Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.5.1089

Analysis of U.S. Supply Chain Security Management System  

Son, Hyo-hyun (Hannam University)
Kim, Kwang-jun (Hannam University)
Lee, Man-hee (Hannam University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.5, 2019 , pp. 1089-1097 More about this Journal
Abstract
An era of smart manufacturing is coming through the rapid development of information and communication technology. As a result, many companies have begun to utilize a variety of hardware and software for the efficient business of the manufacturing process. At this time, the hardware and software used are supplied through manufacturing and distribution processes. These supply processes are exposed to a variety of security threats. As the recent cases of supply chain attacks have increased, foreign countries are establishing supply chain management systems and managing supply chain risks. In Korea, on the other hand, there was research on supply chain risk management in some fields. In this paper, we emphasizes the necessity of supply chain risk management through supply chain attack cases. In addition, we analyze trends of foreign supply chain management system and explains the necessity of domestic supply chain security strategy.
Keywords
Supply Chain Risk Management; Supply Chain Evaluation and Verification; Supply Chain Attack; SCRM;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Keun-Hee Han, "Smart Factory based convergence security issue and solution," KISA REPORT, vol. 08, pp. 53-61, Aug. 2018.
2 KISA, "Cyber-treat Trends Report," Jul. 2018.
3 National Institute of Standards and Technology, "Notional Supply Chain Risk Management Practices for Federal Information Systems," NIST IR 7622, Oct. 2012.
4 National Institute of Standards and Technology, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations," NIST SP 800-161, Apr. 2015.
5 National Law Information Center, "Additional Special Conditions for Network Equipment-Building and Operation Projects," Procurement Service Directive No.5538, Last modified Jun. 2018.
6 National Law Information Center, "ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC," Law No. 16021, Last modified Dec. 2018.
7 Dong-Won Kim, Keun-Hee Han, "Automotive-Software & Supply Chain Assurance," Review of KIISC, 25(1), pp. 39-46, Feb. 2015.
8 Dong-Won Kim, Keun-Hee Han, In-Seok Jeon, Jin-Yung Choi, "A Study on Supply Chain Risk Management of Automotive," Journal of The Korea Institute of Information Security & Cryptology, 25(4), pp. 793-805, Aug. 2015.   DOI
9 Soo-Min Lim, A-Ram Kim, Ick-Hyun Shin, "Trends of Cyber Security Regulation of Digital Asset Supply Chain of International Nuclear Power Plants," Review of KIISC, 26(1), pp. 54-60, Feb. 2016.
10 KISA, "Cyber-treat Trends Report," Jan. 2019.
11 Symantec, "Internet Security Threat Report," Mar. 2018.
12 Symantec, "Internet Security Threat Report," Feb. 2019.
13 Nuclear Regulatory Commission, "Cyber Security Programs for Nuclear Facilities," NRC Regulatory Guide 5.71, Jan. 2010.
14 Wired, "NotPetya" https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/, Oct. 2019.
15 Nuclear Regulatory Commission, "Criteria for use of computers in safety systems of nuclear power plants Rev 3," NRC Regulatory Guide 1.152, Jul. 2011.
16 National Institute of Standards and Technology, "Security and Privacy Controls for Federal Information Systems and Organizations," NIST SP 800.53, Feb. 2014.
17 International Atomic Energy Agency, "Procurement Engineering and Supply Chain Guidelines in Support of Operation and Maintenance of Nuclear Power Plants," IAEA-TECDOC-919, Dec. 1996.
18 International Atomic Energy Agency, "Managing Suspect and CounterFeit Items in the Nuclear Industry," IAEA-TECDOC-1169, Aug. 2000.
19 Wikipedia, "Petya malware" https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine, Oct. 2019.
20 NetSarang, "NetSarang" https://www.netsarang.com/ko/, Oct. 2019.
21 Kaspersky, "ShadowPad" https://www.kaspersky.com/about/press-releases/2017_shadowpad-how-attackers-hide-backdoor-in-software-used-by-hundreds-of-large-companies-around-the-world, Oct. 2019.
22 Kye-Geun Kim, "Smart Factory Security," 2019 KISA REPORT, vol. 05, pp. 27-35, Jun. 2019.
23 National Institute of Standards and Technology, "Standards for Security Categorization of Federal Information and Information Systems," FIPS 199, Feb. 2004.
24 U.S. Department of Homeland Security, "Supply Chain Risk Management" https://www.dhs.gov/, Feb. 2019.
25 National Institute of Standards and Technology, "Guide for Conducting Risk Assessments," NIST SP 800-30 Rev.1, Sep. 2012.
26 National Institute of Standards and Technology, "Guide for Applying the Risk Management Framework to Federal Information Systems," NIST SP 800-37 Rev.1, Feb. 2010
27 National Institute of Standards and Technology, "Managing Information Security Risk," NIST SP 800-39, Mar. 2011.
28 U.S. Department of Homeland Security, "ICT SCRM Task Force" https://www.dhs.gov/cisa/information-and-communications-technology-ict-supply-chain-risk-management-scrm-task-force, Mar. 2019.
29 U.S. Department of Homeland Security, "ICT Supply Chain Risk Management Task Force," Nov. 2018.