Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.6.1291

A Study on the Cyber Attack Severity Assessment Methodology  

Bae, Sunha (National Security Research Institute)
You, Young-in (National Security Research Institute)
KIM, SoJeong (National Security Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.6, 2021 , pp. 1291-1307 More about this Journal
Abstract
State-sponsored cyberattacks have increased significantly and threaten national security in recent years. State-sponsored cyberattacks are often more sophisticated and destructive that attacks by individuals and private groups because of the concentration of manpower and resources. So major countries including the United States and the United Kingdom, as well as international organizations such as the EU and OECD, are recommending proportional response measures against cyberattacks. The Republic of Korea(ROK) is also trying to change its will to secure cyberattack deterrence and prepare active response through the 「National Cybersecurity Strategy 2019」. However, the ROK is not equipped with an adequate methodology to assess the severity of cyberattacks nor measures for proportional response to such attacks. In this paper, we propose a Cyber Attack Severity Assessment(CASA) methodology that can assess the scale and impact of damage to prepare external response threshold for cyberattacks at the government-level and to enable proportional responses when responding.
Keywords
cyberattack severity; assessment; proportional response;
Citations & Related Records
연도 인용수 순위
  • Reference
1 NIS, "Cyber crisis Alarm" https://www.nis.go.kr;4016/AF/1_7_1_2.do, Accessed Oct. 28. 2021.
2 Ministry of the Interior and Safety, "Security Management by Information System Level" https://www.mois.go.kr/frt/bbs/type010/commonSelectBoardArticle.do?bsId=BBSMSTR_000000000008&nttId=71455,Accessed Oct. 28. 2021.
3 Michael N. Schmitt, "Peacetime Cyber Responses and Wartime Cyber Operations Under International Law," Harvard National Security Journal, vol. 8, pp. 239-282, May. 2017, .
4 OECD Legal Instruments, "Recommendation of the Council on Digital Security of Critical Activities," pp. 1-19, Dec. 2019.
5 Council of the EU, "Draft implementing guidelines for the Framework on a Joint EU Diplomatic Response to Malicious Cyber Activities," pp. 1-16, Oct, 2017.
6 National Security Office of Cheong Wa Dae, "National Cybersecurity Strategy," pp. 16-17, Apr. 2019.
7 Petraq Papajorgji, Automated Enterprise Systems for Maximizing Business Performance, 1st Ed., IGI Global, pp. 233-234, 2015.
8 US-CERT, "NCISS Incident Scoring Demo" https://www.us-cert.gov/nciss/demo, Accessed Oct. 21, 2021.
9 Department Homeland Security, "National Cyber Incident Response Plan", pp. 38-39, Dec. 2016
10 Mandiant, "The FireEye OT-CSIO" https://mandiant.com/resources/ontology-understand-assess-operational-technology-cyber-incidents, Accessed Oct. 21, 2021.
11 Joseph Boyce, Daniel Jennings, Information Assurance:Managing Organizational IT Security Risks, 1st Ed., Butterworth-Heinemann, pp. 253-254. 2002.
12 FIRST, "Common Vulnerability Scoring System version 3.1" https://www.first.org/cvss/v3.1/specification-document, Accessed Oct. 21, 2021.
13 Council of EU, "Draft Council Conclusions on a Framework for a joint EU Diplomatic Response to Malicious Cyber Activities(Cyber Diplomacy Toolbox)," pp. 1-5. June 2017.
14 The U.S. Whitehouse, "FactSheet:President Policy Directive on United States Cyber Incident Coordination" https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/fact-sheet-presidential-policy-directive-united-states-cyber-incident-1, Accessed Oct. 21, 2021.
15 Martin G. McGuinn, "Cross Sector Interdependencies and Risk Assessment Guidance," National Infrastructure Advisory Council, pp. 94, Jan. 2004.
16 Jindong Shin, Analysis of Interdependencies and Cascading Failure Effects on Critical Infrastructure", National Disaster Management Institute, pp 89-103, Dec. 2013.
17 UN Security Council, "Midterm report of the Panel of Experts submitted pursuant to resolution 2464(2019)," pp. 26, Aug. 30, 2019.
18 NIS et al., "White Paper on Information Security 2020," pp. 6-7, May. 31, 2020.