해양환경안전학회지 (Journal of the Korean Society of Marine Environment & Safety)

  • 제26권7호
  • /
  • Pages.830-837
  • /
  • 2020
  • /
  • 1229-3431(pISSN)
  • /
  • 2287-3341(eISSN)
해양환경안전학회 (The Korean Society of Marine Environment and safety)
권호 표지
DOI QR코드

DOI QR Code

선박 사이버보안 책임자를 위한 교육과정 개발에 관한 연구

A Study on the Development of a Training Course for Ship Cyber Security Officers

  • 투고 : 2020.10.12
  • 심사 : 2020.12.28
  • 발행 : 2020.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

정보통신기술의 발전에 따라 선박과 육상 간의 정보교환은 더욱 빠르고 편리해졌으나 선박정보에 대한 접근이 용이해져 사이버보안 공격에 대한 우려도 커지고 있다. 선박이 사이버 공격의 피해를 입게 되면 복구하는데 막대한 비용과 시간 손해가 발생하며, 해사 산업계는 선박 사이버보안 책임자를 지정하여 보안관리 업무를 담당할 것을 요구하고 있다. 공격의 피해를 줄이고 효과적인 대응을 위하여 선박 사이버보안 책임자를 위한 전문적 교육과정이 필요하다. 이 연구의 목적은 선박 사이버보안 책임자 교육과정과 법제정비 필요성 제시에 있으며, 이를 위해 국내외 동향 및 사고사례, 주요 사이버보안 교육과정을 조사하였다. 조사결과를 바탕으로 선박 사이버보안 책임자에게 필요한 표준교육과정을 개발하였고 관련 법제정비의 방향성을 제시하였다. 연구의 결과는 향후 선박 사이버보안 책임자 교육과정을 개설하는데 기초자료로 활용될 수 있다.

With the rapid development of information and communication technology, information exchange between ships and shore has become faster and more convenient, However, accessing ship information has also become easier and concerns about cyber security attacks are growing. When a ship suffers a cyber-attack, it may cause considerable damage and incurs enormous costs and time to repair. In response to this threat, the maritime industry now demands that a cyber security officer be assigned to each ship to take charge of cyber security management onboard. In order to reduce the damage cause by an attack and to respond effectively, a specialized training course for the ship's cyber security officer is required. The purpose of this study was to present a training course for the position of the ship's cyber security officer, and to highlight the necessity of amending current legislation, To this end, domestic and foreign trends, ship cyber security incident cases, and cyber security training courses were investigated, and based on the results a standard training course for a ship's cyber security of icer was developed. Additionally, recommendations on the related amendments to legislation ware established. The results of the study can be used as basic data to establish future training courses for cyber security officers.

키워드

참고문헌

  1. BIMCO(2018a), The Guidelines on Cyber Security Onboard Ships, Ver. 3, Annex 4 Glossary, pp. 50-52.
  2. BIMCO(2018b), The Guidelines on Cyber Security Onboard Ships, Ver. 3, pp. 10-11.
  3. IET(2017), Code of Practice Cyber Security for ships, The Institution of Engineering and Technology, pp. 27-29.
  4. IMO(2014), MSC 94th session, 17-21 November 2014, Cyber security matters considered.
  5. IMO(2015), MSC 95th session, 3-12 June 2015, Cyber Security matters referred to MSC 96 and FAL 40.
  6. IMO(2016), MSC 96th session, 11-20 May 2016, Cyber Security - interim guidelines approved.
  7. IMO(2017), Resolution MSC.428(98), Maritime Cyber Risk Management in Safety Management Systems.
  8. Jo, Y. H. and J. M. Kang(2018), Prospects of cyber security risks of autonomous ships, Institute of Information & Technology Planning & Evaluation, Weekly ICT Trends Vol 1863, 12 Sep 2018, pp. 21-24.
  9. Jo, Y. H. and Y. K. Cha(2019), A Study on Cyber Security Requirements of Ship Using Threat Modeling, Korea Institute of information Security And Cryptology, pp. 661-662.
  10. KMI(2019), A Study on Strengthening to cybersecurity System in the Maritime Sector, p. 39.
  11. KR(2017), Guidelines of Maritime Cybersecurity, Ver 1.0.
  12. KR(2020a), KR Maritime Cyber Security, News from KOREAN REGISTER, Vol 029, pp. 7-11.
  13. KR(2020b), Korean Register Champ, Consortium for HRD Ability Magnified Program, Retrieved from http://champ.krs.co.kr/applyView.do, on Oct 10.
  14. KR(2020c), KR launches a cyber security training tool KR-CS++ 2020', News and Press Releases, Retrieved from http://www.krs.co.kr/, on Oct 10.
  15. Lee, H. K. and O. J. Kwon(2020), The UK Insurance Industry's Response to maritime Cyber Risk and It's Implications, Korean Insurance Law Association, Vol. 14, No 2, pp. 237-238.
  16. NARK(2020), The National Assembly of the Republic of Korea, Bill Information, Retrieved from http://likms.assembly.go.kr/bill/billDetail.do?billId=PRC_L1Z6M0L5M3W0U1W4T2M8K4L3S5I0Y2, on Oct 10.
  17. NIST(2019), National Institute of Standards and Technology, NIST SP 800-128, Guide for Security-Focused Configuration Management of Information System, Appendix B GLOSSARY, B-8.
  18. NLIC(2020), The National Law Information Center, Retrieved from http://www.law.go.kr/, on Oct 10.
  19. OCIMF(2017), TMSA3 Fast Facts, p. 2.
  20. RIGHTSHIP(2017), FO D06 Inspection and Assessment Report For Dry Cargo Ships, Rev 11, 11 May 2017, p. 8.
  21. Shaw, N. and C. Ayerst(2017), The UK's Cyber Security Code of Practice for Ships, Reed Smith, Oct 2017, p. 10.