A Study on Application Methodology of SPDL Based on IEC 62443 Applicable to SME Environment |
Jin, Jung Ha
(고려대학교 정보보호연구원)
Park, SangSeon (고려대학교 정보보호연구원) Kim, Jun Tae (고려대학교 정보보호연구원) Han, Keunhee (고려대학교 정보보호연구원) |
1 | Hugh Taylor, "News Insights: Gangnam Industrial Style: Apt Campaign Targets Korean Industrial Companies - Cyberx" [Internet], https://journalofcyberpolicy.com/2019/12/17/news-insights-gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies-cyberx/. |
2 | The White House, "FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation's Cybersecurity and Protect Federal Government Networks" [Internet], https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/. |
3 | IEC 62443-4-1:2018, "Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements," Jan. 15, 2018. |
4 | IEC TS 62443-1-1:2009, Industrial communication networks - Network and system security - Part 1-1: Terminology, concepts and models, Jul. 30, 2009. |
5 | IEC TR 62443-2-3:2015, Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment, Jun. 30, 2015. |
6 | IEC TR 62443-2-3:2015, Security for industrial automation and control systems - Part 2-3: Patch management in the IACS environment, Jun. 30, 2015. |
7 | IEC 62443-3-3:2013, Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels, Aug. 7, 2013. |
8 | IEC 62443-2-1:2010, Industrial communication networks - Network and system security - Part 2-1: Establishing an industrial automation and control system security program, Nov. 10, 2010. |
9 | IEC TR 62443-3-1:2009, Industrial communication networks - Network and system security - Part 3-1: Security technologies for industrial automation and control systems, Jul. 30, 2009. |
10 | IEC Editorial Team, "Understanding IEC 62443" International Electrotechnical Commission News & blogs, Feb. 26, 2021, [Internet], https://www.iec.ch/blog/understandingiec-62443. |
11 | ISO/IEC/IEEE 12207:2017, Systems and software engineering - Software life cycle processes, Nov. 2017. |
12 | IEC 62443-4-2:2019, Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components, Feb. 27, 2019. |
13 | ISO/IEC/IEEE 24748-1:2018, Systems and software engineering - Life cycle management - Part 1: Guidelines for life cycle management, Nov. 2018. |
14 | ISO/IEC/IEEE 15288:2015, Systems and software engineering - System life cycle processes, May 2015. |
15 | J. J. Ha, J. T. Kim, S. S. Park, and K.h. Han, "A study on threat analysis and risk assessment in a smart manufacturing environment based on IEC 62443," KICS Fall Conference 2021, Nov. 18, 2021. |
16 | The MITRE Corporation, CVE Program [Internet], https://www.cve.org/. |
17 | A. Shostack, "Experiences threat modeling at microsoft," MODSEC@ MoDELS 2008, 35, 2008. |
18 | ISO/IEC 29192-2:2019, Information security - Lightweight cryptography - Part 2: Block ciphers, Nov. 2019. |
19 | KS X 3246:2016, 128-bit block cipher LEA, Oct. 20. 2016. |
20 | Kilian Marty, "How to implement Cyber Security acc. to IEC 62443," CertX, Nov. 12, 2020, https://certx.com/cybersecurity/how-to-implement-cyber-security-acc-to-iec-62443-ep-4-penetrations-tests. |
21 | M. K. Gil, "In 2021, the first year of OT security... Cooperation between ICS operators, manufacturers, and security vendors is essential" [Internet], https://www.dailysecu.com/news/articleView.html?idxno=110872. |
22 | ISO/SAE 21434:2021, Road vehicles - Cybersecurity engineering, August, 2021 |