Electronics and Telecommunications Trends (전자통신동향분석)

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Market Performance of Major Companies in Cybersecurity and Policy Trends in Information and Communication Technology Supply Chain

사이버 보안 분야 주요 기업의 시장 성과와 ICT 공급망 관련 정책 동향

  • C.M. Ahn ;
  • Y. Yoo
  • 안춘모 (기술경제연구실) ;
  • 유영상 (기술경제연구실)
  • Published : 2024.06.01
Download PDF
⟨ Previous Next ⟩

Abstract

Cyberthreats and crimes have become common in society and demand the adoption of robust security measures. Financial cybercrimes, personal information breaches, and spam messages are now prevalent, while companies and nations face an increasing number of cyberthreats and attacks such as distributed denial of service, ransomware, and malware. As the overall socioeconomic landscape undergoes digitalization powered by big data, cloud computing, and artificial intelligence technologies, the importance of cybersecurity is expected to steadily increase. Developed nations are actively implementing various policies to strengthen cybersecurity and providing government support for research and development activities to bolster their domestic cybersecurity industries. In particular, the South Korean government has designated cybersecurity as one of the 12 nationwide strategic technology sectors. We examine the current landscape of cybersecurity companies and the information and communication technology supply chain, providing insights into the domestic cybersecurity market and suggesting implications for South Korea.

Keywords

Acknowledgement

본 연구는 한국전자통신연구원 연구운영지원사업의 일환으로 수행되었음[24ZF1100, 국가 지능화 기술정책 및 표준화 연구].

References

  1. IT World, "'누가, 언제, 무엇을 해킹했는가' 솔라윈즈 공급망공격 타임라인," 2021. 4. 7.
  2. 소만사, "DarkSide 랜섬웨어 - 미 석유공급 기업 '콜로니얼파이프라인' 공격 및 마비 초래," 2021. 6.
  3. 과학기술정보통신부 보도자료, "추격자를 넘어 초격차로, 12대 국가전략기술 로드맵 완성 및 핵심 프로젝트 선정," 2024. 2. 1.
  4. 백악관, National Cybersecurity Strategy, 2023. 3.
  5. EU, NIS 2 Directive: Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148, 2022. 12. 14.
  6. EU, Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC, 2022. 12. 14.
  7. EU, Cyber Resilience Act, 2022. 9. 15., https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
  8. The White House, Executive Order 14028: Improving the Nation's Cybersecurity, 2021. 5. 12.
  9. CompaniesMarketCap 홈페이지, https://companiesmarketcap.com/it-security/largest-companies-by-market-cap/#
  10. KISA, 사이버 대연합 보고서, 2023. 10. 20.
  11. Failory, Top 62 Cyber Security Unicorns in 2024, 2024. 1. 22., https://www.failory.com/startups/cyber-security-unicorns#26-kaseya
  12. 조선일보, "시스코, 스플렁크 37조원에 인수," 2023. 9. 22.
  13. CSO, Top Cybersecurity M&A Deals for 2023, Dec. 15, 2023., https://www.csoonline.com/article/574521/top-cybersecurity-manda-deals-for-2023.html
  14. 이코노미스트, "보안 강화하는 구글, 54억 달러에 맨디언트 인수," 2022. 3. 10., https://economist.co.kr/article/view/ecn202203100080
  15. OMDIA, Cybersecurity Mergers & Acquisition Tracker - 3Q23, 2023. 10.
  16. 보안뉴스, "다시 돌아가는 보안기업 상장 시계...정부 보안산업 투자로 상승세," 2023. 9. 15.
  17. 보안뉴스, "사이버 보안 상장기업 20곳 2022년 매출 분석해보니...85% 매출 증가," 2023. 4. 17.
  18. 서울경제, "美 카세야도 당했다...러 연계 해커 랜섬웨어 공격," 2021. 7. 4.
  19. 보안뉴스, "로그4셸 공격 건수 분석해보니...Log4j 취약점 공격은 현재진행형!," 2022. 5. 5.
  20. ISO/IEC 28001:2007, Security Management Systems for the Supply Chain.
  21. UNIDIR, Supply Chain Security in the Cyber Age: Sector Trends, Current Threats and Multi-Stakeholder Responses, 2000.
  22. 연합뉴스, "러 미국 기업 공격 러 해킹그룹 '레빌' 소탕, 조직원수사," 2022. 1. 14.
  23. White House, The President's Executive Order (EO) 14028 on Improving the Nation's Cybersecurity, 2021. 5. 12.
  24. NIST, Definition of Critical Software Under Executive Order (EO) 14028, 2021. 10. 13.
  25. NIST, Recommended Minimum Standards for Vendor or Developer Verification (Testing) of Software Under Executive Order (EO) 14028, 2021. 7. 7.
  26. NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities, 2022. 2.
  27. NIST, Software Supply Chain Security Guidance Under Executive Order (EO) 14028 Section 4e, 2022. 2. 4.
  28. NIST, Cybersecurity Labeling for Consumers: Internet of Things (IoT) Devices and Software, Created Jul. 8, 2021, 2022. 2. 4.
  29. NIST SP 800-161 Rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, 2022. 5.
  30. OMB M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices, 2022. 9. 14.
  31. CISA, Secure Software Development Attestation Form, 2024. 3. 18.
  32. https://www.european-cyber-resilience-act.com/
  33. NISC, 사이버 시큐리티 전략(각의결정), 2021. 9. 28.
  34. NISC, 사이버 시큐리티 2023 (2022년도 연차 보고.2023년도 연차 계획), 2023. 7. 4.
  35. 행정안전부, KISA, "전자정부 SW 개발.운영자를 위한 소프트웨어 개발보안 가이드," 2021. 11.
  36. 국가안보실, "국가 사이버안보 전략," 2019. 4.
  37. 관계부처 합동, 국가 사이버안보 기본계획, 2019. 9. 3.
  38. 과학기술정보통신부, K-사이버방역 추진전략, 2021. 2.
  39. 과학기술정보통신부, 제로트러스트 공급망 보안 정책포럼 발족식, 2022. 10. 26.
  40. 전자신문, "과기정통부, SW공급망 보안체계 실증사업 착수," 2023. 6. 27.
  41. 과학기술정보통신부, 정보보호산업의 글로벌 경쟁력 확보 전략, 2023. 9.
  42. 데이터넷, "쿤텍.ETRI, 펌웨어 분석 활용 BoM 기술로 HW 공급망 보호," 2022. 7. 21.
  43. 국가안보실, "국가 사이버안보 전략," 2024. 2.
  44. 김권일, 김지원, "4차 산업혁명 기술 도입에 따른 하드웨어 공급망 위협과 대응 방안," 한국산업보안연구, 제10권 제2호, 2020.