• Title/Summary/Keyword: 산업제어시스템보안

Search Result 170, Processing Time 0.029 seconds

인터뷰-심종현 유넷시스템 사장

  • Korean Associaton of Information & Telecommunication
    • 정보화사회
    • /
    • s.189
    • /
    • pp.16-17
    • /
    • 2007
  • '정보보호 사업 2기 시대'를 선언하면서 야심차게 차세대 보안 솔루션을 주력으로 사업에 진출한 유넷시스템. 삼성그룹 계열사인 시큐아이닷컴에서 분사해 지난 2003년 법인 설립 5년 만에 가장 떠오르는 분야로 지목되고 있는 네트워크접근제어(NAC),유.무선 통합인증 시장에서 외산 제품과 경쟁하며 국산 솔루션으로는 보기 드물게 두각을 나타내고 있다. 특히, 유넷시스템의 NAC제품인 '애니클릭 NAC'은 금호생명, 롯데그룹, 보라매병원, 신한은행 등 16군데에 공급되면서 이 시장에서 선두를 달리고 있는 상황이다. 또, 최근 무선랜 보안 시장이 확산될 분위기가 한창 조성되고 있어 유.무선 통합인증 시장 공략에도 박차를 가하고 있다 뿐만 아니라 내년에는 홈네트워크 보안 시장에도 진출할 계획이어서, 무선 네트워크 관련 사업 범위를 크게 확장할 예정이다.

  • PDF

Anomaly Detection Using Visualization-based Network Forensics (비정상행위 탐지를 위한 시각화 기반 네트워크 포렌식)

  • Jo, Woo-yeon;Kim, Myung-jong;Park, Keun-ho;Hong, Man-pyo;Kwak, Jin;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.25-38
    • /
    • 2017
  • Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

A Study on Application Methodology of SPDL Based on IEC 62443 Applicable to SME Environment (중소기업환경에서 적용 가능한 IEC 62443 기반의 개발 보안 생애주기 프로세스 적용 방안 연구)

  • Jin, Jung Ha;Park, SangSeon;Kim, Jun Tae;Han, Keunhee
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.11 no.6
    • /
    • pp.193-204
    • /
    • 2022
  • In a smart factory environment in a small and medium-sized enterprise (SME) environment, sensors and actuators operating on actual manufacturing lines, programmable logic controllers (PLCs) to manage them, human-machine interface (HMI) to control and manage such PLCs, and consists of operational technology server to manage PLCs and HMI again. PLC and HMI, which are in charge of control automation, perform direct connection with OT servers, application systems for factory operation, robots for on-site automation, and production facilities, so the development of security technology in a smart factory environment is demanded. However, smart factories in the SME environment are often composed of systems that used to operate in closed environments in the past, so there exist a vulnerable part to security in the current environment where they operate in conjunction with the outside through the Internet. In order to achieve the internalization of smart factory security in this SME environment, it is necessary to establish a process according to the IEC 62443-4-1 Secure Product Development Life cycle at the stage of smart factory SW and HW development. In addition, it is necessary to introduce a suitable development methodology that considers IEC 62443-4-2 Component security requirements and IEC 62443-3 System security requirements. Therefore, this paper proposes an application plan for the IEC 62443 based development security process to provide security internalization to smart factories in an SME environment.

Abnormal Detection for Industrial Control Systems Using Ensemble Recurrent Neural Networks Model (산업제어시스템에서 앙상블 순환신경망 모델을 이용한 비정상 탐지)

  • Kim, HyoSeok;Kim, Yong-Min
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.3
    • /
    • pp.401-410
    • /
    • 2021
  • Recently, as cyber attacks targeting industrial control systems increase, various studies are being conducted on the detection of abnormalities in industrial processes. Considering that the industrial process is deterministic and regular, It is appropriate to determine abnormality by comparing the predicted value of the detection model from which normal data is trained and the actual value. In this paper, HAI Datasets 20.07 and 21.03 are used. In addition, an ensemble model is created by combining models that have applied different time steps to Gated Recurrent Units. Then, the detection performance of the single model and the ensemble recurrent neural networks model were compared through various performance evaluation analysis, and It was confirmed that the proposed model is more suitable for abnormal detection in industrial control systems.

A Development of Cipher Device based on Embedded Linux for Serial Communication in SCADA (임베디드 리눅스 기반의 SCADA 직렬통신 구간 암호화 장치 개발)

  • Lee, Jong-Joo;Kim, Seog-Joo;Kang, Dong-Joo
    • Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
    • /
    • v.24 no.4
    • /
    • pp.25-32
    • /
    • 2010
  • The Supervisory Control and Data Acquisition Systems (SCADA) system provides monitoring, data gathering, analysis, and control of the equipment used to manage most infrastructure. The SCADA Network is implemented in a various manner for larger utilities, and multiple types of protocol and communication interfaces are used to network the control center to remote sites. The existing SCADA equipment and protocols were designed and implemented with availability and efficiency, and as a result security was not a consideration. So, performance, reliability, flexibility and safety of SCADA systems are robust, while the security of these systems is often weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to the infrastructure. To reduce the risks, therefore, there is a need to have a security device such as cipher devices or cryptographic modules for security solutions. In this paper we develop an embedded cipher device for the SCADA equipment. This paper presents a cipher device designed to improve the security of its networks, especially in the serial communication.

Convergence-based Smart Factory Security Threats and Response Trends (융합 기반 스마트공장 보안의 위협과 대응 동향)

  • Hoh, Jin;Jung, Chul Yong
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.11
    • /
    • pp.29-35
    • /
    • 2017
  • The fourth industrial revolution and so on, the manufacturing environment is based on the latest IT technology, and ICT-based convergence that links with various industrial fields is actively proceeding. For this reason, convergence security based on changing environment in the field of security is emerging as a new issue, and various demands for convergence security are increasing. Such changes in the industrial environment not only provide advantages of convergence environment, but also cause various fusion and complex security problems. In particular, the government is actively promoting policies to build 10,000 smart plants by 2020, and has implemented projects to build 2,800 smart plants from 2014 to 2016. Therefore, we will examine the security threats and countermeasures against smart factories that are being built on the basis of ICT rather than the existing closed type.

Study on defense countermeasures against Webshell attacks of the Industrial Information System (산업정보시스템의 웹쉘공격에 대한 방어 대응책 연구)

  • Hong, Sunghyuck
    • Journal of Industrial Convergence
    • /
    • v.16 no.4
    • /
    • pp.47-52
    • /
    • 2018
  • WebShell is a web script file created by a hacker to remotely commands to a web server. The hacker can bypass the security system using the web shell, access the system, control the system such as file modification, copying and deletion, install malicious code in the web source code, attack the user's PC, And so on. There are many types of WebShell attack, but we study about attacks on PHP and JSP based web server which are used as representative ones. And we propose the method of web page management, method of development, and several other methods. By using these countermeasures, it is possible to effectively prevent damage caused by WebShell attacks.

A Mobile Platform System based on SBC (SBC 기반 차세대 이동형 단말기 개발)

  • Lee, Seung-Ik
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.14 no.4
    • /
    • pp.30-36
    • /
    • 2009
  • In this paper, we develop the next generation mobile system based on SBC(Server Based Computing). SBC is one of the popular topic and only one server system is used as multiple personal systems with a terminal, a monitor and a keyboard. The advantages of this system are easy-upgrade, low costs and convenience for each user. But it is difficult to design and manufacture the multimedia streaming system and devices control system for external devices. In this paper, we represent and develops the Mobile system based on SBC and the test performances shows that our system has good performances of multimedia system and security for internet.

A Study on the Method of Vulnerability Analysis of Critical Infrastructure Facilities (공개 데이터를 활용한 제어시스템 취약점 분석 방안 연구)

  • Shin, Mi-joo;Yoon, Seong-su;Euom, Ieck-chae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.243-253
    • /
    • 2022
  • Recently, cyber attacks on national infrastructure facilities have continued to occur. As a result, the vulnerabilities of ICS-CERTs have more than doubled from last year, and the vulnerabilities to industrial control systems such as nuclear facilities are increasing day by day. Most control system operators formulate vulnerability countermeasures based on the vulnerability information sources of industrial control systems provided by ICS-CERT in the United States. However, it is difficult to apply this to the security of domestic control systems because ICS-CERT does not contain all relevant vulnerability information and does not provide vulnerabilities to domestic manufacturer's products. In this research, we will utilize publicly available vulnerability-related information such as CVE, CWE, ICS-CERT, and CPE to discover vulnerabilities that may exist in control system assets and may occur in the future. I proposed a plan that can predict possible vulnerabilities and applied it to information on major domestic control systems.

Artificial Intelligence for Autonomous Ship: Potential Cyber Threats and Security (자율 운항 선박의 인공지능: 잠재적 사이버 위협과 보안)

  • Yoo, Ji-Woon;Jo, Yong-Hyun;Cha, Young-Kyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.447-463
    • /
    • 2022
  • Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.