• Convergence Security Journal
• /
• v.22 no.2
• /
• pp.27-42
• /
• 2022

In the era of the Fourth Industrial Revolution, digital transformation to increase the effectiveness of industry is becoming more important to achieving the goal of industrial innovation. The digital new deal and smart defense are required for digital transformation and utilize artificial intelligence, big data analysis technology, and the Internet of Things. These changes can innovate the industrial fields of national defense, society, and health with new intelligent services by continuously expanding cyberspace. As a result, work productivity, efficiency, convenience, and industrial safety will be strengthened. However, the threat of cyber-attack will also continue to increase due to expansion of the new domain of digital transformation. This paper presents the risk scenarios of cyber-attack threats in the Fourth Industrial Revolution. Further, we propose a preemptive intrusion response model to bolster the complex security environment of the future, which is one of the fundamental alternatives to solving problems relating to cyber-attack. The proposed model can be used as prior research on cyber security strategy and technology development for preemptive response to cyber threats in the future society.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.95-108
• /
• 2011

Smart Grids are intelligent next generating Electric Power System (EPS) that provide environment-friendliness, high-efficiency, and high-trustworthiness by integrating information and communication technology with electric power technology. Smart grids help to supply power more efficiently and safely than past systems by bilaterally exchanging information between the user and power producer. In addition, it alleviates environmental problems by using renewable energy resources. However, smart grids have many cyber security risks because of the bilateral service, the increase of small and medium-sized energy resources, and the installation of multi-sensors or control devices. These cyber risks can cause critical problems within a national grid through even small errors. Therefore, in order to reduce these risks, it is necessary to establish a cyber security strategy and apply it from the developmental stage to the implementation stage. This thesis analyzes and recommends security strategy in order to resolve the security risks. By applying cyber security strategy to a smart grid, it will provide a stepping-stone to creating a safe and dependable smart grid.

• Convergence Security Journal
• /
• v.23 no.5
• /
• pp.35-43
• /
• 2023

As digital infrastructure increases connections and convergence progress rapidly in all areas, and it is most important to ensure safety from cyber infringement or hacking to continue national growth. Accordingly, it examines the obstacles to cyber threat information sharing, which is the basis for responding to cyber infringement, and suggests ways to improve efficiency. First of all, information sharing is divided into three areas: the government, cyber security companies, small and medium-sized enterprises and individuals and the requirements are checked from their respective positions. We will supplement this and explore ways to strengthen cybersecurity and provide economic benefits to each other. Therefore, national and public organizations will propose policies to create an cybersecurity industry ecosystem with a virtuous cycle that leads to diversification of cyber threat information sources, strengthening cybersecurity for general companies and individuals, and creating demand for the cybersecurity industry. The results of the study are expected to help establish policies to strengthen national cybersecurity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.7
• /
• pp.2425-2458
• /
• 2022

The continuous evolution and proliferation of computer technology and our increasing dependence on computer technology have created a new class of threats: "cyber threats." These threats can be defined as activities that can undermine a society's ability to maintain internal or external order while using information technology. Cyber threats can be mainly divided into two categories, namely cyber-terrorism and cyber-warfare. A variety of malware programs are often used as a primary weapon in these cyber threats. A significant amount of research work has been published covering different aspects of cyber threats, their countermeasures, and the policy-making for cyber laws. This article aims to review the research conducted in various important aspects of cyber threats and provides synthesized information regarding the fundamentals of cyber threats; discusses the countermeasures for such threats; provides relevant details of high-profile cyber-attacks; discusses the developments in global policy-making for cyber laws, and lastly presents promising future directions in this area.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.397-405
• /
• 2021

With the recent phenomenon of the Intelligence Information Society, the cyber security paradigm has begun to change. In particular, the increase of the interconnectedness of the hyperlinked society has extended the scope of damage that can be caused by cyber threats to the real world. In addition to that, it can also be a risk to any given individual who could accompany a crisis that has to do with public safety or national security. Adolescents who are digital natives are more likely to be exposed to cyber threats, which is mainly due to the fact that they are significantly more involved in cyber activities and they also possess insufficient security comprehension and safety awareness. Therefore, it is necessary to strengthen cyber security capabilities of every young individual, so that they can effectively protect themselves against cyber threats and better manage their cyber activities. It examines the changes of the security paradigm and the necessity for cyber security education, which is in direct accordance to the characteristics of a connected society that further suggests directions and a basic system of cyber security education, through a detailed analysis of the current state of Domestic and Overseas Cyber Security Education. The purpose of this study was to define cybersecurity competencies that are necessary within an intelligent information society, and to propose a regular curriculum for strengthening cybersecurity competencies, through the comparison and meticulous analysis of both domestic and overseas educational systems that are pertinent to cybersecurity competencies. Accordingly, a cybersecurity competency system was constructed, by reflecting C3-Matrix, which is a cyber competency system model of digital citizens. The cybersecurity competency system consists of cyber ethics awareness, cyber ethics behavior, cyber security and cyber safety. In addition to this, based on the basic framework of the cybersecurity competency system, the relevant education that is currently being implemented in the United States, Australia, Japan and Korea were all compared and analyzed. From the insight gained through the analysis, the domestic curriculum was finally presented. The main objective of this new unified understanding, was to create a comprehensive and effective cyber security competency curriculum.

• Convergence Security Journal
• /
• v.6 no.4
• /
• pp.101-112
• /
• 2006

It will not be able to guarantee the secure operation for the information and communication systems with only technical security. So, ISMS(Information Security Management System) research and standardization are active going on. Korea published "The national cyber security management regulation" and "The national cyber security manual" in 2005. According to the regulation and manual, the government organ and public institution must accomplish the security management assessment to itself for systematic management of an information security. We studied related standards and security management systems of the Australia and the USA, and analyzed the security management evaluation system in "The national cyber security manual" in efficient security management focus. We presented the improvement direction of national security evaluation system through the research. We propose the additional control, selective control set and improvement of the evaluation process for efficient security management. Proposed system possible composition of suitable to each organ and flexible adaptation of rapidly changed information environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.301-304
• /
• 2016

Cyber world constitute the infrastructure of the country and its people and control. Cyber attacks and leakage of personal information are being threatened damage to the national economy and national security. December 2014 had been cyber hacking attacks on Korea Hydro & Nuclear Power Nuclear cooling system design drawings of a spill, and Cheong Wa Dae website hacked, KBS stations occurred in cyber hacking accidents. As a result, ICT-based Protection Act, Promotion of Information and Communications Network Utilization and Information Act on Protection, etc., privacy laws are being enforced, personal information in the form of requirements from leading high-tech eoryeowoona is to prevent the attacks of armed hackers Internet information society It proposes positive measures to keep your personal information officer and laws.

• Journal of Digital Convergence
• /
• v.16 no.6
• /
• pp.205-212
• /
• 2018

This Study aims to propose a new information security governance model design method for streamlining security governance at national strategic level. The research method of this study is to diagnose our operational experience and to derive a new model design method. In the meantime, national information security activities were perceived to be focused on knowledge transfer, and motivation of activities and securing of executive power were weak. As a result, security blind spots and frequent occurrence of large security incidents have become unresolved challenges. National cyber security governance should be grouped together as a whole systematically from the upper policy to the lower level of performance under the responsibility of the national leader. Based on this approach, this study presented the comprehensive framework of Korean security governance model and embodied it into four architectural designs such as vision, goal, process, and performance, thus deriving the foundation for future national governance model design. Further research is needed to diagnose problems in life cycle flow, security policies based on environmental changes, and new frameworks in which all subjects participate.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.29-35
• /
• 2020

The cyber attacks targeting the systems of national and public organizations in the front line of cyber security have been advanced, and the number of cyber attacks has been on the constant rise. In this circumstance, it is necessary to develop the security evaluation technology to prevent cyber attacks to the systems of national and public organizations. Most of the studies of the vulnerability analysis on the information systems of national and public organizations almost focus on automation. In actual security inspection, it is hard to automate some parts. In terms of security policies for threats, many different plans have been designed and applied in the managerial, physical, and technical fields, giving particular answers no matter how they are subjective or situational. These tendencies can be standardized in OCIL(Open Checklist Interactive Language), and partial automation can be achieved. Therefore, this study tries to implement XML Converter in order for OCIL based security level evaluation with typical evaluation questions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.985-994
• /
• 2016

Since the inauguration of Defense Acquisition Program Administration(DAPA) in 2006, the national defense core technology research & development business has not only pertained to the weapons systems development but also to the improvement of the national science & technology capability via the acquisition of cutting-edge technologies. Furthermore, it has been closely related to the promotion of the defense industry and the mutual improvements of defense and civil technologies. The cyber warfare weapon system, a newly added national defense weapon system field since 2015, has become a promising weapon system branch for improving the national defense power as well as the national defense industry as shown in the case of Israel. By utilizing the existing result of the national defense core technology level, in order to establish the direction of technology planning of the cyber warfare weapon system, this paper analyzes the technology level and features of the cyber warfare weapon system in various aspects via comparisons with other weapons systems. The result of these analyses shows that the cyber warfare weapon system possesses a relatively high technology level due to the technology accumulation in the civilian sector while the relatively slow inclusion to the national weapons systems and the lack of the correspondence case regarding aggressive cyber responses in the defense sector yields a relatively low national rank. However, the technological gap between South Korea and the most advanced country in the field of cyber warfare technology is analyzed to be among the lowest, which indicates that with efficient and effective pursuits in terms of pthe weapons systems acquisitions as well as the core technologies research & development business, an outstanding cyber warfare capacity can be obtained in a short time.