• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.843-859
• /
• 2018

Cybersecurity has emerged as a serious problem in Korea and there have been relevant movements to improve domestic cybersecurity policy and system. However, discussions have yet to result in actual progress and the legislation for improvement of cybersecurity policy and system have been stagnant until now. As evidenced by the introduction of primary government legislation bill for national cybersecurity in 2017, the preparations for improvements to the policy and system are still in progress. However, we cannot be positive about the possibility of implementing these improvements during the process. Recognition of the importance of cybersecutiry has gradually risen and is more prevalent than in years past, however, in-depth discussions are not being made. In principle, misunderstandings about cybersecurity itself and insufficient understandings of the relevant legislation seem to cause such problems. Therefore, it is necessary to review key issues related to the improvement of cybersecurity policy and system and reconsider tasks for the future. Such issues include the relationship between cybersecurity and fundamental rights, establishing responsibility and capability of each of entities for cybersecurity, and the role of the military in cybersecurity. This type of in-depth discussion will be helpful for finding ways to improve upon cybersecurity policy and system. Moreover, this study aims to key issues with questionnaire survey and political and normative inquiry.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.9
• /
• pp.1666-1673
• /
• 2017

Republic of Korea is divided into South Korea and North Korea, creating military conflicts and social conflicts. North Korea is conducting cyberattacks against South Korea and has hacked South Korea's defense network. In the world of cyberspace, the boundaries of the borders are becoming obscured, and cyberattacks and cyberterrorism for cyberwarfare operate with digital computing connected to points, time and space. Agenda and manual are needed for national cybersecurity. Also, it is necessary to study national cybersecurity laws and policies that can create and implement nationalcyber security policy. This paper investigates cyberterrorism situation in North and South Korean confrontation situation and damage to cyberwarfare in the world. We also study cybersecurity activities and cyberwarfare response agendas, manuals and new technologies at home and abroad. And propose national cybersecurity policy and propose policies so that '(tentative) The National Cybersecurity Law' is established. This study will be used as basic data of national cybersecurity law and policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.907-918
• /
• 2019

The purpose of this study is to understand the cybersecurity policies and critical infrastructure protection of the United States through analyzing Donald Trump's administration executive orders, the national cyber strategy, and the legislation. The analysis has three findings. First, the Department of Homeland Security (DHS) became a main agent in the cybersecurity while the role of the White House was reduced. Second, Trump's administration expanded its role and mission in the policy area by extending the meaning of critical infrastructure. Third, in the case of cyber threats, the government can be involved in the operation of critical infrastructures in the private sector. The opinions of the professional bureaucrats and DHS were more reflected in the direction of the cybersecurity policy than those of the White House. In contrast to Barack Obama's administration, the Trump administration's cybersecurity strategies were not much studied. This study provides insights for improving cybersecurity policies and critical infrastructure protection.

• Journal of information and communication convergence engineering
• /
• v.18 no.2
• /
• pp.94-99
• /
• 2020

Real cyberterrors are invisible and difficult to identify. Even after a cyberattack, its origin and cause are difficult to determine. Cyberterrorism results in invisible cyberwars, and it is believed that World War IV will begin with a cyberwarfare. For national cybersecurity, information on cybersecurity must be collected, shared, and disseminated. In this study, we investigate a blockchain system designed based on the World Cybersecurity Agreement. National cybersecurity information is linked to the hyperledger blockchain system network through the National Cybersecurity Center. National cybersecurity information designs and uses a secure protocol for protection; further, it is collected, shared, and disseminated to treaty countries. National cybersecurity information is shared and spread by the hyperledger blockchain system, and it uses a cyberdefense system that responds to the cyberattacks and their origin. This paper serves as a policy and legislation guideline for forming a World Cybersecurity Agreement between countries.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.249-267
• /
• 2018

The US cybersecurity workforce policy is being pursued comprehensively and systematically, based on the NICE established initiated in 2010. Security Technologies, one of the eight areas of Advanced Technology Education(ATE) of the National Science Foundation(NSF) included in the STEM. This policy has been comprehensively promoted in conjunction with NICE, and this security technology field is operated with five detailed programs. In this paper, we examine in detail five cybersecurity workforce development programs supported by ATE, and compare them with the current status cultivation of cybersecurity workforce in Korea. After finding out the problems and improvements by comparison with the current situation of cybersecurity workforce development in Korea, we propose several implementations of nation-wide strategies for cultivating new cybersecurity workforce in Korea.

• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.87-107
• /
• 2018

In March 2017, the State of New York became the first state to implement regulation specific to cybersecurity for financial institutions. Unlike previous regulations regarding information security, it has set a minimum requirements to establish cybersecurity program based on risk assessment results, protect Nonpublic Information, designate of CISO, and report to regulatory entity. This paper presents a need for a new cybersecurity policy in Korea by examining newly adopted cybersecurity regulation in the United States. Finally, the paper identify policy suggestions based on the United States's approach as they have successfully implemented the program.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.39-54
• /
• 2022

Recently, the importance of collecting, analyzing, and real-time sharing of various cybersecurity data has emerged in order to effectively respond to intelligent and advanced cyber threats. To cope with this situation, Korea is making efforts to expand its cybersecurity data sharing system, but many private companies are unable to participate in the cybersecurity data sharing system due to a lack of budget and professionals to collect cybersecurity data. In order to solve such problems, this paper analyzes the research and development trends of existing domestic and foreign cyber security data sharing systems, and based on that, propose a cybersecurity data sharing system model with a hierarchical structure that considers the size of the organization and a step-by-step security policy that can be applied to the model. In the case of applying the model proposed in this paper, it is expected that various private companies can expand their participation in cybersecurity data sharing systems and use them to prepare a response system to respond quickly to intelligent security threats.

• Electronics and Telecommunications Trends
• /
• v.39 no.3
• /
• pp.48-57
• /
• 2024

Cyberthreats and crimes have become common in society and demand the adoption of robust security measures. Financial cybercrimes, personal information breaches, and spam messages are now prevalent, while companies and nations face an increasing number of cyberthreats and attacks such as distributed denial of service, ransomware, and malware. As the overall socioeconomic landscape undergoes digitalization powered by big data, cloud computing, and artificial intelligence technologies, the importance of cybersecurity is expected to steadily increase. Developed nations are actively implementing various policies to strengthen cybersecurity and providing government support for research and development activities to bolster their domestic cybersecurity industries. In particular, the South Korean government has designated cybersecurity as one of the 12 nationwide strategic technology sectors. We examine the current landscape of cybersecurity companies and the information and communication technology supply chain, providing insights into the domestic cybersecurity market and suggesting implications for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.123-139
• /
• 2020

In 1987, Computer Security Act was enacted, requiring computer security awareness and practical training for federal workforce. This is the beginning of US development of federal cybersecurity workforce. It has been strengthening the development of federal cybersecurity workforce policy by establishing OPM regulations and OMB circulation in cases where it is difficult to define by law. Through GISRA 2000 and FISMA 2002, which has been improved, it played a central role for development of federal cybersecurity workforce for more than 10 years. Since then, FISMA 2014 has been enacted as a necessity for supplementing technology and policy. In 2014, the importance of cyber security personnel in US federal agencies has been increased even more, by enacting a single law on cybersecurity workforce twice. We will review the current state of Korea's development of cybersecurity workforce by reviewing and analyzing the development and federal cybersecurity workforce in the United States.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.91-98
• /
• 2013

Cyber attacks threaten the national security in this day and age. The government of the Republic of Korea recently released the National Cyber Security Comprehensive Countermeasures as a new cybersecurity policy. But current legal system cannot provide legal basis for the implementation of such measures. The current legal system related to cybersecurity is applied in each sector, thus the governance system in cybersecurity is separate. So there are many problems in the governance system in cybersecurity. To solve these problems fundamentally, it is righter to make a new cybersecurity law than to revise existing laws. Meanwhile, lawmakers proposed some bills in Congress to strengthen the cybersecurity in Korea in 2013. It will increase possibility of legislation of cybersecurity act to make a law through the analysis of these bills and to derive the essential elements from those. and to reflect these in the new cybersecurity act.