Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1463

A Case Study on the Application of RMF to Domestic Weapon System  

Cho, Hyun-suk (Center for Information Security Technologies(CIST), Korea University)
Cha, Sung-yong (Center for Information Security Technologies(CIST), Korea University)
Kim, Seung-joo (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1463-1475 More about this Journal
Abstract
Unlike the past, modern high-tech weapons systems are complex and many components are combined to form a weapons system. In addition, unlike the past, where hardware was the main component, the proportion of software is increasing every year, making the security assurance activities of weapon systems more difficult than in the past. The United States has been working to ensure the security of the weapons systems they develop since the 1960s. The findings were made to US internal standards, updated regularly, and are now being applied as RMF. In Korea, research activities have been conducted since 2010 based on the RMF of the United States. However, actual RMF application cases in the United States cannot be classified and obtained, and there are no official cases in Korea. In this paper, we apply Korean RMF research that has been studied so far to apply to the recently developed real weapon system. Thus, detailed guidelines for applying the RMF are presented.
Keywords
RMF(Risk Management Framework); Weapon System; Secure SDLC;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 MBN, "China develops underwater submarine detection technology" https://www.mk.co.kr/news/world/view/2018/10/613151/, Apr. 2019
2 ScienceTimes, "GPS jamming" https://www.sciencetimes.co.kr/?news=gps%EC%A0%84%ED%8C%8C-%EA%B5%90%EB%9E%80-%EB%AC%B4%EC%97%87%EC%9D%B4-%EB%AC%B8%EC%A0%9C%EC%9D%BC%EA%B9%8C, Apr. 2019
3 BASIC, "Hacking UK Trident" https://basicint.org/wp-content/uploads/2018/06/HACKING_UK_TRIDENT.pdf, Apr. 2019
4 subleague.org, "submarines look so slow when sailing" http://www.subleague.org/xe/sub0307/1220, Apr. 2019
5 Military & Aerospace Electronics, "Iran-U.S. RQ-170" http://www.militaryaerospace.com/articles/2016/05/unmanned-cyber-warfare.html, May. 2019
6 ITWorld Korea, "Network Hacking Cases in Korea" http://www.itworld.co.kr/news/102451, May. 2019
7 etnews, "verified the weapon system SW security" http://www.etnews.com/20180619000155, May. 2019
8 Sungyong Cha, Seungsoo Baek, Sooyoung Kang and Seungjoo Kim, "Security Evaluation Framework for Military IoT Devices," Security and Communication Networks, Vol. 2018, Article ID 6135845, 12 pages, Jul. 2018
9 "Risk Management Framework (RMF) for DoD Information Technology (IT)," DoDI 8510.01, Mar. 2014
10 "Guide for Applying the Risk Management Framework to Federal Information Systems," NIST SP 800-37 Rev.1, Feb. 2010
11 "Weapon System Development and Management Manual," DAPA(Defense Acquisition Program Administration), Nov. 2018
12 "National Defense Cyber Security Instruction," Ministry of National Defense No.1862, Dec. 2015
13 Heejin Jang, Jingoog Kim, Seunghoon Jeong, Heedong Kim and Hyeonsook Kim, "Security Weakness Identification Methodology for Weapon System Software," The Korean Institute of Information Scientists and Engineers, 2017(12), pp. 149-151, Dec. 2017
14 Yongjun Lee, Joonseon Ahn and Jinyoung Choi, "Research on Improving Security of Software Coding Rule Guide, SCR-G," The Korean Institute of Information Scientists and Engineers, 2018(12), pp. 462-464, Dec. 2018
15 "National Defense Work Instruction," Ministry of National Defense, No.2040, Jun. 2017
16 Woncheol Lee, Kanghyun Kim and Seunghyeon Lee, "A Study of Software Security of Embedded Weapon Software Development Lifecycle," The Korean Institute of Information Scientists and Engineers, 2016(12), pp. 92-94, Dec. 2016
17 Yeonoh Jeong, "A Study about Development Methodology for Ensure the Software Security of Weapon System," The Korean Institute of Information Scientists and Engineers, 2018(6), pp. 77-79, Jun. 2018   DOI
18 Jiseop Lee, Sungyong Cha, Seungsoo Baek and Seungjoo Kim, "Research for Construction Cybersecurity Test and Evaluation of Weapon System," Journal of The Korea Institute of information Security & Cryptology, 28(3), pp. 765-774, Jun. 2018   DOI
19 "Guide for Mapping Types of Information and Information Systems to Security Categories," NIST SP 800-60 Rev.1, Aug. 2008
20 "Security & Privacy Controls for Federal Information Systems and Organizations," NIST SP 800-53 Rev.4, Apr. 2013
21 "Security Categorization and Control Selection For National Security Systems," CNSSI No. 1253, Mar. 2014
22 "Cybersecurity Test and Evaluation Guidebook," DoD, Apr. 2018