Browse > Article
http://dx.doi.org/10.3837/tiis.2016.02.023

The Reality and Response of Cyber Threats to Critical Infrastructure: A Case Study of the Cyber-terror Attack on the Korea Hydro & Nuclear Power Co., Ltd.  

Lee, Kyung-bok (Graduate School of Information Security, Korea University)
Lim, Jong-in (Graduate School of Information Security, Korea University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.10, no.2, 2016 , pp. 857-880 More about this Journal
Abstract
Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.
Keywords
critical infrastructure protection; national cybersecurity; cyber terror; cyberattack; case study;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Nicolas Falliere, Liam O Murchu and Eric Chien, "White Paper of Symantec Security Response," W32.Stuxnet Dossier, version 1.4, February, 2011. Article (CrossRef Link)
2 Center for Preventive Action of Council on Foreign Relations (CPA-CFR), Preventive Priorities Survey, 2011-2015. Article (CrossRef Link)
3 Michael N. Schmitt, “Tallinn Manual on the International Law Applicable to Cyber Warfare,” Cambridge University Press, New York, March, 2013.
4 ISO/IEC JTC 1 SC 27, ISO/IEC 27005:2011(E) Information technology - Security techniques - Information security risk management, Second Edition, June 1, 2011.
5 Myriam Dunn Cavelty, “Cyber-Terror - Looming Threat or Phantom Menace? The Framing of the US Cyber-Threat Debate,” Journal of Information Technology and Politics, vol. 4, issue 1, pp. 19-36, October, 2008. Article (CrossRef Link)   DOI
6 Nir Kshetri, “Cyberwarfare in the Korean Peninsula: Asymmetries and Strategic Responses,” East Asia, vol. 31, issue 3, pp. 183-201, September, 2014. Article (CrossRef Link)   DOI
7 Michael Stohl, “Cyber terrorism: A Clear and Present Danger, The Sum of All Fears, Breaking Point or Patriot Games?,” Crime, Law and Social Change, vol. 46, issue 4-5, pp. 223-238, December, 2006. Article (CrossRef Link)   DOI
8 Dakota L. Wood, “2015 Index of U.S. Military Strength: Assessing America’s Ability to Provide for the Common Defense,” The Heritage Foundation, Washington DC, 2015. Article (CrossRef Link)
9 Jong In Lim, You-joong Kwon, GyeHyun Jang and Seung-Jo Baek, “North Korea’s Cyber War Capability and South Korea’s National Counterstrategy,” The Quarterly Journal of Defense Policy Studies, vol. 29, no. 4, pp. 9-45, Winter, 2013. Article (CrossRef Link)
10 Rhea Siers, “North Korea: The Cyber Wild Card,” Journal of Law and Cyber Warfare, vol. 4, issue 1, pp. 1-12, Winter, 2014. Article (CrossRef Link)
11 Richard A. Clarke and Robert Knake, “Cyber War: The Next Threat to National Security and What to Do About It,” HarperCollins, New York, 2010.
12 Joseph Menn, “Exclusive: U.S. Tried Stuxnet-style Campaign Against North Korea but Failed - sources,” Reuters, May 29, 2015. Article (CrossRef Link)
13 Kyung-Ae Kim, “[Exclusive] KHNP, 10,799 Employees’ Personal Information leaked!,” BoanNews, December 17, 2014. Article (CrossRef Link)
14 “Government Combined Investigation Unit on Personal Information Crime of ROK,” Interim Investigation Report of the KHNP Cyber-terror, March 17, 2015.
15 Kenneth Geers, Darien Kindlund, Ned Moran and Rob Rachwald, “WORLD WAR C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks,” FireEye's Annual and Regional Threat Reports, September 30, 2013. Article (CrossRef Link)
16 Katharina Krombholz, Heidelinde Hobel, Markus Huber and Edgar Weippl, “Advanced Social Engineering Attacks,” Journal of Information Security and Applications, vol. 22, pp. 113-122, June, 2015. Article (CrossRef Link)   DOI
17 Aditya K. Sood and Richard J. Enbody, “Targeted Cyberattacks: A Superset of Advanced Persistent Threats,” IEEE Security and Privacy, vol. 11, issue 1, pp. 54-61, Jan.-Feb., 2013. Article (CrossRef Link)
18 Chris W. Johnson, “Anti-social Networking: Crowdsourcing and the Cyber Defence of National Critical Infrastructures,” Ergonomics, vol. 57, issue 3, pp. 419-433, 2014. Article (CrossRef Link)   DOI
19 Rabiah Ahmad and Zahri Yunos, “A Dynamic Cyber Terrorism Framework,” International Journal of Computer Science and Information Security, vol. 10, no. 2, pp. 149-158, February, 2012. Article (CrossRef Link)
20 Dmitry Tarakanov, “The “Kimsuky” Operation: A North Korean APT?,” Securelist, September 11, 2013. Article (CrossRef Link)
21 Trend Micro, "MBR Wiper Attacks Strike Korean Power Plant," TrendLabs Security Intelligence Blog, December 23, 2014. Article (CrossRef Link)
22 Jungje Ri, “Slanderous <NK Hacking> Rumor Full of Absurd <Evidence>,” Uriminzokkiri, March 17, 2015. Article (CrossRef Link)
23 Ilchul Chae, “Cyber Terrorism is Absolutely Not Tolerated,” Rodong-Sinmun, June 9, 2015. Article (CrossRef Link)
24 Michael N. Schmitt, “Cyber Operations and the Jus Ad Bellum Revisited,” Villanova Law Review, vol. 56, issue 3, pp. 569-605, November, 2011. Article (CrossRef Link)
25 Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, United Nations General Assembly A/68/98, June 24, 2013.
26 Nohyoung Park and Myunghyun Chung, “Basic Concepts of Cyber Warfare in International Law: Focusing on the Tallinn Manual,” The Korean Journal of International Law, vol. 59, no. 2, pp. 65-93, June, 2014. Article (CrossRef Link)
27 Michael N. Schmitt, “Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework,” Columbia Journal of Transnational Law, vol. 37, pp. 885-937, 1998-1999. Article (CrossRef Link)
28 Board of Audit and Inspection of ROK, Audit and Inspection Report - Crisis Management of National Critical Infrastructure (Focusing on Nuclear Safety, Drinking Water and Oil.Gas), December, 2012.
29 James B. Michael, Thomas C. Wingfield and Duminda Wijesekera, "Measured Responses to Cyber Attacks Using Schmitt Analysis: A Case Study of Attack Scenarios for a Software-Intensive System," in Proc. of the 27th Annual International Computer Software and Applications Conference, pp. 622-626, November 3-6, 2003. Article (CrossRef Link)
30 Min-Jung Paik, “Application of Tallinn Manual to KHNP Cyber-terror,” Northeast Asia Strategic Analysis, pp. 1-4, May 12, 2015.
31 Standing Auditor of KHNP, 2013 Annual Audit Report, March, 2014.
32 Standing Auditor of KHNP, 2014 Annual Audit Report, March, 2015.
33 KHNP, 2013 Parliamentary Audit - Correction.Handling Requirements and Action Plan, July, 2014.
34 Tae Kyung Ha, “Ha Tae Kyung, <KHNP Nuclear Power Plants Security Status> Confirmation of Overall Insufficiency,” Press Release, November 2, 2014.
35 Standing Auditor of KHNP, Request for Penalty as per Audit Result - Inspection of Information Management and Use of Internet Network, March, 2015.
36 Won Sik Choi, "Inquiry Material to Nuclear Safety and Security Commission," 2014 Parliamentary Audit - Science, ICT, Future Planning, Broadcasting and Communications Committee, October 8, 2014.
37 Antony Bridges, “Industrial Control Systems: The Human Threat,” in Christopher Laing, Atta Badii and Paul Vickers, Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection, IGI Global, Pennsylvania, pp. 82-104, December, 2012. Article (CrossRef Link)
38 Eirik Albrechtsen and Jan Hovden, “Improving Information Security Awareness and Behaviour Through Dialogue, Participation and Collective Reflection. An Intervention Study,” Computers and Security, vol. 29, issue 4, pp. 432-445, June, 2010. Article (CrossRef Link)   DOI
39 John D’Arcy and Anat Hovav, “Deterring Internal Information Systems Misuse,” Communications of the ACM, vol. 50, no. 10, pp. 113-117, October, 2007. Article (CrossRef Link)   DOI
40 Michael E. Whitman, “Enemy at the Gate: Threats to Information Security,” Communications of the ACM, vol. 46, no. 8, pp. 91-95, August, 2003. Article (CrossRef Link)   DOI
41 Geun-hye Kim, Kyung-bok Lee and Jong-in Lim, “CBMs for Cyberspace Beyond the Traditional Security Environment: Focusing on Features for CBMs for Cyberspace in Northeast Asia,” Korean Journal of Defense Analysis, vol. 27, no. 1, pp. 87-106, March, 2015. Article (CrossRef Link)
42 Injung Kim, "Status and Outlook of North Korea's Cyber Terror," in Proc. of the 2015 Joint Conference Between Institute for National Security Strategy and National Security Research Institute: North Korea's Cyber-terrorism Threats and Countermeasures, pp. 25-46, March 31, 2015. Article (CrossRef Link)