• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.2
• /
• pp.39-48
• /
• 2022

The application of digital technology to instrumentation and control systems in nuclear power plants has overcome many shortcomings of analog technology, but the threat of cybersecurity has increased. Along with other systems, the reactor protection system also uses digital-based equipment, so responding to cybersecurity threats is essential. We generally determine cybersecurity threats according to the role and function of the system. However, since the instrumentation and control system has various systems linked to each other, it is essential to analyze cybersecurity threats together between the connected systems. In this paper, we analyze the cybersecurity threat of the reactor protection system with the associated facilities. To this end, we quantitatively identified the risk of the reactor protection system by considering safety functions, a communication type, the use of analog or digital-based equipment of the associated systems, and the software vulnerability of the configuration module of the reactor protection system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.99-109
• /
• 2020

In the past, conservative concepts have been applied in terms of the characteristic of nuclear power plants(NPPs), resulting in analog-based equipment and closed networks. However, as digital technology has recently been applied to the design, digital-based facilities and communication networks have been used in nuclear power plants, increasing the risk of cybersecurity than using analog-based facilities. Nuclear power plant facilities are divided into a safety system and a non-safety system. It is essential to identify the difference and cope with cybersecurity threats to the safety system according to its characteristics. In this paper, we examine the cybersecurity regulatory guidelines for safety systems in nuclear power plant facilities. Also, we analyze cybersecurity threats to a programmable logic controller of the safety system and suggest cybersecurity requirements be applied to it to respond to the threats. By implementing security functions suitable for the programmable logic controller according to the suggested cybersecurity requirements, regulatory guidelines can be satisfied, and security functions can be extended according to other system requirements. Also, it can effectively cope with cybersecurity attacks that may occur during the operation of nuclear power plants.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.17 no.1
• /
• pp.35-44
• /
• 2021

With the development of information technology, the cybersecurity threat continues as digital-related technologies are applied to the instrumentation and control system of nuclear power plants. The malfunction of the instrumentation and control system can cause economic damage due to shutdown, and furthermore, it can lead to national disasters such as radioactive emissions, so countering cybersecurity threats is an important issue. In general, the study of cybersecurity in instrumentation and control systems is concentrated on safety systems, and diverse protection systems perform protection and reactor shutdown functions, leading to reactor shutdown or, in the worst case, non-stop situations. To accurately analyze cyber threats in the diverse protection system, its linked facilities should be analyzed together. Risk analysis should be conducted by analyzing the potential impact of inter-facility cyberattacks on related facilities and the impact of cybersecurity on each configuration module of the diverse protection system. In this paper, we analyze the linkage of the diverse protection system and discuss the cybersecurity linkage threat by analyzing the availability of equipment, the cyber threat impact of the linked equipment, and the configuration module's cybersecurity vulnerability.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.3
• /
• pp.25-38
• /
• 2023

Instrumentation and control systems measure and control various variables of nuclear facilities to operate nuclear power plants safely. A diverse protection system, a representative instrumentation and control system, generates a reactor trip and turbine trip signal by high pressure in a pressurizer and containment to satisfy the design requirements 10CFR50.62. Also, it generates an auxiliary feedwater actuation signal by low water levels in steam generators. Cybersecurity has become more critical as digital technology is gradually applied to solve problems such as performance degradation due to aging of analog equipment, increased maintenance costs, and product discontinuation. This paper analyzed possible cybersecurity threat scenarios in the diverse protection system using attack trees. Based on the analyzed cybersecurity threat scenario, we calculated the probability of attack occurrence and confirmed the cybersecurity risk in connection with the asset value.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.11-16
• /
• 2022

The main purpose of the study is to determine the main elements of the state management of the development of national cybersecurity. Cybersecurity ensures the protection of the properties of information resources and the operability of technical and software users and is directed against relevant cyber incidents. Therefore, today it is impossible to ignore the importance of public administration of the processes taking place in it. The methodological support of our study is determined by its goals and objectives and is based on the use of a combination of general scientific and special methods of scientific knowledge, which ensured the completeness and reliability of the results obtained. The article has limitations and concerns the lack of practical implementation of the research results. The study is purely theoretical to reflect the main aspects of the modern system of state management of the development of national cybersecurity. Further research requires an analysis of the world experience of state management of the development of national cybersecurity.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.6
• /
• pp.299-312
• /
• 2023

Recently, the electronic control unit (ECU) has been integrating several functions into one beyond simple convenience functions. Accordingly, ECUs have more functions and external interfaces than before, and various cybersecurity problems are arising. The United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations (WP.29) issued UN Regulation No.155 to establish international standards for vehicle cybersecurity management systems in light of the growing threats to vehicle cybersecurity. According to international standards, vehicle manufacturers are required to establish a Cybersecurity Management System (CSMS) and receive a Vehicle Type Approval (VTA). However, opinions were raised that the implementation period should be adjusted because domestic preparations for this are insufficient. Therefore, in this paper, we propose a web-based solution that maps a checklist to check the status of CSMS in the requirement and various vehicle security companies and solutions to mitigate the identified gap.

• Journal of the Society of Disaster Information
• /
• v.17 no.2
• /
• pp.375-390
• /
• 2021

Purpose: Most of cybersecurity breaches occur in SMEs. As the existing cybersecurity framework and certification system are mainly focused on financial and large companies, it is difficult for SMEs to utilize it due to lack of cybersecurity budget and manpower. So it is necessary to come up with measures to allow SMEs to voluntarily manage cyber risks. Method: After reviewing Cybersecurity market, cybersecurity items of financial institutions, cybersecurity framework comparison and cybersecurity incidents reported in the media, the criticality of cybersecurity items was analyzed through AHP analysis. And cybersecurity items of non-life insurers were also investigated and made a comparison between them. Result: Cyber risk management methods for SMEs were proposed for 20 major causes of cyber accidents. Conclusion: We hope that the cybersecurity risk assessment measures of SMEs in Korea will help them assess their risks when they sign up for cyber insurance, and that cyber risk assessment also needs to be linked to ERM standardization.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2013

Cyber attacks threaten the national security in this day and age. The government of the Republic of Korea recently released the National Cyber Security Comprehensive Countermeasures as a new cybersecurity policy. But current legal system cannot provide legal basis for the implementation of such measures. The current legal system related to cybersecurity is applied in each sector, thus the governance system in cybersecurity is separate. So there are many problems in the governance system in cybersecurity. To solve these problems fundamentally, it is righter to make a new cybersecurity law than to revise existing laws. Meanwhile, lawmakers proposed some bills in Congress to strengthen the cybersecurity in Korea in 2013. It will increase possibility of legislation of cybersecurity act to make a law through the analysis of these bills and to derive the essential elements from those. and to reflect these in the new cybersecurity act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.241-250
• /
• 2017

Contrary to past critical infrastructure network, current critical infrastructure network is adopting IoT devices and efficient management system using the external networks. Using this system, productivity and management efficiency could be enhanced compared to past critical infrastructure network. But cybersecurity issue could be occurred at external network connection, so cybersecurity guideline is necessary. However, critical infrastructure organizations tend to use the cybersecurity guideline issued by government because it is hard to develop cybersecurity guideline on their own. But the government's cybersecurity guideline isn't suitable for the critical infrastructure network because it doesn't include critical infrastructure's specific characteristics. Therefor, we suggested the development method of cybersecurity guideline for the critical infrastructure network based on analysing cybersecurity guideline standards and critical infrastructure networks.

• Journal of Biomedical Engineering Research
• /
• v.44 no.2
• /
• pp.99-108
• /
• 2023

According to the COVID-19, development of various medical software based on IoT(Internet of Things) was accelerated. Especially, interest in a central software system that can remotely monitor and control ventilators is increasing to solve problems related to the continuous increase in severe COVID-19 patients. Since medical device software is closely related to human life, this study aims to develop central monitoring system that can remotely monitor and control multiple ventilators in compliance with medical device software development standards and to verify performance of system. In addition, to ensure the safety and reliability of this central monitoring system, this study also specifies risk management requirements that can identify hazardous situations and evaluate potential hazards and confirms the implementation of cybersecurity to protect against potential cyber threats, which can have serious consequences for patient safety. As a result, we obtained medical device software manufacturing certificates from MFDS(Ministry of Food and Drug Safety) through technical documents about performance verification, risk management and cybersecurity application.