• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.347-363
• /
• 2024

As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.241-250
• /
• 2017

Contrary to past critical infrastructure network, current critical infrastructure network is adopting IoT devices and efficient management system using the external networks. Using this system, productivity and management efficiency could be enhanced compared to past critical infrastructure network. But cybersecurity issue could be occurred at external network connection, so cybersecurity guideline is necessary. However, critical infrastructure organizations tend to use the cybersecurity guideline issued by government because it is hard to develop cybersecurity guideline on their own. But the government's cybersecurity guideline isn't suitable for the critical infrastructure network because it doesn't include critical infrastructure's specific characteristics. Therefor, we suggested the development method of cybersecurity guideline for the critical infrastructure network based on analysing cybersecurity guideline standards and critical infrastructure networks.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.18-23
• /
• 2021

As it develops into a hyper-connected society, the role of information and communication is greatly increasing. In the event of a communication disaster, it will cause a significant impact on social infrastructure, suspension of the national critical infrastructure services, and the lives of the people. In addition, the information communication sector needs systematic management to create an information communication environment that is safe from disasters because dependence on the information communication sector has increased rapidly as the industrial structure has advanced. In this paper, we analyzed the types and risks of disasters that may occur to the information communication infrastructure that play important roles in national critical infrastructure, such as information communications, finance, health and healthcare, for systematic management. In the event of a disaster in the information communication infrastructure, it is believed that it will have a significant impact on the national critical infrastructure service suspension and people's lives.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.163-176
• /
• 2017

Recently, the critical infrastructure is changing from the existing closed environment to an open environment, and it is becoming a new target of cyber-threats by expanding into cyberspace. In addition, due to the development of information and communications technology(ICT), the interdependence among critical infrastructure is increasing. Previous studies ranged from trend investigation and policy discussions to protection, but separate studies on the diagnosis of the current status and appropriateness judgment for efficient policy implementation were not performed. Therefore, this study compares and analyzes three international indicators that measure the level of cyber security in each country in order to build a new index to measure the level of cyber security of critical infrastructure in the USA, Japan, UK, Germany, Norway, and Korea. It is hoped that this study will serve as a basis for expanding Korean influence and building trust among countries in future cyberspace.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.857-880
• /
• 2016

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.8B
• /
• pp.657-666
• /
• 2008

The intersection collision avoidance service among various telematics application services is regarded as one of the most critical services with regard to safety. In such safety applications, real-time, correct transmission of service is required. In this paper, we study on efficient infrastructure architecture for intersection collision avoidance using a cooperative mechanism between vehicles and wireless infrastructure. In particular, we propose an infrastructure, called CISN (Cooperative Infrastructure associated with Sensor Networks), in which proper numbers of sensor nodes are deployed on each road, surrounding the intersection. In the proposed architecture, overall service performance is influenced by various parameters consisting of the infrastructure, such as the number of deployed sensor nodes, radio range and broadcast interval of base station, and so on. In order to test the feasibility of the CISN model in advance, and to evaluate the correctness and real-time transmission ability, an intersection sensor deployment simulator is developed. Through various simulations on several environments, we identify optimal points of some critical parameters to build the most desirable CISN.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.907-918
• /
• 2019

The purpose of this study is to understand the cybersecurity policies and critical infrastructure protection of the United States through analyzing Donald Trump's administration executive orders, the national cyber strategy, and the legislation. The analysis has three findings. First, the Department of Homeland Security (DHS) became a main agent in the cybersecurity while the role of the White House was reduced. Second, Trump's administration expanded its role and mission in the policy area by extending the meaning of critical infrastructure. Third, in the case of cyber threats, the government can be involved in the operation of critical infrastructures in the private sector. The opinions of the professional bureaucrats and DHS were more reflected in the direction of the cybersecurity policy than those of the White House. In contrast to Barack Obama's administration, the Trump administration's cybersecurity strategies were not much studied. This study provides insights for improving cybersecurity policies and critical infrastructure protection.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.3
• /
• pp.89-97
• /
• 2021

The objective of this study is to propose an operation management strategy for the connectivity which are the designated and managed in sector of the transportation and logistics on the national critical infrastructures. The industrial structure is becoming advanced. The national critical infrastructure managed by the shows forms of the cooperative connection and collaborative R&D. Also, in-depth and specific analysis for the disaster safety budget are implemented to consideration for the R&D life cycle. The government responsibility are expanded comprehensively. Needs are exchanging life styles by the economic and safety demands. At this trends, this study encourage facility maintenance and scientific management to the public service. Throughout the result of this study, national critical infrastructure are implementing for protection plan of the sustainable maintenance and management. And, we have to prepare and implement for the consideration of the characteristics through comprehensive guidelines. This study contributes to the disaster and safety management by proposed an operation strategy of the cooperative connection in the sector of transportation and logistic sector on the national critical infrastructure.