• Journal of Information Technology Services
• /
• v.22 no.4
• /
• pp.21-35
• /
• 2023

Software as Medical Devices (SaMD) is a growing category of medical devices that are composed of software to perform one or more medical purposes. SaMD is less likely to cause physical harm compared to conventional medical devices, particularly medical electrical equipments, and may be more vulnerable to privacy issues. This difference was acknowledged and resulted in introducing new regulation guidance specifically for cybersecurity of SaMD. It guides stakeholders of SaMD what to consider in what context in terms of cybersecurity. This study examines the current guidance of how cybersecurity is considered for SaMD by analyzing current medical device standards, then suggest which concept or details beyond current medical device standards may be applicable through analysis of international standards documents published for software in general.

• Journal of Navigation and Port Research
• /
• v.47 no.2
• /
• pp.57-65
• /
• 2023

In 2017, the International Maritime Organization (IMO) adopted MSC.428 (98), which recommends establishing a cyber-risk management system in Ship Safety Management Systems (SMSs) from January 2021. The 27th International Association of Marine Aids to Navigation and Lighthouse Authorities (IALA) also discussed prioritizing cyber-security (cyber-risk management) in developing systems to support Maritime Autonomous Surface Ship (MASS) operations (IALA guideline on developments in maritime autonomous surface ships). In response to these international discussions, Korea initiated the Korea Autonomous Surface Ship technology development project (KASS project) in 2020. Korea has been carrying out detailed tasks for cybersecurity technology development since 2021. This paper outlines the basic concept of ship network security equipment for supporting MASS ship operation in detailed task of cybersecurity technology development and defines ship network security equipment interface for MASS ship applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1167-1187
• /
• 2020

We are facing the situation where cyber threats such as hacking, malware, data leakage, and theft, become an important issue in the perspective of personal daily life, business, and national security. Although various efforts are being made to response to the cyber threats in the national and industrial sectors, the problems such as the industry-academia skill-gap, shortage of cybersecurity professionals are still serious. Thus, in order to overcome the skill-gap and shortage problems, we propose a Cybersecurity technical response Job Competency(CtrJC) framework by adopting the concept of cybersecurity personnel's job competency. As a sample use-case study, we implement the CtrJC against to personals who are charged in realtime cybersecurity response, which is an important job at the national and organization level, and verify the our framework's effects. We implement a sample model, which is a CtrJC against to realtime cyber threats (We call it as CtrJC-R), and study the verification and validation of the implemented model.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• Convergence Security Journal
• /
• v.22 no.3
• /
• pp.19-24
• /
• 2022

Metaverse is a compound word of the English words 'meta', meaning 'virtual' and 'transcendence', and 'universe' meaning the universe. dimensional virtual world. Metaverse is a concept that has evolved one step further than virtual reality (VR, a cutting-edge technology that enables people to experience life-like experiences in a virtual world created by a computer). It has the characteristic of being able to engage in social and cultural activities similar to reality. However, there are many security issues related to this, and cybersecurity vulnerabilities may occur. This paper analyzes cybersecurity threats that may occur in the metaverse environment and checks vulnerabilities.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2021.11a
• /
• pp.72-73
• /
• 2021

As discussions of the International Maritime Organization for the introduction of the Marine Autonomous Surface Ship (MASS) began in earnest, discussions were conducted to prioritize cybersecurity (Cyber Risk Management) when developing a system to support MASS operation at the 27th ENAV Committee Working Group (WG2). Korea launched a technology development project for autonomous ships in 2020, and has been promoting detailed tasks for cybersecurity technology development since 2021. MASS operation in a digital maritime communication system environment requires network security of various digital equipment that was not considered in the existing maritime communication environment. This study introduces the basic concept of network security equipment to support MASS operation in the detailed task of cybersecurity technology development, and defines the network security equipment interface for MASS ship application in the basic stage.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.73-83
• /
• 2021

The information space, the main components of which are information resources, means of information interaction, and information infrastructure, is a sphere of modern social life in which information communications play a leading role. The objective process is the gradual but stable entry of the national information space into the European and world information sphere, in the context of which there is a legitimate question of its protection as one of the components of the national security of Ukraine. However, the implementation of this issue in practice immediately faces the need to respect the rights and fundamental freedoms guaranteed by international regulations and the Constitution of Ukraine, especially in the field of cybersecurity. The peculiarity of the modern economy is related to its informational nature, which affects the sharp increase in cyber incidents in the field of information security, which is widespread and threatening and affects a wide range of private, corporate, and public interests. The problem of forming an effective information security system is exacerbated by the spread of cybercrime as a leading threat to information security both in Ukraine and around the world. The purpose of this study is to analyze the state of cybersecurity and on this basis to identify new areas of the fight against cybercrime in Ukraine. Methods: the study is based on an extensive regulatory framework, which primarily consists of regulatory acts of Ukraine. The main methods were inductions and deductions, generalizations, statistical, comparative, and system-structural analysis, grouping, descriptive statistics, interstate comparisons, and graphical methods. Results. It is noted that a very important component of Ukraine's national security is the concept of "information terrorism", which includes cyberterrorism and media terrorism that will require its introduction into the law. An assessment of the state of cybersecurity in Ukraine is given. Based on the trend analysis, further growth of cybercrimes was predicted, and ABC analysis showed the existence of problems in the field of security of payment systems. Insufficient accounting of cybercrime and the absence in the current legislation of all relevant components of cybersecurity does not allow the definition of a holistic system of counteraction. Therefore, the proposed new legal norms in the field of information security take into account modern research in the field of promising areas of information technology development and the latest algorithms for creating media content.

• Journal of Advanced Navigation Technology
• /
• v.21 no.6
• /
• pp.633-637
• /
• 2017

Cyber attacks on aircraft and aeronautical networks are not much different from cyber attacks commonly found in the ground industry. Air traffic management infrastructure is being transformed into a digital infrastructure to secure air traffic. A wide variety of communication environments, information and communications, navigation, surveillance and inflight entertainment systems are increasingly threatening the threat posed by cyber terrorism threats. The emergence of unmanned aircraft systems also poses an uncontrollable risk with cyber terrorism. We have analyzed cyber security standards and response strategies in developed countries by recognizing the vulnerability of cyber threats to aircraft systems and aviation infrastructure in next generation data network systems. We discussed comprehensive measures for cybersecurity policies to consider in the domestic aviation environment, and discussed the concept of security environment and quick response strategies.

• Journal of The Korean Association of Information Education
• /
• v.24 no.2
• /
• pp.189-199
• /
• 2020

This study aims to emphasize the necessity of strengthening the information subject through the introduction of a new concept of rights called 'digital environmental rights' and proposes an improvement in the educational composition model of the information culture section in the information subject. Through the introduction of the concept of digital environmental rights, we intend to provide a logical basis for making the information subject a required subject. In addition, we intend to enhance the competencies required for living in a digital environment by improving the structure of the information culture section in the information subject. As a study on this, the logic of the concept of rights required in the digital environment is analyzed and the concept of digital environmental rights applied to it is established. Furthermore, by analyzing relevant curricula in major countries, including the United States, Australia, and Japan, which provide the main basis for digital environmental rights, an improvement plan for the educational composition in the information and culture education sector is formulated. The results of the study are as follows: First, digital environment rights are 'rights to enjoy a pleasant and safe digital environment'. Second, the components of digital environmental rights include rights for the environment (cyberethics), rights of the environment (cybersafety), and rights about the environment (cybersecurity). Third, in the major countries studied various educational structures are being implemented with regard to information-related education contents on the digital citizenship, code ethics, and new technology security.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.12
• /
• pp.387-402
• /
• 2020

Conventional automotive development has mainly focused on ensuring correctness and safety and security has been relatively neglected. However, as the number of automotive hacking cases has increased due to the increased Internet connectivity of automobiles, international organizations such as the United Nations Economic Commission for Europe(UNECE) are preparing cybersecurity regulations to ensure security for automotive development. As with other IT products, automotive cybersecurity regulation also emphasize the concept of "Security by Design", which considers security from the beginning of development. In particular, since automotive development has a long lifecycle and complex supply chain, it is very difficult to change the architecture after development, and thus Security by Design is much more important than existing IT products. The problem, however, is that no specific methodology for Security by Design has been proposed on automotive development process. This paper, therefore, proposes a specific methodology for Security by Design on Automotive development. Through this methodology, automotive manufacturers can simultaneously consider aspects of functional safety, and security in automotive development process, and will also be able to respond to the upcoming certification of UNECE automotive cybersecurity regulations.