• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.421-424
• /
• 2009

SCADA control systems and protocols are developed based on reliability, availability, and speed but with no or little attention paid to security. Specifically in Modbus protocol, there are inherent security vulnerabilities in their design. The lack of common security mechanisms in the protocol such as authentication, confidentiality and integrity must be addressed. In this paper, security vulnerabilities of Modbus-based SCADA controls systems will be studied. An in-depth analysis of the message frame formats being sent between master and slave will be discussed to expose the security vulnerabilities. This will enable SCADA users to find ways to fix the security flaws of the protocol and design mitigation strategies to reduce the impact of the possible attacks. Security mechanisms are recommended to further enhance the security of SCADA control systems.

• Proceedings of the KAIS Fall Conference
• /
• 2003.11a
• /
• pp.211-215
• /
• 2003

Network security should be first considered in a distributed computing environment with frequent information interchange through internet. Clear classification is needed for information users should protect and for information open outside. Basically proper encrypted database system should be constructed for information security, and security policy should be planned for each site. This paper describes access control, user authentication, and User Security and Encryption technology for the construction of database security system from network users. We propose model of network encrypted database security system for combining these elements through the analysis of operational and technological elements. Systematic combination of operational and technological elements with proposed model can construct encrypted database security system secured from unauthorized users in distributed computing environment.

• Journal of Labour Economics
• /
• v.35 no.1
• /
• pp.55-88
• /
• 2012

This article investigates the patterns of workforce aging in each industry, and examines how changing industrial structure affected the labor-market demand for and employment security of older workers in Korea. The relative size of the industries that are major employers of older workers has relatively declined since 2001, resulting in a decrease in labor-market demand for aged persons. Changes in industrial structure that occurred during the last decade have also brought an overall deterioration in the extent of employment security of older workers. These results suggest that the economic environment surrounding policies aimed at encouraging the employment of older workers is not entirely favorable. This paper also points out that policy makers need to consider that employment conditions of older workers are highly heterogenous across industries.

• Journal of Korean Society for Quality Management
• /
• v.41 no.4
• /
• pp.649-657
• /
• 2013

Purpose: In this study, the actual situation of domestic firms vulnerable to industrial security competence will be discussed. And accordingly be discussed for effective response measures. Methods: Using a structured questionnaire by mail, fax, e-mail and fill method was used respondents. By the end of '10 R&D Center, which holds 15,247 companies(population) among the 95% level of confidence, tolerance ${\pm}3%$ p-level corporate type, sector, region extraction method stratified multi-level companies were investigated through the final 1529. Results: The average level of industrial security capabilities 43.8%(out of 100) is very weak, so urgent and positive response measures also need to be investigated sought. Conclusion: we propose the effective management framework and improvement plans to prevent illegal industrial leakage are to be made.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.139-150
• /
• 2008

Recently, financial institutes and industrial companies are adopted to security token such as OTP, smart card, and USB authentication token and so on for secure system management and user authentication. However, some research institutes have been introduced security weaknesses and problems in security tokens. Therefore, in this paper, we analyses of security functions and security requirements in security token performed by analyses of standardization documents, trends, security problems, attack methods for security tokens. Finally, we propose a CC v.3.1 based security token protection profile.

• Proceedings of the KIEE Conference
• /
• 2007.11b
• /
• pp.46-47
• /
• 2007

SCADA (Supervisory Control and Data Acquisition) system has been used fur remote measurement and control on the critical infrastructures as well as modem industrial facilities. As cyber attacks increase on communication networks. SCADA network has been also exposed to cyber security problems. Especially, SCADA systems of energy industry such as electric power, gas and oil are vulnerable to targeted cyber attack and terrorism. Recently, many research efforts to solve the problems have made progress on SCADA network security. In this paper, we introduce recent security issue of SCADA network and propose the application of encryption method to Korea SCADA network.

• Journal of Digital Convergence
• /
• v.15 no.7
• /
• pp.159-167
• /
• 2017

According to the statistics of the National Industrial Security Center under the National Intelligence Service, 209 national technologies have been leaked abroad in the past 5 years. Small and medium-sized enterprises and leakage by insiders accounted for 73% and 80% of them, respectively. This suggests that all the capabilities for preventing leakage of industrial technology should be focused on small and medium-sized enterprises and leakage by insiders. Related studies have been actively conducted on legal consideration of industrial technology leakage crimes, improvement of industrial security policies, and industrial security measures for preventing leakage of industrial technology, but adequate empirical studies have not been carried out on factors of leakage of industrial technology. In particular, there have been few studies on the effect of the experience of industrial technology leakage and enterprise scale(large enterprise, small and medium-sized enterprise) on achieving results in leakage prevention. Therefore, this study extracted factors affecting performance to prevent industrial technology leakage by analyzing previous related papers and to empirically analyze relationships with performance by applying the TAM model after classifying variables into the TOE framework by characterizing these properties.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.5
• /
• pp.163-171
• /
• 2011

In e-commerce environment, security should be considered as an essential factor for success. In this paper, we analyze security requirements for e-commerce system, and it is focused on the practical usage, not theoretical contribution, in the field of e-commerce security. To identify the security requirements being specific to e-commerce environment, the researches related to e-commerce security are surveyed and a phase of Delphi method and Analytic Hierarchy Process(AHP) are used to determine the relative importance of e-commerce security factors. Since researchers and practitioners can have significantly different views because of each different work environment, we divide the professionals into two respondents' group. This survey result can be useful security guidelines in the development of e-commerce service system from the initial system development step to the completion.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.695-706
• /
• 2018

In recent years, industrial convergence centered on ICBM (internet of things (IoT), cloud, big data, mobile) has been experiencing rapid development in various fields such as agriculture and the financial industry. In order to prepare for cyber threats, one of the biggest problems facing the convergence industry in the future, the development of the industry must proceed in tandem with a framework of information security. In this study, we analyze the details of the current industrial development policy and related information protection policies using cross impact analysis and present policy priorities through the expert questionnaire. The aim of the study was to clarify the priorities and interrelationships within information security policy as a first step in suggesting effective policy direction. As a result, all six information security policy tasks derived from this study belong to key drivers. Considering the importance of policies, policies such as improving the constitution of the security industry and strengthening of support, training of information protection talent, and investing in the information security industry need to be implemented relatively first.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.331-346
• /
• 2019

Global cyber threats to industrial control systems are increasing. As a result, related research and cooperation are actively underway. However, we are focusing on strengthening security for physical network separation and perimeter. Internal threats are still vulnerable. This is because the easiest and strongest countermeasure is to enhance border security, and solutions for enhancing internal security are not easy to apply due to system availability problems. In particular, there are many vulnerabilities due to the large number of legacy systems remaining throughout industrial control systems. Unless these vulnerable systems are newly built according to the security framework, it is necessary to respond to these vulnerable systems, and therefore, a security solution considering availability has been verified and suggested. Using Sysmon and ELK, security solutions can detect Cyber-threat that are difficult to detect in unstructured ICS.