Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.2.241

Cyber Security Framework for Critical Infrastructure  

Kwon, Sungmoon (Department of Computer Engineering, Ajou University)
Lee, Seokcheol (Department of Computer Engineering, Ajou University)
Jang, Jiwoong (Korea Power Exchange)
Shon, Taeshik (Department of Cyber Security, Ajou University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.2, 2017 , pp. 241-250 More about this Journal
Abstract
Contrary to past critical infrastructure network, current critical infrastructure network is adopting IoT devices and efficient management system using the external networks. Using this system, productivity and management efficiency could be enhanced compared to past critical infrastructure network. But cybersecurity issue could be occurred at external network connection, so cybersecurity guideline is necessary. However, critical infrastructure organizations tend to use the cybersecurity guideline issued by government because it is hard to develop cybersecurity guideline on their own. But the government's cybersecurity guideline isn't suitable for the critical infrastructure network because it doesn't include critical infrastructure's specific characteristics. Therefor, we suggested the development method of cybersecurity guideline for the critical infrastructure network based on analysing cybersecurity guideline standards and critical infrastructure networks.
Keywords
Cybersecurity Guideline; Cybersecurity Framework; Critical Infrastructure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Industrial Control Systems Cyber Emergency Response Team, "NCCIC/ICS-CERT Year in Review FY 2015"
2 National Institute of Standards and Technology, "Framework for Improving Critical Infrastructure Cybersecurity", Feb. 2014
3 Jason D. Christopher, Foward Muneer, et al. "Cybersecurity Capability Maturity Model Facilitator Guide", The Department of Energy, Feb. 2014
4 North American Electric Reliability Corporation, "Reliability Standards for the Bulk Electric Systems of North America", Apr. 2015
5 Center for Internet Security, "The CIS Critical Security Controls for Effective Cyber Defense", Oct. 2015
6 Ronald S. Ross, Gary Stoneburner, et al. "Security and Privacy Control for Federal Information Systems and Organizations", National Institute of Standards and Technology, Apr. 2013
7 Yoojae Won, Dongmyung Shin, et al. "IPv6 security management guide", Korea Internet & Security Agency, Feb. 2010
8 Korea Internet & Security Agency, "Wireless security guide", Jan. 2010
9 Korea Internet & Security Agency, "Software vulnerability diagnosis guide", May 2012
10 Korea Internet & Security Agency, "VoIP security recommendation manual", Oct. 2012
11 Agence nationale de la securite des systemes d'information, "Cybersecurity for Industrial Control System Detailed Measures", Jan. 2014
12 Keith Stouffer, Suzanne Lightman, et al. "Guide to Industrial Control Systems Security", National Institute of Standards and Technology, Jun. 2011
13 The Open Web Application Security Project, "OWASP Internet of Things Project", https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
14 Glen Chason, Scott Dinnage, et al. "Guide to Vulnerability Assessment for Electric Utility Operations Systems", National Electric Sector Cybersecurity Organization Resource, Jun. 2014
15 National Institute of Standards and Technology, "The United States Government Configuration Baseline", https://usgcb.nist.gov/
16 Korea Ministry of Science and Technology, "Cyber security incident response executive manual"
17 Justin Searle, Galen Rasche, Andrew Wright and Scott Dinnage, "Guide to Penetration Testing for Electric Utilities" National Electric Sector Cybersecurity Organization Resource