• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.4
• /
• pp.664-673
• /
• 2018

The industrial control system (ICS) has operated as a closed network in the past, but it has recently been linked to information and communications services and has been causing damage due to cyber attacks. As a countermeasure, the Information Communication Infrastructure Protection Act was enacted, but it cannot be applied to various real control environments because there is only a one-way policy-from a control network to a business network. In addition, IEC62443 defines an industrial control system reference model as an international standard, and suggests an area security model using a firewall. However, there is a limit to linking an industrial control network, operating as a closed network, to an external network only through a firewall. In this paper, we analyze the security model and research trends of the industrial control system at home and abroad, and propose an industrial control system security model that can be applied to the actual interworking environments of various domestic industrial control networks. Also, we analyze the security of firewalls, industrial firewalls, network connection equipment, and one-way transmission systems. Through a domestic case and policy comparison, it is confirmed that security is improved. In the era of the fourth industrial revolution, the proposed security model can be applied to security management measures for various industrial control fields, such as smart factories, smart cars, and smart plants.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.15-32
• /
• 2020

Increasing uncertainties in the technological innovation environment and increasing technology competition also present new challenges in terms of industrial technology security. Therefore, the purpose of this study was to identify the direction of policy change necessary for the improvement of related policies in the future by examining the importance and implementation of the government's industrial technology security support policies for small and medium-sized enterprises engaged in industrial technology innovation activities. As a result of the analysis, first of all, small and medium-sized enterprises that responded to the government's industrial technology security support policy were perceived to be less performing than the importance of the program. These results can be said to mean that selective budget expansion for related policy programs may be necessary, along with efforts to improve the quality of each program. Second, an analysis of the differences in group recognition between new technology certification firms and industrial technology verification(certification) companies showed that significant differences exist between groups for the program. These results suggest that more effective operation of the relevant policies may require policy enforcement in consideration of the level of security and will of each company in industrial technology, as much as the quantitative characteristics of the entity. This study is meaningful in providing the necessary policy directional basic information for the design and execution of more specific and effective industrial technology security policies by presenting empirical research results that domestic small and medium-sized enterprises are aware of about the government's industrial technology security policies.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.99-108
• /
• 2020

Unlike a general IT environment, an industrial control system is an environment where stability and continuity are more important than security. In the event of a security accident in the industrial control system, physical motion can be controlled, so physical damage can occur and physical damage can even result in personal injury. Cyber attacks on industrial control systems are not simply cyber damage, but terrorism. However, the security of industrial control systems has not been strengthened yet, and many vulnerabilities are actually occurring. This paper shows that the PLC can be remotely controlled by analyzing the connection process and packets for the PLC protocol used in the industrial control system and bypassing the security mechanism existing in the protocol. Through this, we intend to raise the security awareness of the industrial control system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.757-770
• /
• 2020

Industrial Control System(ICS) is a system that measures, monitors, and controls various distributed assets, and is used in industrial facilities such as energy, chemical, transportation, water treatment, and manufacturing plants or critial infrastructure. Because ICS system errors and interruptions can cause serious problem and asset damage, research on prevention and minimization of security threats in industrial control systems has been carried out. Previously wireless communication was applied in limited fields to minimize security risks, but the demand for industrial wireless communication devices is increasing due to ease of maintenance and cost advantages. In this paper, we analyzed the security threats of industrial wireless communication devices supporting WirelessHART and ISA100.11a. Based on the analysis results, we proposed the security requirements for adopting and operating industrial wireless communication devices. We expect that the proposed requirements can mitigate security threats of industrial wireless devices in ICS.

• Convergence Security Journal
• /
• v.15 no.6_2
• /
• pp.141-149
• /
• 2015

Modern society is to have an significant impact on the competitiveness of the country in which the economic value is very high occupancy and ensure a state-of-the-art science and technology. The country's core technology or industry security crimes going seized state-of-the-art technology firms can threat of damage to the country's economic security. In particular, the defense industry serious crime that is directly related to national security. The company's core technology and trade secrets leaked once the industrial countries must prevent security breaches and offenses of strict punishment measures because it is impossible to recover. Also, some advanced countries directly has been operating industrial security crime for the country's economy and national security. In recent years, Nation core technology infringement cases are rapidly increasing in the country. In addition, industrial security crime threat to national security. Therefore, the industry security crimes damage to the national security that infringe on the business secrets of core technologies and businesses. It is necessary to identify that industry security crime associated with the visibility of the broad scope of intellectual property protection.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.59-68
• /
• 2016

Recently, many domestic and foreign industries is increasing gradually in the importance of security such as the emergence of a Convergence Information Technology(internet of things, cloud computing service, big data etc). Among these techniques, the industrial security market is expected to grow gradually and the evolution of security technologies, as well as vulnerabilities are also expected to increase. Therefore, an increase in physical vulnerability factors it is no exaggeration to standards that are determining the security of industrial security. In this paper will be analyzed to the physical security technology and case study, physical vulnerability factor. Thereby this is expected to be utilized as a basis for the countermeasure of physical corresponding infringement and attack in a future.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.173-180
• /
• 2019

As the 4^th Industrial Revolution(Industry 4.0), symbolized as CPS(Cyber Physical System), spreads around the world, it is essential to establish a converged security infrastructure to secure technical stability and reliability of various cyber systems to be implemented in the future. In this study, we will investigate the phenomenon of broad convergence security industry and technology including the concept of life safety in relation to the spread of the 4^th industrial revolution, and analyze the possibility of linkage between related knowledge to promote academic-industrial cooperation necessary for the convergence of security. we would like to propose a comprehensive development policy on human resource development, technology development and policy improvement.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.12
• /
• pp.265-270
• /
• 2019

In order to protect the advancement of defense technology that has a tremendous e?ect on both the national security and the economy, the Republic of Korea established the Defense Technology Security Act in 2015. As the new enactment brought changes to the landscape of the defense industry and defense industrial security, a new examination of the concept of the defense industrial security has now become necessary. Even after taking into consideration the undisclosed nature of defense industrial security research, and the fact that only the limited number of firms participates in the subject matter, scientific studies related to the topic have not been active. However, with the new enactment of the Defense Technology Security Act, it is necessary to expand the scope of security and to redefine the concept of defense industrial security. In this paper, we analyzed the research works on related technology protection policies and our environment of the defense industry in order to conceptualize defense industrial security. The established concepts are expected to provide a systematic way to protect the confidential and defense technology.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.135-140
• /
• 2022

The purpose of this study is to develop security subjects that require engineering security knowledge. In particular, Engineering knowledge is required to perform security tasks such as smart factory security. However, although there are similar specialties such as mechanical security instructors, industrial security managers, and industrial security specialists(CPP), they are not based on engineering knowledge. Accordingly, Delphi analysis through expert interviews was used to derive a job analysis of security engineering. And I was able to sort out the necessary knowledge. Research Results 1-Line Security for Perimeter Security Architectural Structure, Architectural Dynamics, Including Septed, Control instrumentation including smart factory security for building security with 2-Line security, With 3-Line security, it was divided into ergonomics and mechanical expenses for indoor security. As a result of the survey, by age, those in their 30s showed the highest response with 75.8%, and by job, industrial security officers with 76.4%. This could be seen as a desire for a environmental security engineering certificate by practitioners in the industrial security field.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.358-360
• /
• 2022

Modern society is developing rapidly and technologies that provide convenience in living are developing day by day. On the other hand, the development of cyber attacks that threaten cybersecurity is developing faster, and it still adversely affects the industrial environment, and industrial damage is steadily occurring every year. Industrial security is an activity that safely protects major assets or technologies of companies and organizations from these attacks. Therefore, it is a situation that requires professional manpower for security. Currently, the manpower situation for security is staffed, but knowledge of the understanding and concept of industrial security jobs is insufficient. In other words, there is a lack of professional manpower for industrial security. It is the NCS that came out to solve this problem. NCS is the state standardized ability (knowledge, attitude, skills, etc.) necessary to perform duties in the industrial field. NCS can systematically design the curriculum using NCS as well as help in hiring personnel, and NCS can be applied to the national qualification system. However, in the field of industrial security, NCS has not yet been developed and is still having difficulties in hiring personnel and curriculum. Although the NCS system in the field of industrial security has not been developed, this paper proposes the industrial security NCS to solve the problem of hiring professionals later and to help the field of industrial security NCS to be established later.