• Proceedings of the KIEE Conference
• /
• 2008.07a
• /
• pp.203-204
• /
• 2008

Power IT is very important infrastructure in the country. In general, Power IT is disclosed to cyber attacks. To enhance cyber security in Power IT area, first of all, vulnerability in the area should be defined. In this paper, we consider the cyber security vulnerability in Power IT and introduce the vulnerability. Also, we suggest the research areas for enhancing cyber security in Power IT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.243-253
• /
• 2022

Recently, cyber attacks on national infrastructure facilities have continued to occur. As a result, the vulnerabilities of ICS-CERTs have more than doubled from last year, and the vulnerabilities to industrial control systems such as nuclear facilities are increasing day by day. Most control system operators formulate vulnerability countermeasures based on the vulnerability information sources of industrial control systems provided by ICS-CERT in the United States. However, it is difficult to apply this to the security of domestic control systems because ICS-CERT does not contain all relevant vulnerability information and does not provide vulnerabilities to domestic manufacturer's products. In this research, we will utilize publicly available vulnerability-related information such as CVE, CWE, ICS-CERT, and CPE to discover vulnerabilities that may exist in control system assets and may occur in the future. I proposed a plan that can predict possible vulnerabilities and applied it to information on major domestic control systems.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.75-80
• /
• 2015

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

• The Journal of Fisheries Business Administration
• /
• v.42 no.1
• /
• pp.57-70
• /
• 2011

Fisheries are subject to unexpected weather condition. While some change of it may be positive for some fisheries, the current state suggests that the effects will be undesirable for many fisheries. The aim of this study is to assess the vulnerability to climate change in 11 regional fisheries of Korea using the framework of IPCC. The vulnerability assessment depends upon the interrelation of three key elements; exposure, sensitivity and adaptive capacity, which were derived from Analytical Hierarchy Process method in this study. These elements would contribute to comprehend relative importance at the regional characteristics of fisheries. We compared the vulnerability index of 11 regional fisheries so as to look for strategies and adaptation methods to the impacts of potential climate change. Jeoun-Nam, Kyeong-Nam, and Jeju are identified as the most vulnerable provinces to climate change on their fisheries because they have high level of sensitivity to predicted climate change and relatively low adaptive capacity. The relatively low vulnerability of Ulsan, Gyeonggi reflects high financial independence, well-equipped infrastructure, social capital in these regions. Understanding of vulnerability to climate change suggests future research directions. This paper will provide a guide to local policy makers and fisheries managers about vulnerability and adaptation planning to climate change.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.853-862
• /
• 2021

Today, disturbance and paralysis of information and communication infrastructure by electronic infringement of national infrastructure is emerging as a threat. Accordingly, the government regularly implements the vulnerability analysis and evaluation system of major information and communication infrastructure to protect the information system and control system of major infrastructure, and invests increased human and material resources every year to efficiently operate it. However, despite the government's efforts, as infringement accidents and attempts targeting national infrastructure continue to occur, the government's resource input to prepare the information protection foundation has little effect on the information protection activity result calculation, making the evaluation system not efficient. The question arises that it is not. Therefore, in this study, we use the DEA model to review the efficient operation of the vulnerability analysis and evaluation system for major information and communications infrastructure, and suggest improvement measures to enhance the level of information protection based on the analyzed results.

• Wind and Structures
• /
• v.23 no.5
• /
• pp.449-464
• /
• 2016

Catastrophe models appraise the natural risk of the built-infrastructure simulating the interaction of its exposure and vulnerability with a hazard. Because of unique configurations and reduced number, mid/high-rise buildings present singular challenges to the assessment of their damage vulnerability. This paper presents a novel approach to estimate the vulnerability of mid/high-rise buildings (MHB) which is used in the Florida Public Hurricane Loss Model, a catastrophe model developed for the state of Florida. The MHB vulnerability approach considers the wind pressure hazard exerted over the building's height as well as accompanying rain. The approach assesses separately the damages caused by wind, debris impact, and water intrusion on building models discretized into typical apartment units. Hurricane-induced water intrusion is predicted combining the estimates of impinging rain with breach and pre-existing building defect size estimates. Damage is aggregated apartment-by-apartment and story-by-story, and accounts for vertical water propagation. The approach enables the vulnerability modeling of regular and complex building geometries in the Florida exposure and elsewhere.

• Journal of the Korean Society of Environmental Restoration Technology
• /
• v.26 no.1
• /
• pp.17-33
• /
• 2023

Disasters in coastal regions are a constant source of damage due to their uncertainty and complexity, leading to the proposal of green infrastructure as a nature-based solution that incorporates the concept of resilience to address the limitations of traditional grey infrastructure. This study analyzed trends in research related to coastal disasters and green infrastructure by conducting a co-occurrence keyword analysis of 2,183 articles collected from the Web of Science (WoS). The analysis resulted in the classification of the literature into four clusters. Cluster 1 is related to coastal disasters and tsunamis, as well as predictive simulation techniques, and includes keywords such as surge, wave, tide, and modeling. Cluster 2 focuses on the social system damage caused by coastal disasters and theoretical concepts, with keywords such as population, community, and green infrastructure elements like habitat, wetland, salt marsh, coral reef, and mangrove. Cluster 3 deals with coastal disaster-related sea level rise and international issues, and includes keywords such as sea level rise (or change), floodplain, and DEM. Finally, cluster 4 covers coastal erosion and vulnerability, and GIS, with the theme of 'coastal vulnerability and spatial technique'. Keywords related to green infrastructure in cluster 2 have been continuously appearing since 2016, but their focus has been on the function and effect of each element. Based on this analysis, implications for planning and management processes using green infrastructure in response to coastal disasters have been derived. This study can serve as a valuable resource for future research and policy in responding to and managing various disasters in coastal regions.

• Journal of Internet Computing and Services
• /
• v.9 no.4
• /
• pp.79-84
• /
• 2008

In these days, many organizations try to manage their assets in safe way due to fast change in information-communication environment. In Korea, risk analysis and vulnerability analysis for security improvement of critical asset is booming by enforcement of Act on security of information and communication infrastructure. It is obligate that each critical information infrastructure needs to get vulnerability analysis. In this paper, we proposed Object Oriented Asset Classification model for asset analysis and risk analysis.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.8C
• /
• pp.838-848
• /
• 2005

Most of the national critical key infrastructure, such as power, piped gas and water supply facilities, or the high-speed railroad, is run on the SCADA system. Recently, concerns have been raised about the possibility of these facilities being attacked by cyber terrorists, hacking, or viruses. Thus, it is time to adopt the relevant security management techniques. This paper attempts to propose such security management techniques, including information protection measures and troubleshooting, based on a risk analysis process concerning assets, threats/vulnerability, and hazards, and to examine the security management status of critical key infrastructure in the U.S. and Japan.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.11-17
• /
• 2022

Cyber attacks on national infrastructure, including large-scale power outages in Ukraine, have continued in recent years. As a result, ICS-CERT vulnerabilities have doubled compared to last year, and vulnerabilities to industrial control systems are increasing day by day. Most control system operators develop vulnerability countermeasures based on the vulnerability information sources provided by ICS-CERT in the United States. However, it is not applicable to the security of domestic control systems because it does not provide weaknesses in Korean manufacturers' products. Therefore, this study presents a vulnerability analysis framework that integrates CVE, CWE, CAPE, and CPE information related to the vulnerability based on ICS-CERT information (1843 cases). It also identifies assets of nuclear facilities by using CPE information and analyzes vulnerabilities using CVE and ICS-CERT. In the past, only 8% of ICS-CERT's vulnerability information was searched for information on any domestic nuclear facility during vulnerability analysis, but more than 70% of the vulnerability information could be searched using the proposed methodology.