Browse > Article

A Study on the Security Management for Critical Key Infrastructure(SCADA)  

Kim InJung (전자통신연구원)
Chung YoonJung (전자통신연구원)
Koh JaeYoung (전자통신연구원)
Won Dongho (성균관대학교 전기전자및컴퓨터공학부)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.30, no.8C, 2005 , pp. 838-848 More about this Journal
Abstract
Most of the national critical key infrastructure, such as power, piped gas and water supply facilities, or the high-speed railroad, is run on the SCADA system. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. Thus, it is time to adopt the relevant security management techniques. This paper attempts to propose such security management techniques, including information protection measures and troubleshooting, based on a risk analysis process concerning assets, threats/vulnerability, and hazards, and to examine the security management status of critical key infrastructure in the U.S. and Japan.
Keywords
SCADA; Risk Analysis; Asset; Vulnerability; Threat;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Dale Peterson, 'Intrusion Detection and Cybersecurity,' ISA-The Instrumentation Systems, and automation Society, http://www.isa.org, 1. May. 2004
2 Jason Stamp, John Dilinger, William Young, 'Common Vulnerabilities in Critical Infrastructure Control Systems,' White paper, Sandia National Laboratories, http://www. sandia.gov, 2003
3 김인중, 정윤정, 민병길, 박중길, 'SCADA 시스템과 정보망의 연동을 위한 위험분석 연구,' 한국정보처리학회 춘계학술대회논문집, 2004. 5
4 바다란, 'Critical Alert for Cyber Terror Security for Nation Infrastructure(SCADA & DCS), White paper. 2002년 10월
5 한국산업정보보안학회, 산업정보보안정책세미나 및 추계학술대회논문집, 2003년 11월 20일
6 博之, 田中, 克巳 岡, 文一, Requirements for high reliability and high security plant control system,' White paper Information-technology Promotion Agency, http://www.ipa. go.jp, 2000
7 연합뉴스, '보안업계, 알카에다 사이버테러 대비 강화', 2004년 10월
8 국가사이버안전센터, '국가사이버안전메뉴얼', 2004
9 국가보안기술연구소, http://www.nsri.re.kr
10 비상기획위원회, http://www.epc.go.kr
11 국가정보원, 국가사이버안전메뉴얼, 2004
12 William New, 'Reports shows holes in cybersecurity plan', Daily berifing, June 21, 2004. http://www.govexec.com/story_page.cfm?articleid=28790&printerfriendly Vers=1&
13 일본정보처리추진기구, '일본 전력의 중요 인프라시설 방어연습에 관한 조사보고서,' 2004. 8
14 국가사이버안전센터, http://www.ncsc.go.kr
15 국가정보원, '2004 국가정보보호백서', 2004
16 White House, 'the National Strategy to Secure Cyberspace,' Feb. 2003. http://www. whitehouse.gov/pcipb/cyberspace_strategy. pdf
17 NERC board, 'Renewal of Urgent Action Cyber Security Standard', June 2, 2004. http:// www.nerc.net
18 Jonathan Pollet, 'Developing a Solod SCADA Security Strategy,' Sicon02, Nov 2002
19 The Office of Energy Assurance for the U.S. DoE, '21 Steps to improve Cyber Security of SCADA Networks,' 19, Sep. 2002. http://oea.dis.dis.gov/documents/21StepsBooklet. pdf
20 Ron Derynck, 'Securing Critical Industrial Networks,' Verano white paper, 2004. http://www.verano.com
21 김인중, 정윤정, 민병길, 박중길, 'SCADA 시스템 보안을 위한 기술연구,' 국가보안기술연구소 기술문서. 2004. 6
22 Jonathan Pollet, 'Safety Considerations for SCADA/DCS Cyber Attacks,' ISA-The Instrumentation Systems, and automation Society, 1. Nov. 2003. http://www.isa.org
23 David L. Fraley, 'Cyberwarfare: VoIP and Convergence Increase Vulnerability, 'Gartner Report, 13 January 2004. http://www. gertnder.com
24 Dana A. Shea, 'CRS report for Congress Critical Infrastructure: Control Systems and the Terrorist Threat,' Congressional Research Service, July 14, 2003. http://www.usembassy. it/pdf/other/RL31534.pdf
25 GAO, 'Critical Infrastructure Protection : Challenge and Efforts to Secure Control Systems,' http://www.gao.gov, Mar. 2004
26 박장환, '필드버스 입문,' 도서출판 동서, 2000. 1. 28
27 White House, 'The Physical Protection of Critical Infrastructures and Key Assets,' Feb. 2003
28 국가정보원, http://www.nis.go.kr
29 Ron Derynck, 'Cyber-Security and System Integrity for Transportation Networks,' Verono White paper, 2004
30 Zhaoxia Xie, G. Manimaran, A.G. Phadke, Virgilio Centeno, 'An Information Architechure for Future Power Systems and Its Reliability Analysis,' IEEE Trans. Power Systems, VOL. 17, No3, AUG. 2002
31 디지털타임즈, 국가사이버테러대응체계가동, 2003. 12. 16
32 김인중, 정윤정, 박중길, 원동호, '상호연동 기반의 SCADA 시스템에 대한 보안위험분석 프로세스,' 한국통신학회 하계학술대회논문집, 2004.7
33 Hamoud, G. Chen, R.-L. Bradley, I. 'Risk assessment of power systems SCADA,' Power Engineering Society General Meeting, 2003, IEEE
34 소방방재청, http://www.nema.go.kr
35 Ebata, Y. Hayashi, H. Hasegawa, Y. Komatsu, S. Suzuki, K., 'Devekoment of the Internet-based SCADA for Power System,' Power Engineering Society Winter Meeting, 2000. IEEE
36 PCSCS, '2004 Proposal: Process Control System Cyber Security Forum - An Infrastructure Industry Forum and Initiative,' http://www.pcscs.org, 2004
37 Douglas, Edward, 'The status report on the US preparation for measures against cyber terrorism,' http://www.ipa.go.jp, 2000