• The Journal of the Korea institute of electronic communication sciences
• /
• v.6 no.6
• /
• pp.839-847
• /
• 2011

Instrumentation & Control(I&C) System in NPP(Nuclear Power Plant) plays a important role as the brain of human being, it performs protecting, controling and monitoring safety operation of NPP. Recently, the I&C system is digitalized as digital technology such as PLC, DSP, FPGA. The different aspect of digital system which use digital communication to analog system is that it has potential vulnerability to cyber threat in nature. Possibility that digital I&C system is defected by cyber attack is increasing day by day. The result of cyber attack can be adverse effect to safety function in NPP. Therefore, I&C system required cyber security counter-measures that protect themselves from cyber threat efficiently and also cyber security design should be taken into consideration at concept stage in I&C system development process. In this study, we proposed the digital asset analysis method for cyber security assessment of I&C system design in NPP and we performed digital asset analysis of I&C system by using the proposed method.

• Journal of Internet Computing and Services
• /
• v.24 no.6
• /
• pp.137-144
• /
• 2023

Cyberattack technology is evolving to an unpredictable degree, and it is a situation that can happen 'at any time' rather than 'someday'. Infrastructure that is becoming hyper-connected and global due to cloud computing and the Internet of Things is an environment where cyberattacks can be more damaging than ever, and cyberattacks are still ongoing. Even if damage occurs due to external influences such as cyberattacks or natural disasters, intelligent self-recovery must evolve from a cyber resilience perspective to minimize downtime of cyber assets (OS, WEB, WAS, DB). In this paper, we propose an intelligent self-recovery technology to ensure sustainable cyber resilience when cyber assets fail to function properly due to a cyberattack. The original and updated history of cyber assets is managed in real-time using timeslot design and snapshot backup technology. It is necessary to secure technology that can automatically detect damage situations in conjunction with a commercialized file integrity monitoring program and minimize downtime of cyber assets by analyzing the correlation of backup data to damaged files on an intelligent basis to self-recover to an optimal state. In the future, we plan to research a pilot system that applies the unique functions of self-recovery technology and an operating model that can learn and analyze self-recovery strategies appropriate for cyber assets in damaged states.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.157-160
• /
• 2020

사이버 공격은 조직과 국가에 큰 피해를 주려는 목적으로 정보를 가로채고 파괴하는 의도적인 행동으로 빚어지는 경우가 많다. 이에 따라 국제 표준화 기구(ISO)는 ISO/IEC 27000 시리즈 등 정보 자산의 보호를 위한 표준 문서를 지침으로 제공한다. 하지만 지침만 제공할 뿐 자산 보호를 위한 구체적인 방법이나 절차가 포함되어 있지 않다. 본 연구에서는 공군의 긴급 CAS(Close Air Support) 작전을 대상으로 추후 사이버 전투 피해평가를 위해 사이버 공격에 의한 정보 자산에 대한 점수를 가산화 한다. 긴급 CAS 작전 시뮬레이션 진행 후 도출된 요소를 가지고 객관적인 수치라고 할 수 있는 CIA(Confidentiality, Integrity, Availability)지표들과 군 정보를 접목시켜 자산의 중요성을 계산하고 나아가 가중치를 주어 차별성을 가지게 된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.877-884
• /
• 2019

As technology advances, equipment installed in Nuclear facilities are changing from analog system to digital system. Nuclear facilities have been exposed to cyber threats as the proportion of computers and digital systems increases. As a result, interest in cyber security has increased and there has been a need to protect the system from cyber attacks. KINAC presented 101 cyber security controls for critical digital asset. However, this is a general measure that does not take into account the characteristics of digital assets. Applying all cyber security controls to critical digital assets is a heavy task and can be lower efficient. In this paper, we propose an effective cyber security controls by identifying the characteristics of critical digital assets and presenting proper security measures.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.189-200
• /
• 2024

In recent years, the development of defense technology has become digital with the introduction of advanced assets such as drones equipped with artificial intelligence. These assets are integrated with modern information technologies such as industrial IoT, artificial intelligence, and cloud computing to promote innovation in the defense domain. However, the convergence of the technology is increasing the possibility of transfer of cyber threats, which is emerging as a problem of increasing the vulnerability of defense assets. While the current cybersecurity methodologies focus on the vulnerability of a single asset, interworking of various military assets is necessary to perform the mission. Therefore, this paper recognizes these problems and presents a mission-based asset management and evaluation methodology. It aims to strengthen cyber security in the defense sector by identifying assets that are important for mission execution and analyzing vulnerabilities in terms of cyber security. In this paper, we propose a method of classifying mission dependencies through linkage analysis between functions and assets to perform a mission, and identifying and classifying assets that affect the mission. In addition, a case study of identifying key assets was conducted through an attack scenario.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.11a
• /
• pp.392-393
• /
• 2022

선박에 IT/OT가 도입되면서 사이버 위협이 증가하고 있습니다. 선박에서의 사이버 리스크 관리를 위해 현존하는 선박 내 사이버자산을 식별하고, 노출된 사이버 위협을 인지하고, 사이버 리스크 평가를 통한 대응방안을 이론적, 사례적으로 분석한 내용을 공유합니다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.120-122
• /
• 2020

원전에 대한 사이버위협이 지속됨에 따라 IAEA 및 각국에서는 원전 사이버보안 강화를 위해 노력하고 있다. 그 일환으로 국내에서는 규제기준 KINAC/RS-015를 통해 원전 내 안전·보안·비상대응 기능과 관련된 필수디지털자산에 대한 사이버보안 규제를 수행하고 있으나 원전 사고와 직접적으로 관련된 자산에 대해서는 보다 강화된 보안조치를 적용하여 보안성을 높이고자 한다. 이러한 강화 조치의 하나로 '코드 난독화 적용'이 있으며 이에 대해 상세히 살펴보고자 한다.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.101-107
• /
• 2019

Our military's cyberspace is under constant threat from the enemy. These cyber threats are targeted at the information service assets held by the military, and securing the security of the organization's information service assets is critical. However, since Information assets can not be 100% selt-sufficient in any organization as well as the military, acquisition of information assets by the supply chain is an inevitable. Therefor, after reviewing supply chain protection measures to secure the safety of the military supply chain, we proposed a method for securing supply chain companies through the citation of partnership based on the validated trust model.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.111-116
• /
• 2018

The Cyber space of the ROK Army is constantly threatened by enemy. In order to reponse to such cyber treats, vulnerabilities of information assets of the ROK Army should be identified and eliminated early. However, the ROK Army currently lacks systematic management of vulnerabilities. Therefore, this paper investigates trends of each country's vulnerability management and the actual situation of the management of the vulnerabilities in the ROK Army, and suggests ways of linking vulnerability database and the ROK Army information asset management system for effective vulnerability management of the ROK Army information assets.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2021.07a
• /
• pp.111-112
• /
• 2021

비대면 사회 확산에 따라 디지털 콘텐츠 등 온라인상으로 거래가 관리되는 디지털 자산의 거래가 증가하고 있다. 영상 및 이미지 등 디지털 자산의 경우 창작자가 자산에 대한 충분한 대가를 받지 못하고 불법 거래 내역에 대한 파악이 어렵다. 본 논문에서는 NFT적용을 통한 효율적 디지털 자산 관리를 위하여 신뢰성과 보안을 강화한 블록체인 합의알고리즘을 연구하고 성능평가를 통하여 기존 합의알고리즘 대비 우수성을 증명하였다.