• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.241-250
• /
• 2017

Contrary to past critical infrastructure network, current critical infrastructure network is adopting IoT devices and efficient management system using the external networks. Using this system, productivity and management efficiency could be enhanced compared to past critical infrastructure network. But cybersecurity issue could be occurred at external network connection, so cybersecurity guideline is necessary. However, critical infrastructure organizations tend to use the cybersecurity guideline issued by government because it is hard to develop cybersecurity guideline on their own. But the government's cybersecurity guideline isn't suitable for the critical infrastructure network because it doesn't include critical infrastructure's specific characteristics. Therefor, we suggested the development method of cybersecurity guideline for the critical infrastructure network based on analysing cybersecurity guideline standards and critical infrastructure networks.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.63-72
• /
• 2016

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

• Journal of Construction Engineering and Project Management
• /
• v.7 no.4
• /
• pp.1-12
• /
• 2017

India has accorded a high priority to road infrastructure development through Public-Private Partnership (PPP) and it has set a high target for investment inflows. Yet, it is widely held that road/highway infrastructure has not been developing at required pace and that the road infrastructure projects under PPP have been suffering from several hurdles and delays, thereby affecting project success/failure. This paper is an attempt to analyze the critical success/failure factors of road infrastructure projects under PPP in India. A questionnaire survey was conducted among a sample of the stakeholders of road infrastructure projects to identify the critical success/failure factors during all four major project stages using different approaches. Initially, the critical factors were identified through ranking based on the average/mean score. Later, the conventional RII score was used to identify the critical success/failure factors. Finally, the critical success/failure factors were also identified based on the stakeholder-wise ranking of the factors and their convergence. The assessment revealed that there was a greater convergence across the different methods and also that there was greater consensus among project stakeholder on the critical success/failure factors of road PPP projects.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.4995-5014
• /
• 2018

As the area covered by the CPS grows wider, agencies such as public institutions and critical infrastructure are collectively measuring and evaluating information security capabilities. Currently, these methods of measuring information security are a concrete method of recommendation in related standards. However, the security controls used in these methods are lacking in connectivity, causing silo effect. In order to solve this problem, there has been an attempt to study the information security management system in terms of maturity. However, to the best of our knowledge, no research has considered the specific definitions of each level that measures organizational security maturity or specific methods and criteria for constructing such levels. This study developed an information security maturity model that can measure and manage the information security capability of critical infrastructure based on information provided by an expert critical infrastructure information protection group. The proposed model is simulated using the thermal power sector in critical infrastructure of the Republic of Korea to confirm the possibility of its application to the field and derive core security processes and goals that constitute infrastructure security maturity. The findings will be useful for future research or practical application of infrastructure ISMSs.

• International Journal of Contents
• /
• v.5 no.3
• /
• pp.71-78
• /
• 2009

Recently, interest has heightened over 'critical infrastructures' and their reliability in the face of potential terrorist attack. Assault on any of the critical infrastructures as transportation, power, water, telecommunications, and financial services, entails great consequences for their users as well as the other interdependent critical infrastructures. How to protect our vital critical infrastructures is the key question in this paper. The purpose of this article is to suggest the implications for crisis and emergency management to protect the critical infrastructures in our society. For achieving the purpose, we examined the concept of comprehensive security, national crisis, and critical infrastructure and, using the holistic approach, we examined the comprehensive emergency management for suggesting the implications for establishing the critical infrastructure protection system; building up the high reliability organization, organizing and partnering, assessing the risk, preparing first responders, working with private owners of critical infrastructures, working with communities, improving the administrative capacity.

• Journal of Digital Convergence
• /
• v.17 no.8
• /
• pp.105-113
• /
• 2019

The purpose of this study is to analyze cyber security risk modeling of critical infrastructure, draw out limitations and improvement measures. This paper analyzed cyber security risk modeling of national critical infrastructure like as electricity sector, nuclear power plant, SCADA. This paper analyzed the 26 precedent research cases of risk modeling in electricity sector, nuclear power plant, SCADA. The latest Critical Infrastructure is digitalized and has a windows operating system. Critical Infrastructure should be operated at all times, it is not possible to patch a vulnerability even though find vulnerability. This paper suggest the advanced cyber security modeling characteristic during the life cycle of the critical infrastructure and can be prevented.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.674-681
• /
• 2021

Cyber attacks targeting critical infrastructure are on the rise. Critical infrastructure is defined as core infrastructures within a country with a high degree of interdependence between the different structures; therefore, it is difficult to sufficiently protect it using outdated cybersecurity techniques. In particular, the distinction between the physical and logical risks of critical infrastructure is becoming ambiguous; therefore, risk management from a comprehensive perspective must be implemented. Accordingly, as a means of further actively protecting critical infrastructure, major countries have begun to apply their security and cybersecurity systems by design, as a more expanded concept is now being considered. This proactive security approach (CSbD, Cybersecurity by Design) includes not only securing the stability of software (SW) safety design and management, but also physical politics and device (HW) safety, precautionary and blocking measures, and overall resilience. It involves a comprehensive security system. Therefore, this study compares and analyzes security by design measures towards critical infrastructure that are leading the way in the US, Europe, and Singapore. It reflects the results of an analysis of optimal cybersecurity solutions for critical infrastructure. I would like to present a plan for applying by Design.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.83-90
• /
• 2022

Public-private partnerships (PPP) projects are becoming popular in both developed and developing countries due to their ability to access new financing sources and transfer certain project risks to the private sector. PPP has been an active research area where the concept of Critical Success Factors (CSF) is often discussed by researchers. This study aims to identify the CSFs for various PPP infrastructure projects that have been explored in previous CSF studies. This article reviewed the literature about CSF in PPP projects from the years 2002 to 2021, compared the findings of studies regarding the identified CSFs, and consolidated the CSFs that can be applied to various PPP infrastructure projects. The results showed that dominant research focused on general infrastructure, where CSFs can be applied to all infrastructure sectors rather than any specific sector. The most identified CSFs from the study are favorable and efficient legal frameworks, appropriate risk allocation and sharing, a robust and reliable private consortium, a competitive and transparent procurement process, and political support and stability. The findings from the study can provide an overview of CSFs that are relevant to specific PPP infrastructure sectors like building infrastructure, transportation, water, etc. as well as for general infrastructure. In addition, the results can also be used for further empirical analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.163-176
• /
• 2017

Recently, the critical infrastructure is changing from the existing closed environment to an open environment, and it is becoming a new target of cyber-threats by expanding into cyberspace. In addition, due to the development of information and communications technology(ICT), the interdependence among critical infrastructure is increasing. Previous studies ranged from trend investigation and policy discussions to protection, but separate studies on the diagnosis of the current status and appropriateness judgment for efficient policy implementation were not performed. Therefore, this study compares and analyzes three international indicators that measure the level of cyber security in each country in order to build a new index to measure the level of cyber security of critical infrastructure in the USA, Japan, UK, Germany, Norway, and Korea. It is hoped that this study will serve as a basis for expanding Korean influence and building trust among countries in future cyberspace.

• Journal of Platform Technology
• /
• v.9 no.3
• /
• pp.18-23
• /
• 2021

As it develops into a hyper-connected society, the role of information and communication is greatly increasing. In the event of a communication disaster, it will cause a significant impact on social infrastructure, suspension of the national critical infrastructure services, and the lives of the people. In addition, the information communication sector needs systematic management to create an information communication environment that is safe from disasters because dependence on the information communication sector has increased rapidly as the industrial structure has advanced. In this paper, we analyzed the types and risks of disasters that may occur to the information communication infrastructure that play important roles in national critical infrastructure, such as information communications, finance, health and healthcare, for systematic management. In the event of a disaster in the information communication infrastructure, it is believed that it will have a significant impact on the national critical infrastructure service suspension and people's lives.