Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지

Definition of aggressive response scale through quantitative evaluation of cyber attack

사이버공격의 정량적 피해평가를 통한 공세적 대응규모 산정

  • Received : 2017.09.05
  • Accepted : 2017.10.29
  • Published : 2017.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Various cyber attacks against our society and the government are continuing, and cases and damages are reported from time to time. And the area of cyber attack is not limited to cyberspace, but it is expanding into physical domain and affecting it. In the military arena, we have established and implemented the principle of responding proportionally to enemy physical attacks. This proportionality principle is also required in the version where the region is expanding. In order to apply it, it is necessary to have a quantitative and qualitative countermeasure against cyber attack. However, due to the nature of cyber attacks, it is not easy to assess the damage accurately and it is difficult to respond to the proportionality principle and the proportional nature. In this study, we calculated the damage scale by quantitatively and qualitatively evaluating the cyber attack damage using the Gorden-Lobe model and the security scoring technique based on the scenario. It is expected that the calculated results will be provided as appropriate level and criterion to counteract cyber attack.

우리사회와 정부에 대한 다양한 사이버 공격이 지속적으로 이루어지고 있으며 수시로 그 사례 및 피해가 발표되고 있다. 그리고 사이버공격의 영역 또한 사이버공간에 국한되는 것이 아니라 물리적 영역으로 확대되어 영향을 미치고 있다. 군사적 영역에서는 적의 물리적 공격에 대해 비례성을 갖고 대응한다는 원칙을 수립하고 시행하고 있다. 영역이 확대되고 있는 사이버전에서도 이러한 비례성 원칙이 필요할 것으로 판단되며, 실제 적용하기 위해서는 사이버공격에 대한 정량적, 정성적 대응기준을 가지고 있어야 할 것이다. 그러나 사이버공격의 특성상 정확한 피해평가가 쉽지 않아 비례성이 모호하며 비례성 원칙으로 대응하는 것도 어려울 것이다. 이에 본 연구에서는 시나리오를 기반으로 사이버공격이 조직이나 시스템에 미치는 영향을 Gorden-Lobe 모델과 시큐리티 스코어링 기법을 이용하여, 사이버 공격 피해를 정량적 정성적으로 평가하여 피해규모를 산출하였다. 산출된 결과는 사이버공격에 대한 공세적으로 대응하기 위한 적절한 수준과 기준으로 제공할 것으로 기대한다.

Keywords

References

  1. KISA, "Special Report of WannaCry Analysis", pp80-85, 2017.
  2. Sysmantec, "WannaCry : Ransomware attacks show strong links to Lazarus group", https://www.symantec.com/, 2017.
  3. Richard B. Andres, "The Emerging Structure of Strategic Cyber Offense, Cyber Defense, and Cyber Deterrence," in Derek S. Reveron (ed.) Cyber space and National Security : Threats, Opportunities, and Power in a Virtual World, Washington DC : Georgetown University Press, 2012.
  4. Jeffrey Hunker, Bob Hutchinson, and Jonathan Margulies, "Role and Challenges for Sufficient Cyber-Attack Attribution," Dartmouth College : Institute for Information Infrastructure Protection, January 2008.
  5. Hyo-young Lim, Wan-ju Kim, Hong-jun Noh, Jae-sung Lim. "Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups". Journal of KICS, 42(1), 193-204. 2017 https://doi.org/10.7840/kics.2017.42.1.193
  6. Wanju Kim, Changwook Park, Soojin Lee, Jaesung Lim, "Methods for Classification and Attack Prediction of Attack Groups based on Framework of Cyber Defense Operations", Journal of KIISE : Computing Practices and Letters 20(6), pp. 317-328, Jun. 2014.
  7. KISA, "Cyber Threat Trend in 2016 and 7 Cyber Threat Forecasts in 2017", 2017.
  8. Gordon, Lawrence A, and Martin P. Loeb. "The economics of information security investment.", ACM Transactions on Information and System Security (TISSEC) 5.4, pp438-457, 2002. https://doi.org/10.1145/581271.581274
  9. Wansoo Cho, Taekyu Kim, Yonghyun Kim. "Modeling and Simulation of Cyber Damage Assessment for Cyber Warfare Effectiveness Analysis", Proceedings of Spring Conference of KIIE, pp 3119-3125. 2016.
  10. Yoon Jong-Sung et al., "Influence Indicator Research and Development Trend Analysis Report", ADD, ADDR-525-150921, 2015.
  11. Kim Tae-Kyu et al.. "Research on Matrix of Measurement of Effectiveness(MOEs) and Measurement of Performance(MOPs) for Cyber Threat and Defense Behavior on Cyberwarfare Simulation", Proceedings of Spring Conference of KIIE, pp3114-3118. 2016.
  12. Danyliw, Roman, Jan Meijer, and Yuri Demchenko. "The incident object description exchange format." 2007.
  13. Ostler, Ryan. "Defensive cyber battle damage assessment through attack methodology modeling", Air Force Inst of Tech Wright-patterson AFB of Graduate School of Engineering and Management, 2011.
  14. Denning, D. "Assessing Cyber War. Assessing War: The Challenge of Measuring Success and Failure", Blanken, L., Ed, 266-284. 2015
  15. Kotenko, Igor, and Andrey Chechulin. "A cyber attack modeling and impact assessment framework.", Cyber Conflict (CyCon), 2013 5th International Conference on. IEEE, 2013.
  16. OWASP, "The OWASP Risk Rating Methodology", https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology, 2017
  17. FIRST, "Common Vulnerability Scoring System Version 3.0 Calculator", https://www.first.org/cvss/calculator/3.0, 2017
  18. Jong-in Lim et al., Korea Univ., "Research on development of cyber threat scenarios and countermeasures", 2014.
  19. 국방부, 국방부훈령 제1057호(국가 중요시설 지정 및 방호 훈령), 2009.
  20. NIST, "Special Publication 800-30, Risk Management Guide for Information Technology Systems", July 2002.