• 한국안전학회지
• /
• 제33권5호
• /
• pp.51-59
• /
• 2018

It is difficult to determine the outdoor toxic level of hazardous chemicals that are leaked in the building, since there are no efficient ways to calculate how much percentage of the leaked chemicals is released into the outdoor atmosphere. In address to these problems, we propose a reasonable box model that can quantitatively evaluate the mass rate of the indoor chlorine leakage into the outside of the building. The proposed method assumes that the indoor chlorine leakage is fully mixed with the indoor air, and then the mixture of the chlorine and indoor air is exfiltrated into the outside of the building through effective leakage areas of the building. It is found that the exfiltration rate of the mixture of the chlorine and indoor air is strongly dependent on the temperature difference between inside and outside the building than the atmospheric wind speed. As compared with a conventional method that uses a vague mitigation factor, our method is more effective to evaluate the outdoor toxic threat zone of the chlorine that are leaked in the building, because it can consider the degree of airtight of the building in the evaluation of the threat zone.

• 정보보호학회논문지
• /
• 제29권5호
• /
• pp.1133-1151
• /
• 2019

정보보호 분야 중 내부자 위협은 미국 카네기멜런대학 부설 연구소를 중심으로 연구가 꾸준히 이어오고 있을 정도로 중요도가 높다. 이에 반해 우리는 별도 연구기관이 없는 실정이며, 특히 국가 생존과 직결되는 국방 IT 환경에 대한 내부자 위협 연구가 보다 깊이 있게 진행되고 있지 않은 것이 현실이다. 그뿐만 아니라 군의 특수성으로 인해 국방 IT 보안은 학문으로서의 연구가 제한되며, 따라서 개념에 대한 정립조차도 제대로 이루어지지 못하고 있다. 뿐만아니라 환경의 차이로 인해 미국의 기준을 그대로 빌릴 수 없기 때문에, 본 논문에서는 국방 IT 환경을 분석한 뒤 한국군 환경에 적합한 내부자(위협)를 정의하고, 내부자 위협 종류 및 완화방안에 대해 제안해 보고자 한다.

• 해양환경안전학회지
• /
• 제30권3호
• /
• pp.263-274
• /
• 2024

The digitization of ship environments has increased the risk of cyberattacks on ships. The smartization and automation of ships are also likely to result in cyber threats. The International Maritime Organization (IMO) has discussed the establishment of regulations at the autonomous level and has revised existing agreements by dividing autonomous ships into four stages, where stages 1 and 2 are for sailors who are boarding ships while stages 3 and 4 are for those not boarding ships. In this study, the level of a smart ship was classified into LEVELs (LVs) 1 to 3 based on the autonomous levels specified by the IMO. Furthermore, a risk assessment for smart ships at various LVs in different risk scenarios was conducted The cyber threats and vulnerabilities of smart ships were analyzed by dividing them into administrative, physical, and technical security; and mitigation measures for each security area were derived. A total of 22 cyber threats were identified for the cyber asset (target system). We inferred that the higher the level of a smart ship, the greater the hyper connectivity and the remote access to operational technology systems; consequently, the greater the attack surface. Therefore, it is necessary to apply mitigation measures using technical security controls in environments with high-level smart ships.

• 한국환경복원기술학회지
• /
• 제27권4호
• /
• pp.15-27
• /
• 2024

Ecosystem-disturbing plant species pose a significant threat to native ecosystems due to their high reproductive capacity, making it essential to monitor their distribution and develop effective mitigation strategies. Consequently, it is crucial to enhance the evaluation of the impacts of these species in environmental impact assessments by incorporating scientific evidence alongside qualitative assessments. This study introduces a dispersal model into the species distribution model to simulate the potential spread of ecosystem-disturbing plant species, reflecting their ecological characteristics. Additionally, we developed mitigation scenarios and quantitatively calculated reduction rates to propose effective mitigation strategies. The species distribution model showed a reliable AUC (Area Under the Curve) of at least 0.890. The dispersal model's results were also credible, with 31 out of 34 validation coordinates falling within the predicted spread range. Simulating the impact of the spread of ecosystem-disturbing plant species over the next five years revealed that one project site had potential habitats for Ambrosia artemisiifolia, necessitating robust mitigation measures such as seed removal. Another project site, with potential habitats for Symphyotrichum pilosum, indicated that physical removal methods within the site were effective due to the species' relatively short dispersal distance. These findings can serve as fundamental data for project executors and reviewers in evaluating the impact of the spread of ecosystem-disturbing plant species during the planning stages of projects.

• Journal of Electrical Engineering and Technology
• /
• 제9권3호
• /
• pp.1043-1050
• /
• 2014

Obsolescent control systems for power systems are evolving into intelligent systems and connecting with smart devices to give intelligence to the power systems. As networks of the control system are growing, vulnerability is also increasing. The communication network of distribution areas in the power system connects closely to vulnerable environments. Many cyber-attacks have been founded in the power system, and they could be more critical as the power system becomes more intelligent. From these environment, new communication network architecture and mitigation method against cyber-attacks are needed. Availability and Fault Tree analysis used to show that the proposed system enhances performance of current control systems.

• Journal of Information Processing Systems
• /
• 제15권4호
• /
• pp.865-889
• /
• 2019

The need for cyber resilience is increasingly important in our technology-dependent society where computing devices and data have been, and will continue to be, the target of cyber-attackers, particularly advanced persistent threat (APT) and nation-state/sponsored actors. APT and nation-state/sponsored actors tend to be more sophisticated, having access to significantly more resources and time to facilitate their attacks, which in most cases are not financially driven (unlike typical cyber-criminals). For example, such threat actors often utilize a broad range of attack vectors, cyber and/or physical, and constantly evolve their attack tactics. Thus, having up-to-date and detailed information of APT's tactics, techniques, and procedures (TTPs) facilitates the design of effective defense strategies as the focus of this paper. Specifically, we posit the importance of taxonomies in categorizing cyber-attacks. Note, however, that existing information about APT attack campaigns is fragmented across practitioner, government (including intelligence/classified), and academic publications, and existing taxonomies generally have a narrow scope (e.g., to a limited number of APT campaigns). Therefore, in this paper, we leverage the Cyber Kill Chain (CKC) model to "decompose" any complex attack and identify the relevant characteristics of such attacks. We then comprehensively analyze more than 40 APT campaigns disclosed before 2018 to build our taxonomy. Such taxonomy can facilitate incident response and cyber threat hunting by aiding in understanding of the potential attacks to organizations as well as which attacks may surface. In addition, the taxonomy can allow national security and intelligence agencies and businesses to share their analysis of ongoing, sensitive APT campaigns without the need to disclose detailed information about the campaigns. It can also notify future security policies and mitigation strategy formulation.

• 한국컴퓨터정보학회논문지
• /
• 제17권2호
• /
• pp.127-137
• /
• 2012

최근에 매쉬업(mashups), 웹 3.0, JavaScript, AJAX (Asynchronous JavaScript XML) 등이 널리 사용되면서, 새로운 취약점들이 발견되고 있어 보안 위협이 더 증대되고 있다. 이러한 웹 애플리케이션 취약점과 보안 위협을 효율적으로 완화하기 위해, 그 취약점들을 위험도 기준으로 순서화하여 웹 애플리케이션의 개발 생명주기의 해당 단계에서 우선적으로 고려해야 한다. 본 논문에서는 미국 NVD(National Vulnerability Database)의 웹 애플리케이션 취약점에 대한 데이터를 분석하여, OWASP Top 10 취약점들의 위험도 산정 방법이 타당한 지를 검증하였다. 그 다음, OWASP Top-10 2010과 CWE (Common Weakness Enumeration) 데이터를 중심으로 웹 애플리케이션 취약점 정보를 분석하여 웹 취약점들을 사상시켜 순서화하고, 그 취약점들이 어떤 개발 생명주기 단계와 관련이 있는지를 제시하였다. 이를 통해 효율적으로 웹 보안 위협과 취약점을 예방하거나 완화할 수 있다.

• 융합보안논문지
• /
• 제21권4호
• /
• pp.77-85
• /
• 2021

사이버 방호란 사이버 공격 및 위협으로부터 우리가 운영하는 정보시스템을 보호하는 활동[1]이다. 현재 운영중인 사이버 방호체계의 방호수준을 알기 위해서는 시시각각 새롭게 발전하고 있는 사이버 위협을 반영하여 공격기술 현황을 최신화하고 방호기능으로 대응이 가능한지 분석할 필요가 있다. 이에 본 논문에서는 사이버 킬 체인의 공격절차와 방어유형으로 분류한 공격기술을 MITRE의 방어기술(Mitigation ID)과 연관 관계를 분석하고 방어적 사이버활동 중심으로 군 부대 유형별 사이버 방호수준을 제시하고자 한다. 향후 국방영역에서 운영중인 사이버 방호체계의 대응역량을 실시간 분석하여 부대별 방호수준을 가시화하고 알려지지 않은 사이버 위협에 대한 조사 및 적극적인 취약점 보완을 통해 사이버 방호수준이 향상되길 기대한다.

• 한국방재학회:학술대회논문집
• /
• 한국방재학회 2008년도 정기총회 및 학술발표대회
• /
• pp.389-392
• /
• 2008

Warning phase of disaster is a critical period in determining the likely survival of threatened citizens. Elderly requires special attention primarily because they tend to be uncompliant and less likely to cooperate with authorities. But there is much less research on how elderly respond to disaster warnings, while there is a strong consistent empirical literature on older citizen in the recovery periods of disaster. The purpose of this study is to examine coping behavior of elderly when they are at risk of disaster. Data were collected from 130 senior citizens aged over 60 who are residing in Pyungchang and Injae in Kangwon province which had damaged due to heavy rain in 2006. Perry & Lindell(1997)'s index, a series of six categories that represent coping behaviors which progressively approximate the action of evacuating was used : do nothing(1), check environmental cues for evidence of a threat(2), engage in threat-specific property protection(3), engage in protective action for personal safety(4), prepare to evacuate(5), evacuate the areas as instructed in the warning(6). Almost respondents(69.2%) chose the level 6(51.5%) and level 5(17.7%). This proves the elderly are not uncompliant or uncooperative population. Furthermore, this finding emphasizes the importance of public warning in case of disasters. And 13.8% of total respondent checked level 1 for their reaction.

• Advances in nano research
• /
• 제10권4호
• /
• pp.397-414
• /
• 2021

The steady growth in population has led to an enhanced water demand and immense pressure on water resources. Pharmaceutical residues (PRs) are unused or non-assimilated medicines found in water supplies that originate from the human and animal consumption of antibiotics, antipyretics, analgesics etc. These have been detected recently in sewage effluents, surface water, ground water and even in drinking water. Due to their toxicity and potential hazard to the environment, humans and aquatic life, PRs are now categorized as the emerging contaminants (ECs). India figures in the top five manufacturers of medicines in the world and every third pill consumed in the world is produced in India. Present day conventional wastewater treatment methods are ineffective and don't eliminate them completely. The use of nanotechnology via advanced oxidation processes (AOP) is one of the most effective methods for the removal of these PRs. Present study is aimed at reviewing the presence of various PRs in water supplies and also to describe the process of AOP to overcome their threat. This study is also very important in view of World Health Organization report confirming more than 30 million cases of COVID-19 worldwide. This will lead to an alleviated use of antibiotics, antipyretics etc. and their subsequent occurrence in water bodies. Need of the hour is to devise a proper treatment strategy and a decision thereof by the policymakers to overcome the possible threat to the environment and health of humans and aquatic life.