• Journal of information and communication convergence engineering
• /
• v.18 no.2
• /
• pp.94-99
• /
• 2020

Real cyberterrors are invisible and difficult to identify. Even after a cyberattack, its origin and cause are difficult to determine. Cyberterrorism results in invisible cyberwars, and it is believed that World War IV will begin with a cyberwarfare. For national cybersecurity, information on cybersecurity must be collected, shared, and disseminated. In this study, we investigate a blockchain system designed based on the World Cybersecurity Agreement. National cybersecurity information is linked to the hyperledger blockchain system network through the National Cybersecurity Center. National cybersecurity information designs and uses a secure protocol for protection; further, it is collected, shared, and disseminated to treaty countries. National cybersecurity information is shared and spread by the hyperledger blockchain system, and it uses a cyberdefense system that responds to the cyberattacks and their origin. This paper serves as a policy and legislation guideline for forming a World Cybersecurity Agreement between countries.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.295-316
• /
• 2012

In the recent field, cybersecuriyt has become one of the critical areas in the information technology field, and demands for cyberseucirty professionals have been increasing tremendously. However, there is In the recent past, cybersecurity has become one of the critical areas in the Information Technology (IT) field, and demands for cybersecurity professionals have been increasing tremendously. However, there is a shortfall in the qualified cybersecurity workforce which is a factor that contributes to the vulnerability of society to various cyber threats. Our study articulates a model to explain career selection behavior in the cybersecurity field. The study explored factors that affect scholars' behavioral intention to pursue a cybersecurity career. Positive outcome expectations from a cybersecurity career as well as high self-efficacy about skills and knowledge about cybersecurity have a strong impact on the scholars' cybersecurity career decisions. Further, perceived usefulness of the cybersecurity curriculum has a positive effect on the scholars' career decisions. The results of this research have implications for retaining a qualified workforce in the computer and information security fields.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.843-859
• /
• 2018

Cybersecurity has emerged as a serious problem in Korea and there have been relevant movements to improve domestic cybersecurity policy and system. However, discussions have yet to result in actual progress and the legislation for improvement of cybersecurity policy and system have been stagnant until now. As evidenced by the introduction of primary government legislation bill for national cybersecurity in 2017, the preparations for improvements to the policy and system are still in progress. However, we cannot be positive about the possibility of implementing these improvements during the process. Recognition of the importance of cybersecutiry has gradually risen and is more prevalent than in years past, however, in-depth discussions are not being made. In principle, misunderstandings about cybersecurity itself and insufficient understandings of the relevant legislation seem to cause such problems. Therefore, it is necessary to review key issues related to the improvement of cybersecurity policy and system and reconsider tasks for the future. Such issues include the relationship between cybersecurity and fundamental rights, establishing responsibility and capability of each of entities for cybersecurity, and the role of the military in cybersecurity. This type of in-depth discussion will be helpful for finding ways to improve upon cybersecurity policy and system. Moreover, this study aims to key issues with questionnaire survey and political and normative inquiry.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2015.10a
• /
• pp.266-267
• /
• 2015

The information security (information security knowledge) industry is technology-intensive, high value-added industries. South Korea's response has excellent ICT skills and experience and skills in a variety of cyber attacks, has become a benchmark in the world. However, the small size of the domestic information security company, supporting infrastructure is lacking. Domestic information security industry is the primary condition to activate the export. In order to export it is necessary to develop for the Korean Cybersecurity Goods Menu for products, services and technologies of the domestic information security industry. Buyer Menu as well as foreign and domestic Seller, companies and governments know the details of the assets and product information security industry and is a prerequisite to sell. In this paper, I study the Korean Cybersecurity Goods Menu development.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.45-52
• /
• 2017

The Cybersecurity Information Sharing Act(CISA) of 2015, enacted in December 2015, is one of the greatest achievements of cybersecurity legislation in the United States. The promotion of cybersecurity information sharing is one of the tasks to improve cybersecurity governance in Korea. So it is an important issue to be addressed in cybersecurity legislation in Korea in the near future. CISA has many implications for cybersecurity legislation in Korea. Nevertheless, it is difficult to find preceding research that explain the content of CISA and study its normative meaning in Korea. Therefore, in this paper, the contents of the CISA is identified and its normative meaning and implication is found in five categories: definition of terms, establishment of information sharing procedures and conditions, promotion of voluntary information sharing by the private sector, checks on the executive branch and report to the Congress, and other matters. CISA facilitates information sharing based on willingness, while eliminating the side effects that may arise in the information sharing process. It is necessary to appropriately apply the good points of CISA to the cybersecurity legal system in Korea.

• Electronics and Telecommunications Trends
• /
• v.39 no.3
• /
• pp.48-57
• /
• 2024

Cyberthreats and crimes have become common in society and demand the adoption of robust security measures. Financial cybercrimes, personal information breaches, and spam messages are now prevalent, while companies and nations face an increasing number of cyberthreats and attacks such as distributed denial of service, ransomware, and malware. As the overall socioeconomic landscape undergoes digitalization powered by big data, cloud computing, and artificial intelligence technologies, the importance of cybersecurity is expected to steadily increase. Developed nations are actively implementing various policies to strengthen cybersecurity and providing government support for research and development activities to bolster their domestic cybersecurity industries. In particular, the South Korean government has designated cybersecurity as one of the 12 nationwide strategic technology sectors. We examine the current landscape of cybersecurity companies and the information and communication technology supply chain, providing insights into the domestic cybersecurity market and suggesting implications for South Korea.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.5
• /
• pp.2221-2235
• /
• 2020

Compared to the past infrastructure networks, the current smart grid network can improve productivity and management efficiency. However, as the Industrial Internet of Things (IIoT) and Internet-based standard communication protocol is used, external network contacts are created, which is accompanied by security vulnerabilities from various perspectives. Accordingly, it is necessary to develop an appropriate cybersecurity guideline that enables effective reactions to cybersecurity threats caused by the abuse of such defects. Unfortunately, it is not easy for each organization to develop an adequate cybersecurity guideline. Thus, the cybersecurity checklist proposed by a government organization is used. The checklist does not fully reflect the characteristics of each infrastructure network. In this study, we proposed a cybersecurity framework that reflects the characteristics of a microgrid network in the IIoT environment, and performed an analysis to validate the proposed framework.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.1
• /
• pp.35-44
• /
• 2021

With the development of information technology, the cybersecurity threat continues as digital-related technologies are applied to the instrumentation and control system of nuclear power plants. The malfunction of the instrumentation and control system can cause economic damage due to shutdown, and furthermore, it can lead to national disasters such as radioactive emissions, so countering cybersecurity threats is an important issue. In general, the study of cybersecurity in instrumentation and control systems is concentrated on safety systems, and diverse protection systems perform protection and reactor shutdown functions, leading to reactor shutdown or, in the worst case, non-stop situations. To accurately analyze cyber threats in the diverse protection system, its linked facilities should be analyzed together. Risk analysis should be conducted by analyzing the potential impact of inter-facility cyberattacks on related facilities and the impact of cybersecurity on each configuration module of the diverse protection system. In this paper, we analyze the linkage of the diverse protection system and discuss the cybersecurity linkage threat by analyzing the availability of equipment, the cyber threat impact of the linked equipment, and the configuration module's cybersecurity vulnerability.

• Journal of the Society of Disaster Information
• /
• v.17 no.2
• /
• pp.375-390
• /
• 2021

Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.2
• /
• pp.39-48
• /
• 2022

The application of digital technology to instrumentation and control systems in nuclear power plants has overcome many shortcomings of analog technology, but the threat of cybersecurity has increased. Along with other systems, the reactor protection system also uses digital-based equipment, so responding to cybersecurity threats is essential. We generally determine cybersecurity threats according to the role and function of the system. However, since the instrumentation and control system has various systems linked to each other, it is essential to analyze cybersecurity threats together between the connected systems. In this paper, we analyze the cybersecurity threat of the reactor protection system with the associated facilities. To this end, we quantitatively identified the risk of the reactor protection system by considering safety functions, a communication type, the use of analog or digital-based equipment of the associated systems, and the software vulnerability of the configuration module of the reactor protection system.