Browse > Article

A Study on Establishment of Cyber Threat Information Sharing System Focusing on U.S. Case  

Kim, Dong Hee (국가보안기술연구소)
Park, Sangdon (국가보안기술연구소)
Kim, So Jeong (국가보안기술연구소)
Yoon, Oh-Jun (숭실대학교 IT정책경영학과)
Publication Information
Convergence Security Journal / v.17, no.2, 2017 , pp. 53-68 More about this Journal
Abstract
Today, information sharing is recognized as a means to effectively prevent cyber attacks, which are becoming more intelligent and advanced, so that many countries such as U.S., EU, UK, Japan, etc. are establishing cyber threat information sharing system at national level. In particular, the United States has enacted the "Cyber Threat Information Sharing Act (CISA)" in December 2015, and has been promoting the establishment of a legal and institutional basis for sharing threat information and the implementation of the system. Korea is sharing cyber threat information in public and private sectors mainly through the National Cyber Security Center(NCSC) and the Korea Internet & Security Agency(KISA). In addition, Korean government is attempting to strengthen and make legal basis for unified cyber threat information sharing system through establishing policies. However, there are also concerns about issues such as leakage of sensitive information of companies or individuals including personal identifiable information that may produced during the cyber threat information sharing process, reliability and efficiency issues of the main agents who gather and manage information. In this paper, we try to derive improvement plans and implications by comparing and analyzing cyber threat information sharing status between U.S. and Korea.
Keywords
사이버 위협정보 공유;정보공유;미국;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 디지털타임스, [시론] 국가사이버안보전략 시급하다, 2016. 7. 8.
2 S.754-Cybersecurity Information Sharing Act of 2015, 114th Congress(2015-2016)
3 Guide to Cyber Threat Information Sharing, NIST Special Publication 800-150, NIST, 2016.10.
4 국가사이버안보법 국회상정안(2016.12.21.), 정부입법지원센터(2017년 3월 15일 접속)
5 김지선, "한국과 미국의 사이버위협정보 공유 입법안 비교연구", 고려대학교 석사학위논문, p.12, 2016.
6 김석준 외, '거버넌스의 이해', 대영문화사, p.283, 2002.
7 CSO, 사이버 위협 정보 공유는 원하나 법률은 원하지 않는다, IT World, 2015.9.24.
8 박철민, 조정식, 국외 사이버 위협 정보공유의 체계조사, Internet & Security Focus, 한국인터넷진흥원, 2014.1.
9 위협정보 공유한다는 C-TAS, 얼마나 알고 있나요?, 보안뉴스, 2015.12.9.
10 국가 사이버안보 기본법 제정(안) 반대 의견서, 진보네트워크센터, 2016.10.10.
11 Executive Order 13636: Improving Critical Infrastructure Cybersecurity, the White House, 2013.
12 Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing, the White House, 2015.
13 D. E. Zheng, J. A. Lewis, Cyber Threat Information Sharing-Recommendations for Congress and Administration, Center for Strategic & International Studies(CSIS), 2015.3.
14 박상돈, 미국 사이버안보 정보공유법(CISA)의 규범적 의의, 융합보안논문지, 제17권, 제1호, pp.45-52, 2017.
15 Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015, DNI, DHS, DoD, DoJ, 2016.2.16.
16 Guidance of Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015, DHS, DoJ, 2016.6.15.
17 Final Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government, DHS, DoJ, 2016.6.15.
18 Privacy and Civil Liberties Final Guidelines: Cybersecurity Information Sharing Act of 2015, DHS, DoJ, 2016.6.15.
19 윤오준 외, 주요국의 사이버위협정보 공유체계 분석을 통한 국내 적용모델 연구, 융합보안논문지, 제16권, 제7호, pp.101-111, 2016.
20 Presidential Memorandum-Establishment of the Cyber Threat Intelligence Integration Center, the White House, 2015.2.25.
21 Presidential Decision Directive(PDD)-63: Critical Infrastructure Protection, the White House, 1998.
22 2015 정보통신산업의 진흥에 관한 연차보고서, p.109, 미래창조과학부, 2015.9.
23 사이버 위협정보 신뢰성 확보 시급, 전자신문, 2015.11.30.
24 악성코드와 보안취약점 정보공유의 허와 실, 보안뉴스, 2015.4.25.
25 이철우 의원, 사이버위협정보 공유에 관한 법률안 검토보고, 정보위원회, 2015.11.