• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.73-80
• /
• 2020

Due to the expansion of cyber space, war patterns are also changing from traditional warfare to cyber warfare. Cyber warfare is the use of computer technology to disrupt the activities of nations and organizations, especially in the defense sector. However, the defense against effective cyber threat environment is inadequate. To complement this, a new cyber warfare operation concept is needed. In this paper, we study the concepts of cyber intelligence surveillance reconnaissance, active defense and response, combat damage assessment, and command control in order to carry out cyber operations effectively. In addition, this paper proposes the concept of cyber warfare operation that can achieve a continuous strategic advantage in cyber battlefield.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.57-69
• /
• 2012

C4ISR system is an important tool for military operational command and control. Therefore, it is frequently exposed to the cyber-terror attempt to paralyze the military command and control system. Generally, the information system uses IDS and firewall as major security computing tools. C4ISR system also uses them as major measures for the information protection. But the usefulness of IDS is reduced due to the frequent false-positives and false-negatives if the behavioral patterns are modified or new behavioral patterns appear. This paper presents new IDS structure which can create modified attack patterns and unexpected attack patterns automatically during IDS probing process. The proposed IDS structure is expected to enhance the information protection capability of the C4ISR system by reducing false-positives and false-negatives through the creation and verification of new attack patterns.

• Journal of Digital Contents Society
• /
• v.19 no.6
• /
• pp.1185-1195
• /
• 2018

Industrial Control System (ICS) is a system that carry out monitoring and controls of industrial control process and is applied in infrastructure such as water, power, and gas. Recently, cyber attacks such as Brutal Kangaroo, Emotional Simian, and Stuxnet 3.0 have been continuously increasing in ICS, and these security risks cause damage of human life and massive financial losses. Attacks on the control layer among the attack methods for ICS can malfunction devices of the field device layer by manipulating control commands. Therefore, in this paper, we propose a mechanism that apply the SDN between the control layer and the field device layer in the industrial control system and to determine whether the control command is legitimate or not and we show simulation results on a simply composed control system.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.87-101
• /
• 2022

Cyber-attacks occur in the blink of an eye in cyberspace, and the damage is increasing all over the world. Therefore, it is necessary to develop a cyber common operational picture that can grasp the various assets belonging to the 3rd layer of cyberspace from various perspectives. By applying the method for grasping battlefield information used by the military, it is possible to achieve optimal cyberspace situational awareness. Therefore, in this study, the visualization screens necessary for the cyber common operational picture are identified and the criteria (response speed, user interface, object symbol, object size) are investigated. After that, the framework is designed by applying the identified and investigated items, and the visualization screens are implemented accordingly. Finally, among the criteria investigated by the visualization screen, an experiment is conducted on the response speed that cannot be recognized by a photograph. As a result, all the implemented visualization screens met the standard for response speed. Such research helps commanders and security officers to build a cyber common operational picture to prepare for cyber-attacks.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.99-113
• /
• 2021

In these days, as cyberspace has been recognized as the fifth battlefield area following the land, sea, air, and space, attention has been focused on activities that view cyberspace as an operational and mission domain in earnest. Also, in the 21st century, cyber operations based on cyberspace are being developed as a 4th generation warfare method. In such an environment, the success of the operation is determined by the commander's decision. Therefore, in order to increase the rationality and objectivity of such decision-making, it is necessary to systematically establish and select a course of action (COA). In this study, COA is established by using the method of classifying operational elements necessary for cyber operation, and it is intended to suggest a direction for quantitative evaluation of COA. To this end, we propose a method of composing the COES (Cyber Operational Elements Set), which becomes the COA of operation, and classifying the cyber operational elements identified in the target development process based on the 5W1H Method. In addition, by applying the proposed classification method to the cyber operation elements used in the STUXNET attack case, the COES is formed to establish the attack COAs. Finally, after prioritizing the established COA, quantitative evaluation of the policy was performed to select the optimal COA.

• Journal of Internet Computing and Services
• /
• v.25 no.1
• /
• pp.157-166
• /
• 2024

The Army TIGER System, which is being deployed to implement a future combat system, is expected to bring innovative changes to the army's combat methods and comabt execution capability such as mobility, networking and intelligence. To this end, the Army will introduce various systems using drones, robots, unmanned vehicles, AI(Artificial Intelligence), etc. and utilize them in combat. The use of various unmanned vehicles and AI is expected to result in the introduction of equipment with new technologies into the army and an increase in various types of transmitted information, i.e. data. However, currently in the military, there is an acceleration in research and combat experimentations on warfigthing options using Army TIGER forces system for specific functions. On the other hand, the current reality is that research on cyber threats measures targeting information systems related to the increasing number of unmanned systems, data production, and transmission from unmanned systems, as well as the establishment of cloud centers and AI command and control center driven by the new force systems, is not being pursued. Accordingly this paper analyzes the structure and characteristics of the Army TIGER force integration system and makes suggestions for necessity of building, available cyber defense solutions and Army TIGER integrated cyber protections system that can respond to cyber threats in the future.

• Journal of Positioning, Navigation, and Timing
• /
• v.12 no.4
• /
• pp.437-445
• /
• 2023

A space system refers to a network of sensors, ground systems, and space-craft operating in space. The security of space systems relies on information systems and networks that support the design, launch, and operation of space missions. Characteristics of space operations, including command and control (C2) between space-craft (including satellites) and ground communication, also depend on wireless frequency and communication channels. Attackers can potentially engage in malicious activities such as destruction, disruption, and degradation of systems, networks, communication channels, and space operations. These malicious cyber activities include sensor spoofing, system damage, denial of service attacks, jamming of unauthorized commands, and injection of malicious code. Such activities ultimately lead to a decrease in the lifespan and functionality of space systems, and may result in damage to space-craft and, lead to loss of control. The Cybersecurity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) matrix, proposed by Massachusetts Institute of Technology Research and Engineering (MITRE), consists of the following stages: Reconnaissance, Resource Development, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command & Control, Exfiltration, and Impact. This paper identifies cybersecurity activities in space systems and satellite navigation systems through the National Institute of Standards and Technology (NIST)'s standard documents, former U.S. President Trump's executive orders, and presents risk management activities. This paper also explores cybersecurity's tactics attack techniques within the context of space systems (space-craft) by referencing the Sparta ATT&CK Matrix. In this paper, security threats in space systems analyzed, focusing on the cybersecurity attack tactics, techniques, and countermeasures of space-craft presented by Space Attack Research and Tactic Analysis (SPARTA). Through this study, cybersecurity attack tactics, techniques, and countermeasures existing in space-craft are identified, and an understanding of the direction of application in the design and implementation of safe small satellites is provided.

• Transactions of the Korean Society of Mechanical Engineers A
• /
• v.38 no.3
• /
• pp.323-328
• /
• 2014

Recently, there has been demand for the convergence of IT (Information and communication Technologies, ICT) with defense, as has already been achieved in civilian fields such as healthcare and construction. It is expected that completely new and common requirements would emerge from the civilian and military domains and that the shape of war field would change rapidly. Many military scientists forecast that future wars would be network-centric and be based on C4I(Command, Control, Communication & Computer, Intelligence), ISR(Intelligence, Surveillance & Reconnaissance), and PGM(Precision Guided Munitions). For realizing the smart defense concept, IT should act as a baseline technology even for simulating a real combat field using virtual reality. In this paper, we propose the concept of IT-based smart defense with a focus on accurate detection in real and cyber wars, effective data communication, automated and unmanned operation, and modeling and simulation.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.1
• /
• pp.47-55
• /
• 2009

Bot is a kind of worm/virus that is remotely controlled by a herder. Bot can be used to launch distributed denial-of-service(DDoS) attacks or send spam e-mails etc. Launching cyber attacks using malicious Bots is motivated by increased monetary gain which is not the objective of worm/virus. However, it is very difficult for infected user to detect this infection of Botnet which becomes more serious problems. This is why botnet is a dangerous, malicious program. The Bot DNS Sinkhole is a domestic bot mitigation scheme which will be proved in this paper as one of an efficient ways to prevent malicious activities caused by bots and command/control servers. In this paper, we analysis botnet activities over more than one-year period, including Bot's lifetime, Bot command/control server's characterizing. And we analysis more efficient ways to prevent botnet activities. We have showed that DNS sinkhole scheme is one of the most effective Bot mitigation schemes.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.26 no.3
• /
• pp.281-301
• /
• 2023

The shipboard combat system is a key system for naval combat that supports a command and control process cycle consisting of Detect - Control - Engage in real time to ensure ship viability and conduct combat missions. Modern combat systems were developed on the basis of Open Architecture(OA) to maximize acceptance of latest technology and interoperability between systems, and actively introduced the COTS(Commercial-of-the-shelf). However, as a result of that, vulnerabilities inherent in COTS SW and HW also occurred in the combat system. The importance of combat system cybersecurity is being emphasized but cybersecurity research reflecting the characteristics of the combat system is still lacking in Korea. Therefore, in this paper, we systematically identify combat system threats by applying Data Flow Diagram, Microsoft STRIDE threat modelling methodology. The threats were analyzed using the Attack Tree & Misuse case. Finally we derived the applicable security requirements which can be used at stages of planning and designing combat system and verified security requirements through NIST 800-53 security control items.