인터넷정보학회논문지 (Journal of Internet Computing and Services)

  • 제25권5호
  • /
  • Pages.1-11
  • /
  • 2024
  • /
  • 1598-0170(pISSN)
  • /
  • 2287-1136(eISSN)
한국인터넷정보학회 (Korean Society for Internet Information)
권호 표지
DOI QR코드

DOI QR Code

사이버공격에 의한 임무피해 평가를 위한 모델 구현에 관한 연구

A Study on the Implementation of a Model for Mission Impact Assessment due to Cyber Attacks

  • Yonghyun Kim (Cyber Technology Center, Agency for Defense Development) ;
  • Donghwa Kim (Cyber Technology Center, Agency for Defense Development) ;
  • Donghwan Lee (Cyber Technology Center, Agency for Defense Development) ;
  • Juyoub Kim (Cyber Technology Center, Agency for Defense Development) ;
  • Miyoung Kwon (Cyber Technology Center, Agency for Defense Development) ;
  • Myung Kil Ahn (Cyber Technology Center, Agency for Defense Development)
  • 투고 : 2024.07.10
  • 심사 : 2024.08.09
  • 발행 : 2024.10.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

물리적 자산에 가해진 사이버공격은 해당 자산이 수행하는 임무에 영향을 미친다. 다양한 사이버공격에 대해 자산의 자원이 어떤 영향을 받게 되고, 자산의 영향으로 인해 임무 수행에 피해가 어느 정도인가를 판단하기 위해 M&S(Modeling & Simulation) 기술을 활용할 수 있다. 사이버전에 의한 임무영향 분석 관련 연구는 미국을 중심으로 많이 수행되었다. 기존 연구는 사이버공격이 중요한 임무에 어떤 방식으로, 어느 정도까지 영향을 미치는지를 포착하기 위한 프레임워크와 방법론을 제공하지만, 임무환경과 사이버환경을 표현하는 모델 구축방법과 모델간의 연관관계가 구체적이지 못하다. 이러한 한계를 극복하기 위해 사이버공격과 임무 모델의 모의논리와 모델링에 대한 개발이 필요하다. 또한 자산에서 임무체계까지를 계층별로 분류하고, 계층간 연결관계를 정의한 후 계층간 피해가 전파되는 모델을 개발해야 한다. 본 논문에서는 계층간 종속관계를 이용하여 사이버공격에 의한 임무체계의 피해를 평가할 수 있는 모델의 모의방법과 M&S 기술을 활용하여 사이버전에 의한 임무 피해평가를 위한 모델을 구현하는 방법을 제안하고, 제안한 방법에 따라 구현한 모델을 제시한다. 본 논문에서 제안한 모델은 시범적으로 3종류의 임무체계를 대상으로 검증하였으며, 향후 군의 다양한 임무체계를 대상으로 사이버공격에 의한 임무피해평가를 정량적으로 분석할 것으로 기대된다.

Cyber Attacks on physical asset impacts the missions the asset performs. To determine how the resources of an asset are affected by various cyber attacks and to assess the impact on mission performance due to the asset's condition, modeling & simulation technology can be utilized. Many studies on mission impact analysis due to cyber warfare have been conducted, primarily in the United States. Existing research provides frameworks and methodologies to capture how and to what extent cyber attacks impact critical missions. However, it lacks specificity in the construction of models representing the mission and cyber environment, as well as in the relationships between these models. To overcome these limitations, it is necessary to develop simulation logic and modeling for cyber attacks and mission models. In addition, it is necessary to classify from assets to mission systems by hierarchy, define the connections between the hierarchies, and develop the propagation of damage across these hierarchies. This paper proposes a simulation method for a model that can evaluate mission system damage caused by cyber attacks using inter-hierarchical dependencies, and presents a method for implementing a model for mission impact assessment due to cyber warfare. The model implemented according to the proposed method is also presented. The model proposed in this paper was tested on three types of mission systems as a pilot study. It is expected to quantitatively analyze mission damage assessments due to cyber attacks on various military mission systems in the future.

키워드

과제정보

본 연구는 국방과학연구소 과제(912921301)의 지원을 받아 수행한 논문임

참고문헌

  1. Wansoo Cho, "The Analysis of Evaluation the Impact of Cyber Attacks on Mission Systems," Research Report ADDR-412-220103, Agency for Defense Development, 2022.
  2. Yonghyun Kim, Donghwa Kim, Donghwan Lee, Juyoub Kim, Myung Kil Ahn, "Integrated Scenario Authoring Method using Mission Impact Analysis Tool due to Cyber Attacks," Journal of Internet Computing and Services, Vol. 24, No. 6, pp. 107-117, 2023. https://doi.org/10.7472/jksii.2023.24.6.107
  3. G. Jakobson, "Mission cyber security situation assessment using impact dependency graphs," in 14th International Conference on Information Fusion, IEEE, pp. 1-8, 2011. https://ieeexplore.ieee.org/abstract/document/5977648
  4. X. Sun, A. Singhal, P. Liu, "Towards actionable mission impact assessment in the context of cloud computing," in IFIP Annual Conference on Data and Applications Security and Privacy," Springer, pp. 259-274, 2017. https://doi.org/10.1007/978-3-319-61176-1_14
  5. Salter, C. Saydjari, O. S. Schneider, B., "Toward a Secure System Engineering Methodology," in NSPW'98, Proceedings of the 1998 Workshop on New Security Paradigms, 1998. https://dl.acm.org/doi/pdf/10.1145/310889.310900
  6. Jajodia, S. Noel, S., "Topological Vulnerability Analysis," Cyber Situational Awareness Advances in Information Security, Vol. 46, pp 139-154, 2010. https://doi.org/10.1007/978-1-4419-0140-8_7
  7. S. Musman, A. Temin, M. Tanner, R. Fox, B. Pridemore, "Evaluating the Impact of Cyber Attacks on Missions," in Proceeedings of the 5th International Conference on Information Warfare and Security, Dayton, Ohio, 2010, edited by E. Armistead and E. Cowan, pp. 446-456, 2010.
  8. Alexandre, B., Paulo, C., Michael, H., "Cyber-Argus: Modeling C2 Impacts of Cyber Attacks," 19th ICCRTS-C2 Agility: Lessons Learned from Research and Operations, 2014. https://static1.squarespace.com/static/53bad224e4b013a11d687e40/t/5512e918e4b007aba5c466db/1427302680975/2014-096p.pdf
  9. Kaixing, H., Chunjie, Z., Yu-Chu, T., "Assessing the Physical Impact of Cyberattacks on Industrial CyberPhysical Systems," IEEE Transactions on Industrial Electronics, Vol. 65 Issue 10, pp. 8153-8162, 2018. https://doi.org/10.1109/TIE.2018.2798605
  10. Noel, Steven, et al., "Analyzing mission impacts of cyber actions (AMICA)," INATO IST-128 Workshop on Cyber Attack Detection, Forensics and Attribution for Assessment of Mission Impact, pp. 80-86, 2015. https://apps.dtic.mil/sti/pdfs/AD1000707.pdf#page=86
  11. S. Musman and A. Temin, "A Cyber Mission Impact Assessment Tool," IEEE International Symposium on Technologies for Homeland Security, pp 1-7, 2015. https://doi.org/10.1109/THS.2015.7225283
  12. Melanie Bernier, "Military Activities and Cyber Effects(MACE) Taxonomy," DefenceR&D Canada, 2013.
  13. K. C. Kapur and L. Lamberson, Reliability in engineering design, New York, 1977
  14. Yonghyun Kim, Donghwa Kim, Donghwan Lee, Juyoub Kim, Miyoung Kwon, Myungkil Ahn, "Implementation of Mission Damage Assessment Model due to Cyber Attacks," 2024 Korea Society Internet Information Spring Conference, pp. 103-104, 2024.