• Journal of the Korean Society of Safety
• /
• v.33 no.5
• /
• pp.51-59
• /
• 2018

It is difficult to determine the outdoor toxic level of hazardous chemicals that are leaked in the building, since there are no efficient ways to calculate how much percentage of the leaked chemicals is released into the outdoor atmosphere. In address to these problems, we propose a reasonable box model that can quantitatively evaluate the mass rate of the indoor chlorine leakage into the outside of the building. The proposed method assumes that the indoor chlorine leakage is fully mixed with the indoor air, and then the mixture of the chlorine and indoor air is exfiltrated into the outside of the building through effective leakage areas of the building. It is found that the exfiltration rate of the mixture of the chlorine and indoor air is strongly dependent on the temperature difference between inside and outside the building than the atmospheric wind speed. As compared with a conventional method that uses a vague mitigation factor, our method is more effective to evaluate the outdoor toxic threat zone of the chlorine that are leaked in the building, because it can consider the degree of airtight of the building in the evaluation of the threat zone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1133-1151
• /
• 2019

Insider threats in the field of information security are so important that the research is continuing centering on the institutes attached to the Carnegie Mellon University. On the other hand, we do not have any separate research institutes. In particular, insider threat research on the defense IT environment directly connected with the survival of the country is not proceeding in depth. In addition, due to the specificity of the military, defense IT security has limited research as an academic discipline, and even the establishment of concepts has not been achieved properly. In addition, because of differences in the environment, the US standard can not be borrowed as it is. This paper analyzes the defense IT environment and defines an insider (threat) suitable for the Korea military environment. I'd like to suggest the type of insider threat and how to mitigate it.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.30 no.3
• /
• pp.263-274
• /
• 2024

The digitization of ship environments has increased the risk of cyberattacks on ships. The smartization and automation of ships are also likely to result in cyber threats. The International Maritime Organization (IMO) has discussed the establishment of regulations at the autonomous level and has revised existing agreements by dividing autonomous ships into four stages, where stages 1 and 2 are for sailors who are boarding ships while stages 3 and 4 are for those not boarding ships. In this study, the level of a smart ship was classified into LEVELs (LVs) 1 to 3 based on the autonomous levels specified by the IMO. Furthermore, a risk assessment for smart ships at various LVs in different risk scenarios was conducted The cyber threats and vulnerabilities of smart ships were analyzed by dividing them into administrative, physical, and technical security; and mitigation measures for each security area were derived. A total of 22 cyber threats were identified for the cyber asset (target system). We inferred that the higher the level of a smart ship, the greater the hyper connectivity and the remote access to operational technology systems; consequently, the greater the attack surface. Therefore, it is necessary to apply mitigation measures using technical security controls in environments with high-level smart ships.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.27 no.4
• /
• pp.15-27
• /
• 2024

Ecosystem-disturbing plant species pose a significant threat to native ecosystems due to their high reproductive capacity, making it essential to monitor their distribution and develop effective mitigation strategies. Consequently, it is crucial to enhance the evaluation of the impacts of these species in environmental impact assessments by incorporating scientific evidence alongside qualitative assessments. This study introduces a dispersal model into the species distribution model to simulate the potential spread of ecosystem-disturbing plant species, reflecting their ecological characteristics. Additionally, we developed mitigation scenarios and quantitatively calculated reduction rates to propose effective mitigation strategies. The species distribution model showed a reliable AUC (Area Under the Curve) of at least 0.890. The dispersal model's results were also credible, with 31 out of 34 validation coordinates falling within the predicted spread range. Simulating the impact of the spread of ecosystem-disturbing plant species over the next five years revealed that one project site had potential habitats for Ambrosia artemisiifolia, necessitating robust mitigation measures such as seed removal. Another project site, with potential habitats for Symphyotrichum pilosum, indicated that physical removal methods within the site were effective due to the species' relatively short dispersal distance. These findings can serve as fundamental data for project executors and reviewers in evaluating the impact of the spread of ecosystem-disturbing plant species during the planning stages of projects.

• Journal of Electrical Engineering and Technology
• /
• v.9 no.3
• /
• pp.1043-1050
• /
• 2014

Obsolescent control systems for power systems are evolving into intelligent systems and connecting with smart devices to give intelligence to the power systems. As networks of the control system are growing, vulnerability is also increasing. The communication network of distribution areas in the power system connects closely to vulnerable environments. Many cyber-attacks have been founded in the power system, and they could be more critical as the power system becomes more intelligent. From these environment, new communication network architecture and mitigation method against cyber-attacks are needed. Availability and Fault Tree analysis used to show that the proposed system enhances performance of current control systems.

• Journal of Information Processing Systems
• /
• v.15 no.4
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.127-137
• /
• 2012

Recently, as modern Internet uses mashups, Web 3.0, JavaScript/AJAX widely, the rate at which new vulnerabilities are being discovered is increasing rapidly. It can subsequently introduce big security threats. In order to efficiently mitigate these web application vulnerabilities and security threats, it is needed to rank vulnerabilities based on severity and consider the severe vulnerabilities during a specific phase of software development lifecycle (SDLC) for web applications. In this paper, we have first verified whether the risk rating methodology of OWASP Top 10 vulnerabilities is a reasonable one or not by analyzing the vulnerability data of web applications in the US National Vulnerability Database (NVD). Then, by inspecting the vulnerability information of web applications based on OWASP Top-10 2010 list and CWE (Common Weakness Enumeration) directory, we have mapped the web-related entries of CWE onto the entries of OWASP Top-10 2010 and prioritized them. We have also presented which phase of SDLC is associated with each vulnerability entry. Using this approach, we can prevent or mitigate web application vulnerabilities and security threats efficiently.

• Convergence Security Journal
• /
• v.21 no.4
• /
• pp.77-85
• /
• 2021

Cyber protection is an activity that protects the information systems we operate from cyber attacks and threats. To know the level of protection of the currently operating cyber protection system, it is necessary to update the current state of attack technology by reflecting the constantly evolving cyber threats and to analyze whether it is possible to respond with the protection function. Therefore, in this paper, we analyze the relationship between the attack procedures and defense types of the cyber kill chain with the defense technology(Mitigation ID) of MITRE and present the cyber protection level for each military unit type with a focus on defensive cyber activities. In the future, it is expected that the level of cyber protection will be improved through real-time analysis of the response capabilities of cyber protection systems operating in the defense sector to visualize the level of protection for each unit, investigate unknown cyber threats, and actively complement vulnerabilities.

• 한국방재학회:학술대회논문집
• /
• 2008.02a
• /
• pp.389-392
• /
• 2008

Warning phase of disaster is a critical period in determining the likely survival of threatened citizens. Elderly requires special attention primarily because they tend to be uncompliant and less likely to cooperate with authorities. But there is much less research on how elderly respond to disaster warnings, while there is a strong consistent empirical literature on older citizen in the recovery periods of disaster. The purpose of this study is to examine coping behavior of elderly when they are at risk of disaster. Data were collected from 130 senior citizens aged over 60 who are residing in Pyungchang and Injae in Kangwon province which had damaged due to heavy rain in 2006. Perry & Lindell(1997)'s index, a series of six categories that represent coping behaviors which progressively approximate the action of evacuating was used : do nothing(1), check environmental cues for evidence of a threat(2), engage in threat-specific property protection(3), engage in protective action for personal safety(4), prepare to evacuate(5), evacuate the areas as instructed in the warning(6). Almost respondents(69.2%) chose the level 6(51.5%) and level 5(17.7%). This proves the elderly are not uncompliant or uncooperative population. Furthermore, this finding emphasizes the importance of public warning in case of disasters. And 13.8% of total respondent checked level 1 for their reaction.

• Advances in nano research
• /
• v.10 no.4
• /
• pp.397-414
• /
• 2021

The steady growth in population has led to an enhanced water demand and immense pressure on water resources. Pharmaceutical residues (PRs) are unused or non-assimilated medicines found in water supplies that originate from the human and animal consumption of antibiotics, antipyretics, analgesics etc. These have been detected recently in sewage effluents, surface water, ground water and even in drinking water. Due to their toxicity and potential hazard to the environment, humans and aquatic life, PRs are now categorized as the emerging contaminants (ECs). India figures in the top five manufacturers of medicines in the world and every third pill consumed in the world is produced in India. Present day conventional wastewater treatment methods are ineffective and don't eliminate them completely. The use of nanotechnology via advanced oxidation processes (AOP) is one of the most effective methods for the removal of these PRs. Present study is aimed at reviewing the presence of various PRs in water supplies and also to describe the process of AOP to overcome their threat. This study is also very important in view of World Health Organization report confirming more than 30 million cases of COVID-19 worldwide. This will lead to an alleviated use of antibiotics, antipyretics etc. and their subsequent occurrence in water bodies. Need of the hour is to devise a proper treatment strategy and a decision thereof by the policymakers to overcome the possible threat to the environment and health of humans and aquatic life.