• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.332-338
• /
• 2021

Civil aviation cybersecurity challenges are global in nature and must be addressed using global best practices and the combined efforts of all stakeholders. This requires the development of comprehensive international strategies and detailed plans for their implementation, with appropriate resources. It is important to build such strategies on a common methodology that can be applied to civil aviation and other interrelated critical infrastructure sectors. The goal of the study was to determine the methodological basis for developing an international civil aviation cybersecurity strategy, taking into account existing experience in strategic planning at the level of international specialized organizations. The research was conducted using general scientific and theoretical research methods: observation, description, formalization, analysis, synthesis, generalization, explanation As a result of the study, it was established the specifics of the approach to formulating strategic goals in civil aviation cybersecurity programs in the documents of intergovernmental and international non-governmental organizations in the aviation sphere, generally based on a comprehensive vision of cybersecurity management. A comparative analysis of strategic priorities, objectives, and planned activities for their implementation revealed common characteristics based on a single methodological sense of cybersecurity as a symbiosis of five components: human capacity, processes, technologies, communications, and its regulatory support. It was found that additional branching and detailing of priority areas in the strategic documents of international civil aviation organizations (by the example of Cybersecurity Strategy and Cybersecurity Action Plan) does not always contribute to compliance with a unified methodological framework. It is argued that to develop an international civil aviation cybersecurity strategy, it is advisable to use the methodological basis of the Cyber Security Index.

• Convergence Security Journal
• /
• v.23 no.2
• /
• pp.11-25
• /
• 2023

Since President Biden's inauguration, significant cyberattacks have occurred several times in the United States, and cybersecurity was emphasized as a national priority. The U.S. is advancing efforts to strengthen the cybersecurity both domestically and internationally, including with allies. In particular, the Biden administration announced the National Cybersecurity Strategy in March 2023. The National Cybersecurity Strategy is the top guideline of cybersecurity and is the foundation of other cybersecurity policies. And it includes public-privates as well as international policy directions, so it is expected to affect the international order. Meanwhile, In Korea, a new administration was launched in 2022, and the revision of the National Cybersecurity Strategy is necessary. In addition, cooperation between Korea and the U.S. has recently been strengthened, and cybersecurity is being treated as a key agenda in the cooperative relationship. In this paper, we examine the cyber security strategies of the Trump and Biden administration, and analyze how the strategies have changed, their characteristics and implications in qualitative and quantitative terms. And we derive the implications of these changes for Korea's cybersecurity policy.

• Convergence Security Journal
• /
• v.16 no.4
• /
• pp.53-61
• /
• 2016

A number of countries have been developing and implementing national cybersecurity strategy to prevent damages caused by cyber threats and to minimize damages when they happened. However, there are a lot of differences and disparities in respective strategies with their own background and needs. A vulnerability in some places can be a global problem, so various guidelines have been developed by relevant organizations including international organizations to support the establishment of national cybersecurity strategies and improvement of them. In this paper, with analysis on the guidelines for the establishment of national cybersecurity strategies, reference model consisting of common elements of strategies was suggested. And several recommendations for the improvement measures for Korean national cybersecurity strategies were explained with a comparison of the reference model.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.299-309
• /
• 2022

Human factor represents a very challenging issue to organizations. Human factor is responsible for many cybersecurity incidents by noncompliance with the organization security policies. In this paper we conduct a comprehensive review of the literature to identify strategies to address human factor. Security awareness, training and education program is the main strategy to address human factor. Scholars have consistently argued that importance of security awareness to prevent incidents from human behavior.

• Journal of Information Technology Applications and Management
• /
• v.23 no.4
• /
• pp.127-138
• /
• 2016

The Korean government has implemented various policies such as establishing new major/department and operating a variety of education programs related with cybersecurity. However, it has not yet been constructed virtuous cycle that can provide appropriate education and training to professionals with the high level and quality. In this study, by surveying and analyzing satisfaction about education and training program aimed at employees in public sector who are in charge of cybersecurity, we suggest the direction of education and training for cybersecurity experts required at the national level.

• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.29-36
• /
• 2022

Smart grid (SG) software platforms and communication networks that run and manage the entire grid are increasingly concerned about cyber security. Characteristics of the smart grid networks, including heterogeneity, time restrictions, bandwidth, scalability, and other factors make it difficult to secure. The age-old strategy of "building bigger walls" is no longer sufficient given the rise in the quantity and size of cyberattacks as well as the sophisticated methods threat actor uses to hide their actions. Cyber security experts utilize technologies and procedures to defend IT systems and data from intruders. The primary objective of every organization's cybersecurity team is to safeguard data and information technology (IT) infrastructure. Consequently, further research is required to create guidelines and methods that are compatible with smart grid security. In this study, we have discussed objectives of of smart grid security, challenges of smart grid security, defensive cybersecurity techniques, offensive cybersecurity techniques and open research challenges of cybersecurity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.907-918
• /
• 2019

The purpose of this study is to understand the cybersecurity policies and critical infrastructure protection of the United States through analyzing Donald Trump's administration executive orders, the national cyber strategy, and the legislation. The analysis has three findings. First, the Department of Homeland Security (DHS) became a main agent in the cybersecurity while the role of the White House was reduced. Second, Trump's administration expanded its role and mission in the policy area by extending the meaning of critical infrastructure. Third, in the case of cyber threats, the government can be involved in the operation of critical infrastructures in the private sector. The opinions of the professional bureaucrats and DHS were more reflected in the direction of the cybersecurity policy than those of the White House. In contrast to Barack Obama's administration, the Trump administration's cybersecurity strategies were not much studied. This study provides insights for improving cybersecurity policies and critical infrastructure protection.

• Journal of Digital Convergence
• /
• v.17 no.10
• /
• pp.93-102
• /
• 2019

This paper aims to set the priorities for the cybersecurity strategy of Cambodian government. To this end, we built a AHP research model by adopting 4 factors from the ITU national interests model and selecting 7 strategies from best practices of 8 countries leading the cyber security. Using a questionnaire, 19 experts evaluated Cambodia's cybersecurity strategy priorities. The key policy factors were evaluated in the order of homeland defense, economic welfare, value promotion and favorable world order. Their strategic alternatives were identified in the order of legislation, capacity building, and cyber attack prevention for critical infrastructure. This study will contribute to setting the strategic priorities and feasible action plans to strengthen Cambodia's cybersecurity capabilities.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1293-1314
• /
• 2015

As ICT is becoming a major social infrastructure, the need to strengthen cyber capabilities are emerging. In the major advanced countries including the United States, has a continuing interest in strengthening cyber capabilities and has studied in enhancements of cyber capabilities. The cyber capability assessment is necessary in order to determine the current level of the country, establish policy directions and legislations. The selection of criteria has very important meaning to suggest future policy direction as well as an objective assessment of cybersecurity capabilities. But there are variable criteria for national cyber capabilities assessment such as strategy, legislation, technology, society and culture, and human resources. In this paper we perform the analysis of criteria for the other country's cybersecurity assessments including the U.S. and Europe. And we proposed the criteria for the national cybersecurity assessment reflecting the our country's characteristics.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.5
• /
• pp.1909-1928
• /
• 2021

At present, the Colombian government shares information on threats or vulnerabilities in the area of cybersecurity and cyberdefense, from other government agencies or departments, on an ad-hoc basis but not in real time, with the surveillance entities of the Government of the Republic of Colombia such as the Joint Command of Cybernetic Operations (CCOCI) and the Cybernetic Emergencies Response Team of Colombia (ColCERT). This research presents the MS-CSIRT (Management System Computer Security Incident Response Teams) methodology, that is used to unify the guidelines of a CSIRT towards a joint communication command in cybersecurity for the surveillance of Information Technology (IT), Technological Operations (TO), Internet Connection Sharing (ICS) or Internet of Things (IoT) infrastructures. This methodology evaluates the level of maturity, by means of a roadmap, to establish a CSIRT as a reference framework for government entities and as a guide for the areas of information security, IT and TO to strengthen the growth of the industry 4.0. This allows the organizations to draw a line of cybersecurity policy with scope, objectives, controls, metrics, procedures and use cases for the correct coordination between ColCERT and CCOCI, as support entities in cybersecurity, and the different companies (ICS, IoT, gas and energy, mining, maritime, agro-industrial, among others) or government agencies that use this methodology.