Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.1.123

A Study on a Smart City Supply Chain Security Model Based on Zero-Trust  

Lee, Hyun-jin (Kangwon National University)
Son, Kyung-ho (Kangwon National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.1, 2022 , pp. 123-140 More about this Journal
Abstract
Recently, research on solving problems that have introduced the concept of smart city in countries and companies around the world is in progress due to various urban problems. A smart city converges the city's ICT, connects all the city's components with a network, collects and delivers data, and consists of a supply chain composed of various IoT products and services. The increase in various cyber security threats and supply chain threats in smart cities is inevitable, in addition to establishing a framework such as supply chain security policy, authentication of each data provider and service according to data linkage and appropriate access control are required in a Zero-Trust point of view. To this end, a smart city security model has been developed for smart city security threats in Korea, but security requirements related to supply chain security and zero trust are insufficient. This paper examines overseas smart city security trends, presents international standard security requirements related to ISMS-P and supply chain security, as well as security requirements for applying zero trust related technologies to domestic smart city security models.
Keywords
SmartCity Security; Supply Chain; Zero Trust;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 National Institute of Standards and Technology," Supply Chain Risk Management Practices for Federal Information Systems and Organizations" Special Publication 800-161, Apr. 2015
2 International Standard, "Information security for supplier relationships-Part 1: Overview and concepts",ISO/IEC 27036-1, Apr. 2014
3 International Standard, "Information security for supplier relationships-Part 2: Requirements", ISO/IEC 27036-2, Aug. 2014
4 International Standard, "Information security for supplier relationships-Part 3: Guidelines for information and communication technology supply chain security", ISO/IEC27036-3, Nov. 2013
5 International Standard, "Information security for supplier relationships - Part 4: Guidelines for security of cloud services", ISO/IEC 27036-4, Oct. 2016
6 International Standard, "Information technology - (O-TTPS) - Mitigating maliciously tainted and counterfeit products - Part 1: Requirements and recommendations", ISO/IEC 20243-1, Feb. 2016
7 International Standard, "Information technology - Mitigating maliciously tainted and counterfeit products - Part 2: Assessment procedures for the O-TTPS and ISO/IEC 20243-1:2018", ISO/IEC 20243-2, Jan. 2018
8 KISA, "Smart City Security Model", Dec. 2020
9 European Cyber Security Organisation, "Overview of existing Cybersecurity standards and certification schemes v2", Dec. 2017
10 National Institute of Standards and Technology, "Zero Trust Architecture",Special Publication 800-207, Aug. 2020
11 KISA, "ISMS-P Certification Guideline", Jul. 2021
12 The National Cyber Security Centre, "nscs supply chain security", https://www.ncsc.gov.uk/collection/supply-chain-security/principles-supplychain-security, Nov.19.2021
13 International Standars, "Information Security Management", ISO/IEC27001, 2013
14 Seong-hyun Min, Kyung-ho Son,"Comparative Analysis on ICT Supply Chain Security Standards and Framework", Journal of the Korea Institute of Information Security & Cryptology, 30(6), pp. 1189-1206, Dec. 2020   DOI
15 National Institute of Standards and Technology, "GCTC SC3 Cybersecurity and Privacy Advisory Committee Guidebook", Jul. 2019
16 Japan cabinet office, " SIP Second Phase, Smart City Architecture White Paper", Mar. 2020
17 Ministry of Internal Affairs and Communications, "Smart City Security Guideline 2.0", Jun. 2021