2014.
  23. Demchak, Chris, Jason Kerben, Jennifer McArdle, and Francesca Spidalieri., "CYBER READINESS INDEX 2.0," 2015. http://potomacinstitute.org/images/CRIndex2.0.pdf.
  24. "Recommendation of the Council on the Protection of Critical Information Infrastructures." OECD, June 2008.