DOI QR코드

DOI QR Code

국가 사이버 역량평가 모델을 활용한 국내 사이버안보 정책 의제 도출 연구

A study on national cybersecurity policy agenda in Korea using national cyber capability assessment model

  • 투고 : 2021.07.06
  • 심사 : 2021.08.20
  • 발행 : 2021.08.28

초록

국가 사이버 역량평가는 국가 차원의 사이버역량 강화를 위해 필요한 요소와 그에 대한 국가별 수준에 대한 정보를 제공하기 때문에 국가 사이버안보 정책 개선을 위한 기초자료로 활용할 수 있다. 그러나 그간 우리나라를 평가대상국으로 포함하여 평가를 진행한 다양한 평가결과로부터 국내 사이버역량 개선을 위한 정책적 분석은 다소 부족하였다. 이에 본 논문에서는 미국 하버드 대학의 벨퍼센터에서 수행한 국가 사이버 추진력 지수(NCPI)의 평가결과에 대해 IPA(Importance-Performance Analysis) 기법을 변형·적용해봄으로써 우리나라 사이버안보 정책 개선 방안을 도출하고자 하였다. 분석 결과, 우리나라는 공격과 감시 목적의 사이버 기능 활용에 관한 정책 의제 형성이 필요하고, 인텔리전스와 방어에 관한 정책의 실효성을 향상하기 위한 노력이 필요하다는 결론을 얻을 수 있었다. 또한, 관련 정책 의제를 다루는 국내외 연구사례를 살펴봄으로써 정책개선 방향을 제시하며, 각 정책개선 방향에 관한 심층 연구를 추진할 것을 향후 과제로 제안하였다. 나아가 국가 사이버 역량평가 모델의 정책 분석적 활용을 향상하기 위해서는 국내 실정을 반영하는 자체 모델 개발·활용이 필요하며, 이때 본 연구에서 제안한 평가결과 분석 방안을 활용할 수 있을 것으로 기대한다.

The National Cyber Capability Assessment(NCCA) could be used as meaningful information for improving national cyber security policy because it provides information on the elements necessary for strengthening national cyber capabilities and the level of each country. However, there were few studies on improving cyber capabilities using the NCCA result in Korea. Therefore, we analyzed the result of National Cyber Power Index(NCPI) conducted by Belfer Center of Harvard Univ. by applying modified-IPA method to derive cybersecurity policy agendas for Korea. As a result, the need to set agendas on surveillance and offensive cyber capability and improve the effectiveness of policy implementation for intelligence and defense was drawn. Moreover, we suggested need for in-depth study of each policy agenda deduced from preceding research data as a future tasks. And it is expected to increase practical use of NCCA for domestic policy analysis by developing and using our own NCCA model which considered analysis framework proposed in this study.

키워드

참고문헌

  1. International Telecommunication Union. (2021). Global Cybersecurity Index 2020. Geneva : ITU.
  2. University of Oxford Global Cyber Security Capacity Centre. (2016). Cybersecurity Capacity Maturity Model for Nations (CMM) Revised Edition. Oxford : University of Oxford.
  3. M. Hathaway, C. Demchak, J. Kerben, J. McArdle & F. Spidalieri. (2015) Cyber Readiness Index 2.0 - A plan for cyber readiness : A baseline and an index, Arlington Country : Photomac Institute for Policy Studies.
  4. Australian Strategic Policy Institute. (2017). Cyber maturity in the Asia-Pacific region 2017. Barton : ASPI
  5. Harvard Kennedy School Belfer Center. (2020). National Cyber Power Index 2020-Methodology and Analytical Considerations. Cambridge.
  6. A. Schwerzennach, J. Voo, I. Hemani, S. Jones, W. DeSombre & D. Cassidy. (2020). Codebook_NCPI_2020. Cambridge : Harvard Kennedy School Belfer Center for Science and International Affairs. DOI : 10.7910.DVN.LT55JY
  7. S. E. Min. (2016). Understanding Matrix Analysis As a Qualitative Analysis Methods. Journal of Qualitative Inquiry, 2(2). 161-191.
  8. D. Y. Lee & K. H. Kim. (2021). Information Analysis Framework for Supporting Evidence-based Research and Development Policy: Practical Considerations for Rationality in the Policy Process. Information Policy, 28(1). 77-93.
  9. J. A. Martilla & J. C. James. (1977) Importance-Performance Analysis. Journal of Marketing, 31. 77-79.
  10. C. O. Jones. (1984). An Introduction to the Study of Public Policy. Monterey, CA : Brooks/Cole.
  11. K. H. Park. (2021). Cybersecurity manpower shortage.. Need to secure AI convergence security technology. Information Telecommunication News(Online), https://www.koit/co.kr/news/articleView.html?dxno=83972
  12. S. Hong. (2018). A Study on the Framework of Comparing New Cybersecurity Wrokforce Development Policy Basled on the ATE Programs of U.S.. Journal of The Korea Institute of Information Security & Cryptology, 28(1). 249-267. DOI : 10.13089/JKIISC.2018.28.1.249
  13. S. Hong & J. Kim. (2020). A Study on the Laws and Regulations in Korea through the Analysis of Cybersecurity Workforce Developing Laws and Regulations in U.S.. Journal of The Korea Institute of Information Security & Cryptology, 30(1), 123-139. DOI : 10.13089/JKIISC.2020.30.1.123
  14. J. Ji, S. Park, H. Yu & H. Chang. (2018). A Study on the Design of Re-training Courses for Nurturing Cybersecurity Professionals from Other Occupational Groups. Convergence security journal, 18(1), 43-60.
  15. K. H. Lee & H. T. Kim. (2017). Measures for Training Military Information Security Professional Personnel for Cyber Security. Convergence security journal, 17(2). 145-151. DOI : 10.22693/NIAIP.2021.28.1.077
  16. N. S. Chang & S. K. Cho. (2010). Concept of Intelligence and the Role of Intelligence Agency. National Security and Strategy, 10(4). 33-76.
  17. National Institute of Standards and Technology(NIST). (2017). National Initiative for Cybersecurity Education(NICE) Cybersecurity Workforce Framework. DOI : 10.6028/NIST.SP.800-181
  18. Executive Office of the President of U.S. (2019). America's Cybersecurity Workforce (Executive Order 13870 of May 2, 2019).
  19. Y. H. Jeon. (2017). A Study on the Security Modeling of Internet of Things(IoT). Journal of Korean Institute of Information Technology, 15(2). 7-27. DOI : 10.14801/jkiit.2017.15.12.17
  20. D. Lee & N. Park. (2017). Proposal of Technology and Policy Post-Security Management Framework for Secure IoT Environment. The Journal of Korean Institute of Information Technology, 15(4). 127-138. DOI : 10.14801/JKIIT.2017.15.4.127
  21. D. Lee & N. Park. (2017). Institutional Improvements for Security of IoT Devices. Journal of the Korea Institute of Information Security & Cryptology, 27(3), 607-615. DOI : 10.13089/JKIISC.2017.27.3.607
  22. S. B. Kim. (2017). Cybersecurity Strategies of Major Powers in World Politics: From the Comparative Perspective of National Strategies. Journal of International Area Studes, 26(3), 67-108.
  23. Department of Defense(DoD). (2011). Department of Defense Strategy for Operating in Cyberspace. https://csrc.nist.gov/CSRC/media/Projects/ISPAB.documents/COC-Strategy-for-Operating-in-Cyberspace.pdf.
  24. Joint Chiefs of Staff. (2013). JP 3-12 Cyberspace Operations. https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_12.pdf
  25. The department of defense(DoD). (2015). DoD Cyber Strategy. https://archive.defense.gov/home/features/2015/0415_cyber-strategy/final_2015_dod_cyber_strategy_for_web.pdf
  26. The department of defense(DoD). (2018). Department of defense cyber strategy 2018, https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FIANL.PDF
  27. Cabinet office. (2016). National cyber security strategy 2016 to 2021, https://www.gov/uk/goverment/publications/national-cyber-security-strategy-2016-to-2021
  28. Ministry of Defence. (2021). Defence in a Competitive age. https://www.gov/uk/government/publications/defence-in-a-competitive-age
  29. Net Politics & Digital and Cyberspace Policy Program. (2018). Germany develops offensive cyber capabilities without a coherent strategy of what to do with them. Councile Foreign Relations(CFR, Online), https://www.cfr.org/blog/germany-develops-offensive-cyber-capabilities-without-coherent-strategy-what-do-them
  30. A. Laudrain. (2019). France's new offensive cyber doctrine. LAWFARE(Online), https://www.lawfareblog.com/frances-new-offensivecyber-doctrine
  31. Atlantic Council. (2012). Germany reveals offensive cyberwarfare capability. https://www.atlanticcouncil/orgblogs/natosource/germany-reveals-offensive-cyberwarfare-capability/
  32. H. Kim & M. Kim. (2017). The Act on Anti-Terrorism in the Age of Big Data and Mass Surveillance. Journal of Cybercommunication Academic Society, 34(3). 41-89.
  33. S. G. Hwang. (2019). A Proposal for Reform and Problems of Cybersecurity-related Legal System. Journal of Law & Economic Regulation, 12(1). 44-61. DOI : 10.22732/CeLPU.2019.12.144
  34. J. Lee. (2020). Digital Surveillance 2020. 2020 KISA REPORT, 12. 1-15.
  35. H. D. Kwon. (2020). Protection the rights of the people against the secret service activities -Focusing on German Legislation-. Chung-Ang Journal of Legal Studies, 44(1). 5-37.
  36. J. M. Kang, H. U. Hwang, J. M. Lee, Y. T. Yun, B. C. Bae & S. Y. Jung. (2012). A Study on National Cyber Capability Assessment Methodology. Journal of the Korea Institute of Information Security and Cryptology, 22(5), 1039-1055. https://doi.org/10.13089/JKIISC.2012.22.5.1039
  37. S. Bae, S. Park & S. J. Kim. (2015). A study on the development for the national cybersecurity capability assessment criteria. Journal of the Korea Institute of Information Security & Cryptology, 25(5), 1293-1314. https://doi.org/10.13089/JKIISC.2015.25.5.1293