• Journal of Navigation and Port Research
• /
• v.47 no.2
• /
• pp.57-65
• /
• 2023

In 2017, the International Maritime Organization (IMO) adopted MSC.428 (98), which recommends establishing a cyber-risk management system in Ship Safety Management Systems (SMSs) from January 2021. The 27th International Association of Marine Aids to Navigation and Lighthouse Authorities (IALA) also discussed prioritizing cyber-security (cyber-risk management) in developing systems to support Maritime Autonomous Surface Ship (MASS) operations (IALA guideline on developments in maritime autonomous surface ships). In response to these international discussions, Korea initiated the Korea Autonomous Surface Ship technology development project (KASS project) in 2020. Korea has been carrying out detailed tasks for cybersecurity technology development since 2021. This paper outlines the basic concept of ship network security equipment for supporting MASS ship operation in detailed task of cybersecurity technology development and defines ship network security equipment interface for MASS ship applications.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.4
• /
• pp.59-69
• /
• 2016

We proposed a specialized model of performance measurement to measure the training performance of the trainees in cyber practical training. Cyber security professionals are cultivating their expertise, skills, and competencies through cyber practical training in specialized education and training institutions. The our proposed process of trainee evaluation is consisted of an evaluation component discovery, evaluation item selection, evaluation index catalog, ratings and criteria decision, and calculation formula. The trainee evaluation is consisted of a formative evaluation during the training and an overall evaluation after finished training. Formative evaluation includes progress evaluation and participation evaluation, and overall evaluation includes practice evaluation and learning evaluation. The evaluation is weighted according to the importance of evaluation type. Because it is evaluated actual skills and abilities, competencies are assigned a high weight, while knowledge and attitudes are assigned a low weight. If cyber security trainees are evaluated by the proposed evaluation model, cyber security professionals can be cultivated by each skill and knowledge level and can be deployed by importance of security task.

• International journal of advanced smart convergence
• /
• v.11 no.3
• /
• pp.7-16
• /
• 2022

The targets of cyber-attacks are not limited to the websites and internal IT systems of shipping agencies. Ships and ports have become important targets for cyber attackers. This paper examines the current state of ship network security, introduces the International Maritime Organization's resolution on ship network security management, and summarizing the cyber-attacks in maritime so the readers can have a general understanding of maritime environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1233-1245
• /
• 2017

Cyber risk is rapidly increasing due to the hyperconnectivity of the IoT in the intelligent information society. Therefore cyber insurance has been attracting attention as a new risk management countermeasure by transferring cyber risk. However, cyber insurance is still a new concept in South Korea. The purpose of this study is to propose the concept of cyber insurance suitable for domestic demand by deriving the priority of cyber insurance coverage. Research results suggest that the most requisite cyber insurance types are business interruption and liability.

• Journal of Korea Multimedia Society
• /
• v.20 no.2
• /
• pp.279-288
• /
• 2017

Nowadays, nations cyber security capabilities play an important role in a nation's defense. Security-critical infrastructures such as national defenses, public services, and financial services are now exposed to Advanced Persistent Threats (APT) and their resistance to such attacks effects the nations stability. Currently Cyber Threat Intelligence (CTI) is widely used by organizations to mitigate and deter APT for its ability to proactively protect their assets by using evidence-based knowledge. The evidence-based knowledge information can be exchanged among organizations and used by the receiving party to strengthen their cyber security management. This paper will discuss on the business process reengineering of the CTI information exchange management for a nationwide scaled control and governance by the government to better protect their national information security assets.

• Convergence Security Journal
• /
• v.9 no.1
• /
• pp.29-37
• /
• 2009

According to Homeland Security Act of 2002, DHS in USA is comprehensively responsible for execution of protection methods on the public and private sectors against cyber attack for USA cyber crisis management. There are different laws and organizations according to the sector that is the public, the private, CII(Critical Information Infrastructure, or Non-CII in Korea. In this paper, we show the unified cyber crisis management of USA makes korea realize the importance to integration and systematization for the national cyber crisis management system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.103-111
• /
• 2009

Recently, cyber attacks against public communications networks are getting more complicated and varied. Moreover, in some cases, one country could make systematic attacks at a national level against another country to steal its confidential information and intellectual property. Therefore, the issue of cyber attacks is now regarded as a new major threat to national security. The conventional way of operating individual information security systems such as IDS and IPS may not be sufficient to cope with those attacks committed by highly-motivated attackers with significant resources. As a result, the monitoring and control of cyber security, which enables attack detection, analysis and response on a real-time basis has become of paramount importance. This paper discusses how to improve efficiency and effectiveness of national cyber security monitoring and control services. It first reviews major threats to the public communications network and how the responses to these threats are made and then it proposes a new approach to improve the national cyber security monitoring and control services.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.11a
• /
• pp.134-136
• /
• 2019

The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

• Journal of KIISE:Information Networking
• /
• v.37 no.5
• /
• pp.351-362
• /
• 2010

In Korea, national information infrastructure has been grown well because of the rapid growth and supply of Internet, but threats of cyber terror and cyber war are also increasing. Cyber attacks on knowledge information society threaten industry, economy and security. Major countries realize that cyber attacks can cause national heavy loss. So, they are trying to adopt policy on their cyber safe. And natural environmental crisises are increasing around the world. Countries such as India and Philippine in which tsunami, typhoon and earthquake are often occurring have national systematic disaster management system that can prevent and recover. We need systematic management for prevention and recovery from cyber terror, and need to establish national cyber disaster management system. Therefore, in this paper, we analyze major countries's cyber security policy and suggest a method of establishing the national cyber disaster management system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.3
• /
• pp.37-47
• /
• 2020

The In the 4^th industrial revolution, cyber space will evolve into hyper-connectivity, super-convergence, and super-intelligence due to the development of advanced information and communication technologies, which will connect the nation's core infrastructure into a single network. As applying the 4^th industrial revolution technology to the cyber attack technique, it is evolving in an intelligent and sophisticate method. In order to response intelligent cyber attacks, it is difficult to guarantee self-defense in cyberspace by policy-oriented, preplanned-centric and hierarchical cyber response strategies. Therefore, this research aims to propose a situation-flexible & action-oriented cyber response mechanism that can respond flexibly by selecting the most optimal smart security solution according to changes in the cyber attack steps. The proposed cyber response mechanism operates the smart security solutions according to the action-oriented detailed strategies. In addition, artificial intelligence-based decision-making systems are used to select the smart security technology with the best responsiveness.