• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.27
• /
• pp.129-161
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• International Commerce and Information Review
• /
• v.7 no.3
• /
• pp.27-51
• /
• 2005

Todays, computers in business world are potent facilitators that most companies could not without them, while they are only tools. They offer extremely efficient means of communication, particularly when connected to Internet. What I stress in this article is the risks accompanied by e-commerce rather than the advantages of Internet or e-commerce. The management of e-commerce companies, therefore, should keep in mind that the benefit of e-commerce through the Internet are accompanied by enhanced and new risks, cyber risks or e-commerce risks. For example, companies are exposed to computer system breakdown and business interruption risks owing to traditional and physical risks such as theft and fire etc, computer programming errors and defect softwares and outsider's attack such as hacking and virus. E-commerce companies are also exposed to tort liabilities owing to defamation, the infringement of intellectual property such as copyright, trademark and patent right, negligent misrepresent and breach of confidential information or privacy infringement. In this article, I would like to suggest e-commerce insurance or cyber liability insurance as a means of risk management rather than some technical devices, because there is not technically perfect defence against cyber risks. But e-commerce insurance has some gaps between risks confronted by companies and coverage needed by them, because it is at most 6 or 7 years since it has been introduced to market. Nevertheless, in my opinion, e-commerce insurance has offered the most perfect defence against cyber risks to e-commerce companies up to now.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.9 no.1
• /
• pp.137-142
• /
• 2014

Industrial control system (ICS) is a computer based system which are typically used in nation-wide critical infra-structure facilities such as electrical, gas, water, wastewater, oil and transportation. In addition, ICS is essentially used in industrial application domain to effectively monitor and control the remotely scattered systems. The highly developed information technology (IT) and related network techniques are continually adapted into domains of industrial control system. However, industrial control system is confronted significant side-effects, which ICS is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in industrial control system. The vulnerabilities that may be found in typical ICS are grouped into Policy and Procedure, Platform, and Network categories to assist in determining optimal mitigation strategies. The order of these vulnerabilities does not necessarily reflect any priority in terms of likelihood of occurrence or severity of impact. Firstly, corporate security policy can reduce vulnerabilities by mandating conduct such as password usage and maintenance or requirements for connecting modems to ICS. Secondly, platfom vulnerabilities can be mitigated through various security controls, such as OS and application patching, physical access control, and security software. Thirdly, network vulnerabilities can be eliminated or mitigated through various security controls, such as defense-in-depth network design, encrypting network communication, restricting network traffic flows, and providing physical access control for network components.

• Journal of Energy Engineering
• /
• v.24 no.1
• /
• pp.123-131
• /
• 2015

This paper aims to identify and clarify the cyber security risks and their interaction with the power system in Smart Grid. The EMS and other communication networks interact with the power system on a real time basis, so it is important to understand the interaction between two layers to protect the power system from potential cyber threats. In this study, the optimal power flow(OPF) and Power Flow Tracing are used to assess the interaction between the EMS and the power system. Through OPF and Power Flow Tracing based analysis, the physical and economic impacts from potential cyber threats are assessed, and thereby the quantitative risks are measured in a monetary unit.

• Convergence Security Journal
• /
• v.11 no.6
• /
• pp.53-58
• /
• 2011

There is increasing use of common commercial operation system and standard PCs to control industrial production systems, and cyber security threat for industrial facilities have emerged as a serious problem. Now these network connected ICS(Industrial Control Systems) stand vulnerable to the same threats that the enterprise information systems have faced and they are exposed to malicious attacks. In particular Stuxnet is a computer worm targeting a specific industrial control system, such as a gas pipeline or power plant and in theory, being able to cause physical damage. In this paper we present an overview of the general configuration and cyber security threats of a SCADA and investigate the attack tree analysis to identify and assess security vulnerabilities in SCADA for the purpose of response to cyber attacks in advance.

• International Commerce and Information Review
• /
• v.1 no.2
• /
• pp.145-165
• /
• 1999

With the rapid spreading of the internet that is based on the development of the information network system, the paradigms of "internet round" and "cyber" are given much weight in the notion of "market." Especially, the cyber shopping for the individuals is developing rapidly creating the new life style, and also in the domestic economy the cases of building and running the cyber shopping malls are increasing. The purpose of this study is to analyse the customers' shopping styles that can be shown when the customers purchase physical goods or digital goods at the B to C EC and find the way to activate the shopping malls by controlling the factors which influence the trade. The result of the study is as follows: First, to analyse the acting style of the customers at the B to C EC, it is searched whether there is any relationship between the purchasing goods, which are divided into physical goods and digital goods. There was a cross analysis between the first factor of the five factors of the purchase decision or delay at the B to C EC and the goods type. The result of the analysis is that the purchase decision factor is different according as what type of goods is purchased. On the other hand, the purchase delay factor has no relation with the goods type. Second, the fact that the cyber shopping activities are quite different according to sexuality, age, academic background, or occupation suggests that these factors are very important to the strategy for the market-specification of the B to C EC marketing construction. The result shown in this study is sure to give great help to figure out the improvement strategies and the market-specialization strategies to accelerate the B to C EC marketing. On the side of the strategies for the improvement of the goods services, more attention should be given to the functional side for the improvement of the reliability of the goods service such as capacity, technique, and quality. And the activities of the customers are so different according to the vital statistics that the way to cope with the changeability properly should be considered.

• Nuclear Engineering and Technology
• /
• v.50 no.5
• /
• pp.780-787
• /
• 2018

This article presents a security module based on a field programmable gate array (FPGA) to mitigate man-in-the-middle cyber attacks. Nowadays, the FPGA is considered to be the state of the art in nuclear power plants I&C systems due to its flexibility, reconfigurability, and maintainability of the FPGA technology; it also provides acceptable solutions for embedded computing applications that require cybersecurity. The proposed FPGA-based security module is developed to mitigate information-gathering attacks, which can be made by gaining physical access to the network, e.g., a man-in-the-middle attack, using a cryptographic process to ensure data confidentiality and integrity and prevent injecting malware or malicious data into the critical digital assets of a nuclear power plant data communication system. A model-based system engineering approach is applied. System requirements analysis and enhanced function flow block diagrams are created and simulated using CORE9 to compare the performance of the current and developed systems. Hardware description language code for encryption and serial communication is developed using Vivado Design Suite 2017.2 as a programming tool to run the system synthesis and implementation for performance simulation and design verification. Simple windows are developed using Java for physical testing and communication between a personal computer and the FPGA.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.4
• /
• pp.903-921
• /
• 2024

Industry 5.0 puts forward higher requirements for smart cities, including low-carbon, sustainable, and people-oriented, which pose challenges to the design of smart cities. In response to the above challenges, this study introduces the cyber-physical-social system (CPSS) and parallel system theory into the design of smart cities, and constructs a smart city framework based on parallel system theory. On this basis, in order to enhance the security of smart cities, a sustainable patrol subsystem for smart cities has been established. The intelligent patrol system uses a drone platform, and the trajectory planning of the drone is a key problem that needs to be solved. Therefore, a mathematical model was established that considers various objectives, including minimizing carbon emissions, minimizing noise impact, and maximizing coverage area, while also taking into account the flight performance constraints of drones. In addition, an improved metaheuristic algorithm based on ant colony optimization (ACO) algorithm was designed for trajectory planning of patrol drones. Finally, a digital environmental map was established based on real urban scenes and simulation experiments were conducted. The results show that compared with the other three metaheuristic algorithms, the algorithm designed in this study has the best performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06b
• /
• pp.465-470
• /
• 2010

현재 사이버 물리 시스템을 통해 IT와 교통, 항공, 의료, 화학등 많은 분야들이 융합되어 Cyber Element와 Physical Element가 상호 작용하는 대규모 시스템 구축에 많은 연구가 이루어 지고 있다. 하지만 정적인 제어 구조를 가진 기존 시스템들의 통합으로 인해 새롭게 구축되는 대규모 시스템은 복잡도가 크게 증가하여 제어 구조에 관한 명세가 새롭게 이루어져야 하는 문제가 발생하고 있으며 해결하기 위해 사이버 물리 시스템에서는 일시적인 동적 제어가 가능한 미들웨어에 대한 요구가 증가하고 있다. 이에 본 논문에서는 사이버 물리 시스템을 위한 장치 간 동적 제어를 제공할 수 있는 미들웨어를 개발하기 위하여 하위 계층에서는 Star형, 상위 계층에서는 Flat한 계층 구조를 가진 하이브리드 계층 구조를 제안한다. 또한 미들웨어 구성요소들에 대한 특성 및 기능을 정의하고, XML(eXtensible Markup Language)을 이용하여 다양한 상황과 각 구성요소들의 기능에 따라 확장성과 유연성 있는 제어 메시지를 설계한다.

• Annual Conference of KIPS
• /
• 2016.04a
• /
• pp.225-228
• /
• 2016

CPS(Cyber Physical System)는 사이버 세계(cyber world)와 물리적 세계(physical word)를 연결하여, 현실과 사이버의 정보를 융합 분석하고, 분석한 데이터를 현실에 Feedback 하는 자동적이고 지능적인 제어 시스템이다. 이러한 CPS는 빅데이터를 분석하여 사용자에게 알맞은 정보를 제공해 주며 딥러닝(Deep Learning)을 통해 정확하고 세밀한 Feedback을 제공하는 등 이종 복합 시스템 간의 고신뢰성과 실시간성을 보장하는 무결점 자율 제어 시스템으로 주목 받고 있다. 실생활에서는 의료, 헬스케어, 교통, 에너지, 홈, 국방, 재난대응, 농업, 제조 등에서 폭 넓게 사용되고 있다. 해외에서는 이와 같은 CPS를 이용해 한 분야에 세밀하게 접목시켜 발전을 도모하며, CPS에 의해 변혁되는 데이터 구동형 사회를 준비하고 있다. 하지만, 이러한 CPS를 사용할 때, 보안의 문제점으로 대규모 정전사태가 발생하고, 생명을 위협하는 등의 취약점 또한 드러나고 있어 이에 대한 보안의 중요성과 CPS의 적용분야를 파악하여 전반적인 보안 문제점을 분석하고자 한다.