• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.279-287
• /
• 2022

With the advancement of cyber threats and the development of hacking technologies, cyber security is being emphasized in various fields such as automobiles and ships. According to this trend, various industrial fields are demanding cybersecurity, and related certifications. In this paper, cybersecurity type approval is compared with the RMF stage under the premise that there are common elements with RMF in that cybersecurity elements must be reflected in the entire system development cycle. For comparison, type approval of maritime cyber security of the Korean Register of Shipping was selected. In conclusion, although type approval of maritime cyber security acquisition procedure is not divided by development stage like the RMF, there are the commonalities in the procedure to apply the cybersecurity element to the System development lifecycle like the RMF. Accordingly, the possibility of determining that the cybersecurity element was applied to the entire development cycle was confirmed.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2020.11a
• /
• pp.139-140
• /
• 2020

우리나라는 국제해사기구에서 제시한 자율수준 3단계의 자율운항선박 기술개발 사업을 추진 중에 있으며, 자율운항선박 및 원격운항센터의 사이버보안에 관한 기술개발이 핵심과제로 포함되어 있다. 국제해사기구는 현존선의 대한 사이버 위협에 대한 조치로 제98차 해사안전위원회에서 '해상 사이버 위험관리 지침(Guidelines on maritime cyber risk management)'을 채택 및 승인하였다. 자율운항선박이 디지털 센서의 거대시스템임을 고려할 때 기술개발 완료시 해상에서 기존 선박과 자율운항선박의 공동 운항을 고려하여 해상교통관제체계(VTS)에 대한 사이버보안 측면을 고려 할 필요가 있다. 이 논문에서는 부산항 VTS 관제사(VTSO)를 대상으로 하여 자율운항선박 운영을 고려한 VTS 관제시스템의 사이버보안 만족도를 조사하였다. VTSO를 대상으로 한 사이버보안 만족도 조사 및 분석방법은 IPA(Importance Performance Analysis) 매트릭스를 적용하였다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.11a
• /
• pp.134-136
• /
• 2019

The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.238-239
• /
• 2019

Cyber attacks can be caused by all equipment that perform communication functions, and the link between ship and land due to the development of communication technology means that the ship sector as well as the land sector can be easily exposed to cyber threat vulnerability. In this paper, we analyze cyber threat trend changes to identify cyber security vulnerabilities in the maritime sector and propose measures to enhance cyber security through other industry case studies.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2021.11a
• /
• pp.72-73
• /
• 2021

As discussions of the International Maritime Organization for the introduction of the Marine Autonomous Surface Ship (MASS) began in earnest, discussions were conducted to prioritize cybersecurity (Cyber Risk Management) when developing a system to support MASS operation at the 27th ENAV Committee Working Group (WG2). Korea launched a technology development project for autonomous ships in 2020, and has been promoting detailed tasks for cybersecurity technology development since 2021. MASS operation in a digital maritime communication system environment requires network security of various digital equipment that was not considered in the existing maritime communication environment. This study introduces the basic concept of network security equipment to support MASS operation in the detailed task of cybersecurity technology development, and defines the network security equipment interface for MASS ship application in the basic stage.

• Review of KIISC
• /
• v.33 no.6
• /
• pp.51-54
• /
• 2023

국제해사기구(IMO)는 2017년 해사안전위원회(Maritime Safety Committee, MSC)에서 안전관리시스템으로의 해상 사이버 리스크 관리 결의하였다. 또한 국제선급협회(IACS)는 선박 사이버 사고가 인명, 재산 및 환경에 심각한 영향을 미칠 수 있음을 인식하여, 사이버 이슈를 체계적으로 논의하기 위한 사이버시스템 패널을 2016년 신설하였다. IACS 는 2022년 4월, 신조선 사이버보안 통합 요구사항(UR E26) 및 기자재 시스템 사이버보안 통합 요구사항(UR E27)을 배포하였다. 이 규정은 2024년 건조 계약을 체결한 신조선에 강제 적용될 예정이다. 본 논문에서는 신조선에 대한 리스크 기반 사이버 설계보안 접근 방식을 제안한다.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.28 no.7
• /
• pp.1140-1147
• /
• 2022

With the development of digital technology, the marine environment is expected to change rapidly. In the case of autonomous vessels, technology is being developed in many countries, and the international community has begun to discuss ways to operate it. Changes in ships cause changes in the marine traffic environment and urge changes to aids to navigation. This study aims to analyze the cyber security management awareness of VTS personnel to improve the cyber security system for aids to navigation. To this end, the current status of cyber security management was reviewed with a focus on VTS, and a survey was conducted on VTS personnel. The survey analysis used the IPA methodology, and as a result of the analysis, a clear difference was observed in the perception of cybersecurity between those with experience in security and those without experience. In addition, technical measures related to cyber-attack detection and blocking should be implemented with the highest priority. The results of this study can be used as basic data for improving the cyber security management system for aids to navigation.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.11a
• /
• pp.396-397
• /
• 2022

IMO는 해상사이버보안 관리기준을 제정하여 2021년부터 ISM code에 따른 선박안전관리 지침 상 사이버보안 관리방안의 반영을 권고하였다. 이에 따라 선박에 대한 사이버보안 관리지침 또는 계획서 등이 선박회사별로 개발되어 적용되어 오고 있으나 명확한 법적 근거 및 표준이 부재하여 선박회사별 차이가 발생하고 있다. 본 연구는 국내 선사들의 사이버보안 계획서를 BIMCO, NIST 등의 Guideline과 Framework 기반으로 비교하여 선사별 사이버보안 대응을 위한 선내조직 및 역할과 책임, 비상 시 대응방안을 비교하였다. 비교 결과를 기반으로 차이점과 개선점 식별을 통해 실효성 있는 사이버보안계획서 수립 및 대응조직 구성 방안제시를 연구목적으로 설정하여 수행하였다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.29-32
• /
• 2019

The development of Information and Communication Technology facilitates exchange of information and communication between system in ships or between ships and land facilities, thereby improving the efficiency of their work. However, these changes in the working environment of companies and ships increased the likelihood of cyber security incidents occurance like unauthorized access to company and ship systems or infection of malicious code, which results in significant safety, environmental and business damage to company and ships. Therefore, a cyber-risk-based approach was required to identify and respond to an increasing cyber threats. In this paper, the analysis of maritime cyber security status and guidelines for establishment of maritime cyber security system are provided.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2022.11a
• /
• pp.137-139
• /
• 2022

As cyber threats in the maritime industry increase due to the digital transformation, the needs for cyber security training for ship's crew and port engineers has increased. The training of seafarers is related to the IMO's STCW convention, so cyber security training also managed and certified, and it is necessary to develop a cybersecurity training system that reflects the characteristics of the OT systemof ships and ports. In this paper, with the goal of developing a training model based on the IMO cyber risk management guideline, developing a cyber security training model based on the characteristics of maritime industry threats, and improving the effectiveness of cyber security training using AR/VR and metaverse, A method for developing a system for nurturing cyber security experts is presented.