• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.857-880
• /
• 2016

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.24 no.8
• /
• pp.781-790
• /
• 2013

Nowadays, national critical infrastructures have been known to be highly vulnerable to the EMP threats which are internationally growing. But their realistic solutions have been not made by the lack of detailed rules and regulations in current laws, however, which cover most of cyber threats. This paper takes a look at the domestic and overseas trends on the EMP protections, and proposes the revision directives of relevant laws and the contents included into the proposed legislation. Among them, the amendment of the current "Information Infrastructure Protection Act" is considered to be the most effective, including provisions on protected informations, industrial promotions, R&D supports, education, etc. Anyway, this paper is expected to be helpful for introducing an effective legal scheme on the CIP against EMP threats. domestic rule.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.163-176
• /
• 2017

Recently, the critical infrastructure is changing from the existing closed environment to an open environment, and it is becoming a new target of cyber-threats by expanding into cyberspace. In addition, due to the development of information and communications technology(ICT), the interdependence among critical infrastructure is increasing. Previous studies ranged from trend investigation and policy discussions to protection, but separate studies on the diagnosis of the current status and appropriateness judgment for efficient policy implementation were not performed. Therefore, this study compares and analyzes three international indicators that measure the level of cyber security in each country in order to build a new index to measure the level of cyber security of critical infrastructure in the USA, Japan, UK, Germany, Norway, and Korea. It is hoped that this study will serve as a basis for expanding Korean influence and building trust among countries in future cyberspace.

• Review of KIISC
• /
• v.25 no.5
• /
• pp.18-25
• /
• 2015

전력시스템은 설비계획 및 운영상의 신뢰도 확보를 위해 신뢰도 기준을 수립 적용하고 있다. 최근에 전력산업 및 스마트그리드에서의 사이버 보안이슈가 부각되면서, 신뢰도 기준에도 사이버 보안 관련 규정을 수립하기 위한 노력이 진행 중에 있다. 미국 전력산업의 경우, NERC라는 규제기관을 통해 사이버 보안과 관련한 신뢰도 기준들을 CIP(Critical Infrastructure Protection) 차원에서 수립하였으며, 이를 지속적으로 업데이트하고 있다. 우리나라의 경우는 아직까지 사이버 보안 관련 신뢰도 기준이 구체적으로 수립되지 않고 있으며, 이를 보강하기 위한 연구가 진행 중에 있다. 전력시스템에서의 사이버보안 이슈는 이를 모니터링하고 제어하기 위한 SCADA 시스템 및 기타 정보망 차원에서의 잠재적 위협과 더불어, 해당 정보인프라가 전력시스템과 상호작용함으로써 발생하는 복합적인 효과를 고려할 필요가 있다. 이러한 맥락에서 본 논문에서는 NERC 규정과 선행 연구사례들을 참고하여 국내적용을 위한 사이버 보안 신뢰도 기준수립에 대한 방향성을 제안하고자 한다.