DOI QR코드

DOI QR Code

Sharing the Cyber Threat Intelligence on Cyber Crises: The Appropriate Role of the National Intelligence Agency

사이버위기에 대응하기 위한 국가정보기관의 사이버위협정보 공유 역할에 대한 고찰

  • Kim, Daegeon (Center for Information Security Technologies, Korea University) ;
  • Baek, Seungsoo (Center for Information Security Technologies, Korea University) ;
  • Yoo, Donghee (Dept. of Management Information Systems, Gyeongsang National University)
  • 김대건 (고려대학교 정보보호대학원) ;
  • 백승수 (고려대학교 정보보호대학원) ;
  • 유동희 (경상대학교 경영정보학과)
  • Received : 2017.04.05
  • Accepted : 2017.06.20
  • Published : 2017.06.28

Abstract

The role of government is to defend its lands and people from enemies. The range of that defense has now extended into the cyber domain, regarded as the fourth domain of the conventional defense domains (i.e., land, sea, sky, and universe). Traditionally, a government's intelligence power overrides that of its civilians, and government is exclusively responsible for defense. However, it is difficult for government to take the initiative to defend in the cyber domain because civilians already have a greater means for collecting information, which is known as being "intelligence inverse" in the cyber domain. To this end, we first define the intelligence inverse phenomenon and then analyze its main features. Then we investigate foreign countries' efforts to overcome the phenomenon and look at the current domestic situation. Based on these results, we describe the appropriate role of the National Intelligence Agency to handle cyber threats and offer a cyber threat intelligence model to share with civilians to help protect against these threats. Using the proposed model, we propose that the National Intelligence Agency should establish a base system that will respond to cyber threats more effectively.

국가는 전통적으로 국토를 방위하고 국민의 생명과 재산을 보호하는 사명을 가지고 있으며, 이러한 방위의 범위는 지상, 공중, 바다, 우주에 이어 제5의 영역인 사이버 영역을 포함한다. 사이버 영역으로 국가 방위의 범위가 확대 되었지만, 사이버 영역에 있어서는 국가보다는 민간이 더 많은 사이버 관련 출처와 수집수단을 보유하는 정보역전 현상 때문에 정부 주도의 사이버 영역 방위에 어려움을 겪고 있다. 이를 해결하기 위해, 본 논문에서는 먼저 사이버위협정보를 정의하고 그 특성을 분석하였다. 다음으로 정보역전 현상을 극복하기 위한 각국의 노력과 우리나라의 현 주소를 조사하였고, 그 결과를 바탕으로 정부 주도의 사이버 방위를 위한 국가정보기관의 역할과 사이버위협정보의 민간 공유 모델을 제안하였다. 제안된 모델을 국가정보기관에서 활용한다면 사이버위기에 보다 효과적으로 대응할 수 있는 기반 체계가 마련될 것을 기대해 볼 수 있다.

Keywords

References

  1. H. Rha and H. Chung, "A Theoretical Comparative Study of Human Resource Security Based on Korean and Int'l Information Security Management Systems," Journal of Convergence for Information Technology, Vol. 6, No. 3, pp. 13-19, 2016. https://doi.org/10.22156/CS4SMB.2016.6.3.013
  2. M. Gu and Y. Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code," Journal of Convergence for Information Technology, Vol. 5, No. 4, pp. 37-42, 2015. https://doi.org/10.14801/jaitc.2015.5.2.37
  3. D. T. Kuehl, "From cyberspace to cyberpower: Defining the problem," In F. Kramer, S. Starr, & L. K. Wentz (Eds.), Cyberpower and national security, pp. 24-42, Washington, DC: National Defense University Press, 2009.
  4. K. Lee, "Cyber security strategies for world and security policy direction for Korea - focused on U.S.A.," ICT & Media Policy, Vol. 23, No. 16, pp. 1-27, 2011.
  5. O. S. Saydjari, "Cyber Defense: Art to Science," Communications of the ACM, Vol. 47, No. 3, pp. 53-57, 2004.
  6. T. Ring, "Threat intelligence: why people don't share," Computer Fraud and Security, Vol. 2014, No. 3, pp. 5-9, 2014. https://doi.org/10.1016/S1361-3723(14)70469-5
  7. R. McMillan, "Definition: Threat intelligence," Gartner, 2013, https://www.gartner.com/doc/2487216/definition-threat-intelligence
  8. Joint Chief of Staff, Joint Publication 2-0, Joint Intelligence, US DoD, 2013, http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf
  9. P. Duvenage and S. Solms, "Putting Counterintelligence in Cyber Counterintelligence: Back to the Future," In proceedings of 13th European Conference on Cyber Warfare and Security, Piraeus, Greece, July, 2014.
  10. J. Verble, "The NSA and Edward Snowden: surveillance in the 21st century," ACM SIGCAS Computers and Society, Vol. 44, No. 3, pp. 14-20, 2014. https://doi.org/10.1145/2684097.2684101
  11. National Security Agency, XKeyscore: NSA tool collects 'nearly everything a user does on the internet', 2008, https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data
  12. National Security Agency, Peeling back the layers of Tor with EgotisticalGiraffe, 2007, https://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
  13. Congress.gov, H.R.234 - Cyber Intelligence Sharing and Protection Act, 114th Congress, 2015, https://www.congress.gov/bill/114th-congress/house-bill/234
  14. Congress.gov, S.754 - Cybersecurity Information Sharing Act of 2015, 114th Congress, 2015. https://www.congress.gov/bill/114th-congress/senatebill/754
  15. C. Johnson, L. Badger, D. Waltermire, J. Snyder, and C. Skorupka, "Guide to cyber threat information sharing," Technical report, NIST, 2016.
  16. Information-Technology Promotion Agency, Initiative for cyber security information sharing partnership of Japan (J-CSIP), Annual Activity Report FY2012, https://www.ipa.go.jp/files/0000 32417.pdf
  17. NATO Cooperative Cyber Defence Centre of Excellence, https://ccdcoe.org/
  18. European Union Agency for Network and Information Security, https://www.enisa.europa.eu/
  19. National Assembly, National Cyber Security Management Act, 2005.
  20. Korea Communications Commission, Compre-hensive National Cyber Crisis Plan, 2009.
  21. Ministry of Science, ICT and Future Planning, Comprehensive National Cyber Security Plan, 2013.
  22. National Assembly, Legislative Bill for Cyber Threat Intelligence Sharing, 2015.
  23. National Assembly, Korea Ministry of Government Legislation, Legislative Bill for National Cyber Terror Prevention, 2016.
  24. National Assembly, Legislative Notice: AFundamental Law for the National Cyber Security, 2016.
  25. J. Kim, "National information security agenda and policies," Journal of Digital Convergence, Vol. 10, No. 1, pp. 105-111, 2012.
  26. K. Lee, "Analysis of Threats Factor in IT Convergence Security," Journal of the Korea Convergence Society, Vol. 1, No. 1, pp. 49-55, 2010.
  27. H. Lee, O. Na, S. Sung, and H. Chang, "A Design on Security Governance Framework for Industry Convergence Environment," Journal of the Korea Convergence Society, Vol. 6, No. 4, pp. 33-40, 2015. https://doi.org/10.15207/JKCS.2015.6.4.033