• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.314-324
• /
• 2010

As our nation's economy had grown in size and its possession of the cutting-edge science and technology had increased over the years, the damages received from the outflow of our industrial technology has become a serious issue. As of today, the outflow of Korea's industrial technology has reached a serious level, but in reality there were no adequate countermeasures carried out against it. Also, it is not too much to say that the effort to prevent the outflow of the university-developed industrial technology, which is one of the main pillars for the development of the nation's technological prowess, had been carried out in passive and lukewarm manner. Therefore, as a part of the industrial security activity, we have analyzed the overall situation and major cases related to industrial security activities that have been carried out so far, in order to emphasize the importance of those universities. Also, we tried to find appropriate solutions for the universities to invigorate the industrial security activities needed.

• Journal of Digital Contents Society
• /
• v.18 no.5
• /
• pp.1001-1008
• /
• 2017

Because cyber attacks on industrial control systems can lead to massive financial loss or loss of lives, the standardization and the research on cyber security of industrial control systems are actively under way. As a related system, the industrial control system of social infrastructures must be equipped with the verified cryptographic module according to the e-government law and appropriate security control should be implemented in accordance with the security requirements of the industrial control system. However, the industrial control system consisting of the operation layer, the control layer, and the field device layer may cause a problem in performing the main function in each layer due to the security control implementation. In this paper, we propose things to check when performing security control in accordance with the security control requirements for each layer of the industrial control system and proper application.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.369-376
• /
• 2019

This paper studies desirable form of future e-government in terms of intelligent government research in response to new intelligent cyber security services in the fourth industrial revolution. Also, the strategic planning of the future e-government has been contemplated in terms of the centralization and intellectualization which are significant characteristics of the fourth industrial revolution. The new system construction which is applied with security analysis technology using big data through advanced relationship analysis is suggested in the paper. The establishment of the system, such as SIEM(Security Information & Event Management), which anticipatively detects security threat by using log information through big data analysis is suggested in the paper. Once the suggested system is materialized, it will be possible to expand big data object, allow centralization in terms of e-government security in the fourth industrial revolution, boost data process, speed and follow-up response, which allows the system to function anticipatively.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.15-32
• /
• 2020

Increasing uncertainties in the technological innovation environment and increasing technology competition also present new challenges in terms of industrial technology security. Therefore, the purpose of this study was to identify the direction of policy change necessary for the improvement of related policies in the future by examining the importance and implementation of the government's industrial technology security support policies for small and medium-sized enterprises engaged in industrial technology innovation activities. As a result of the analysis, first of all, small and medium-sized enterprises that responded to the government's industrial technology security support policy were perceived to be less performing than the importance of the program. These results can be said to mean that selective budget expansion for related policy programs may be necessary, along with efforts to improve the quality of each program. Second, an analysis of the differences in group recognition between new technology certification firms and industrial technology verification(certification) companies showed that significant differences exist between groups for the program. These results suggest that more effective operation of the relevant policies may require policy enforcement in consideration of the level of security and will of each company in industrial technology, as much as the quantitative characteristics of the entity. This study is meaningful in providing the necessary policy directional basic information for the design and execution of more specific and effective industrial technology security policies by presenting empirical research results that domestic small and medium-sized enterprises are aware of about the government's industrial technology security policies.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.57-68
• /
• 2022

As the importance and awareness of security have recently expanded, companies and governments are making continuous efforts and investments for security management. However, there are still many security threats in the organization, especially security incidents caused by internal staff. Therefore, it is very important for members to comply with security policies for organizational security management. Therefore, this study classified industrial security management into technical security, physical security, and managerial security, and applied the theory of planned behavior to investigate the impact relationship on the intention to comply with security policies. SPSS 25 and AMOS 25 were used for statistical analysis, and the study found that technical security had a positive(+) effect on subjective norms, physical security had a positive(+) effect on perceived behavior control, and attitude and perceived behavior control had a positive(+) effect on security policy compliance intention.

• Proceedings of the Korea Technology Innovation Society Conference
• /
• 2017.05a
• /
• pp.95-99
• /
• 2017

초연결사회(Hyper-connected society)인 제4차 산업혁명시대는 사람과 과학기술의 융합이 필수적인 상황이다. 이러한 변화에 선제적으로 대응하기 위해서는 산업기술보호의 패러다임의 변화가 필요한 시점이다. 이는 국가 사회가 융 복합적으로 적정한 비용을 투자하여 총체적 위험관리를 수행하여야 하며 그 핵심은 산업기술보호 전문인력 양성과 관리를 강화하는 것이다. 이에 따라 본 연구에서는 산업기술보호 전문인력 양성관련 현황을 진단하고 앞으로 개선해야할 점에 대해 각 분야 전문가들의 심층 토론을 통해서 시사점을 도출하고자 한다.

• Journal of Advanced Navigation Technology
• /
• v.17 no.1
• /
• pp.123-131
• /
• 2013

If Industrial state-of-the-art technology that made through IT convergence should be to build safely environment that can protect then IT technology and manufacturing industry become convergence and a growth engine become stable positioning. In each industry, there has been a steady effort for the industrial security. However, they introduced only managerial/technical/physical countermeasures. Therefore, it is difficult to find a reference point as industrial security necessity, protecting coverage and things and so on. It is to lack that academic research in industrial security for protecting industrial technology. In detail, a clear definition lack for industrial security. And target range classification lack for industrial security studies. In this study, we redefined the concept of industry security through previous studies. Academic classification designed industrial security studies through delphi method. we analyzed industry security trends based industrial security studies classification and presented domestic industry research orientations.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.284-287
• /
• 2021

4차 산업혁명으로 인해 제조산업에 인공지능, 빅데이터와 같은 ICT 기술을 활용한 스마트팩토리의 제조 공정 자동화 및 장치 고도화 연구가 진행되고 있다. 제조 공정 자동화를 위해 스마트팩토리의 각 계층별 장치들이 유기적으로 연결되고 있으며, 이로 인해 발생 가능한 보안위협도 증가하고 있다. 스마트팩토리에서는 SIEM 등의 장비가 보안위협 데이터를 수집·분석·시각화하여 대응하고 있다. 보안위협 데이터 시각화에는 그리드 뷰, 피벗 뷰, 그래프, 차트, 테이블을 활용한 대시보드 형태로 제공하고 있지만, 이는 스마트팩토리 전 계층의 보안위협 데이터 확인에 대한 가시성이 부족하다. 따라서, 본 논문에서는 스마트팩토리 보안위협 데이터를 CVSS 점수 기반의 Likelihood와 보안위협 데이터 기반의 Impact를 활용하여 위험도를 도출하고, 히트맵 기반 스마트팩토리 보안위협 데이터 시각화 모델을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.