• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.857-880
• /
• 2016

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.533-540
• /
• 2016

It is important to establish the environment for cyber warrior training, testing support and effectiveness analysis in order to cope with sharply increasing cyber threat. However, those practices cannot be easily performed in real world and are followed with many constraints. In this paper, we propose a live/virtual M&S-based system for training/testing and constructive M&S-based system for effectiveness analysis to provide an environment similar to real world. These can be utilized to strengthen the capability to carry out cyber war and analyze the impact of cyber threat under the large-scale networks.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Convergence Security Journal
• /
• v.12 no.1
• /
• pp.89-96
• /
• 2012

Information society which came due to advance of Information Technology improved the social and economical productivity as well as the quality of national life. But behind the right function the adverse effect as cyber terror is serious and become a big issue. Recently, hackings on a big scale occur frequently. The personal information stored in Internet company is leaked and customers are badly damaged by paralysis of banking system. Also hacking attacks by North Korea occur frequently. It causes confusion in our society and a threat to national security. In this paper, the trend of domestic cyber terror is observed and the countermeasure against cyber terror is proposed.

• Journal of the Korea Convergence Society
• /
• v.9 no.7
• /
• pp.55-62
• /
• 2018

Recently, as the threat of cyber crime increases, the importance of security control to cope with cyber attacks on the information systems in the first place such as real-time detection is increasing. In the name of security control center, cyber terror response center and infringement response center, institutional control personnel are making efforts to prevent cyber attacks. Especially, we are detecting infringement accident by using network security equipment or utilizing control system, but it's not enough to prevent infringement accident by just controlling based on device-driven simple patterns. Therefore, the security control system is continuously being upgraded, and the development and research on the detection method are being actively carried out by the prevention activity against the threat of infringement. In this paper, we have defined the method of detecting infringement of major component module in order to improve the problem of existing infringement detection method. Through the performance tests for each module, we propose measures for effective security control and study effective infringement threat detection method by upgrading the control system using Security Information Event Management (SIEM).

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.207-218
• /
• 2004

IT, the information technology's dramatic growth made entire society's system to rely on it, and took its place as one of the core keyword of 21st centurie's big variety. It is enlarging its role boundaries to most territories such as business or economy, and making another cyber space within cyber space. This report is going to review how we are defending ourselves from external threat within such dramatic flow of changes.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.197-199
• /
• 2022

IoT(Internet of Things) 디바이스가 상호연결됨에 따라 융합환경인 IoBE(Internet of Things Blended Environment)가 발전하고 있다. 그러나 IoBE 내 IoT 디바이스가 상호연결되고, 네트워크가 복잡해짐에 따라 공격 표면도 증가하고 있다. 이를 통해 증가한 공격 표면에서 서로 다른 취약점들이 복합된 보안위협인 BT(Blended Threat)가 나타날 수 있다. 기존에 보안위협 대응을 위한 프레임워크 중 하나로 Cyber Kill Chain이 활용되고 있지만, 이는 공격자가 한 번의 공격을 수행하는 과정을 분석하므로 IoBE에서 발생 가능한 BT에 적용하기 어렵다. 따라서, 본 논문에서는 IoBE 내 BT 기반 공격에 대한 분석이 가능한 IoBE Kill Chain을 제안한다.

• Convergence Security Journal
• /
• v.6 no.3
• /
• pp.21-28
• /
• 2006

Beginning flag security it was limited in Firewall but currently many information security solutions like Anti-virus, IDS, Firewall are come to be many. For efficiently managing different kinds of information security products ESM (Enterprise Security management) are developed and operated. Recently over the integrated security management system, TMS (Threat Management System) is rising in new area of interest. It follows in change of like this information security product and also collection information is being turning out diversification. For managing cyber threats, we have to analysis qualitative information (like vulnerabilities and malware codes, security news) as well as the quantity event logs which are from information security products of past. Information Threats and Vulnerability Auto Collector raises the accuracy of cyber threat judgement and can be utilized to respond the cyber threat which does not occur still by gathering qualitative information as well as quantity information.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.101-107
• /
• 2019

Our military's cyberspace is under constant threat from the enemy. These cyber threats are targeted at the information service assets held by the military, and securing the security of the organization's information service assets is critical. However, since Information assets can not be 100% selt-sufficient in any organization as well as the military, acquisition of information assets by the supply chain is an inevitable. Therefor, after reviewing supply chain protection measures to secure the safety of the military supply chain, we proposed a method for securing supply chain companies through the citation of partnership based on the validated trust model.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.420-423
• /
• 2019

최근 국내에서 발생되고 있는 사이버 공격들의 대부분은 기존 보안장비로 탐지가 어려운 지능형 공격으로 2017년 한 해 동안 발생한 사이버 공격의 경제적 피해액은 약 77조원에 달하고 있다. 또한 이러한 공격을 탐지하는데 평균 145일 정도가 소요되고 있으며 국내 기업 중 약 70% 가량은 사이버 공격을 적극적으로 대응하고 있지 않다. 이러한 공격들은 대부분 과거에 발생한 공격의 변형이거나, 특정 공격 집단이 수행하는 유사/변종 공격들이다. 이러한 사이버 공격을 사전에 탐지하거나 이미 발생된 공격의 변형된 공격을 신속하게 탐지하기 위해서 본 논문에서는 기존 사이버 공격에 사용된 다양한 정보들을 능동적으로 수집하여, 이들 간의 연관성을 분석하고, 실시간으로 유입되는 공격 의심정보와 비교분석하는 기술을 제시한다.