• Title/Summary/Keyword: Vulnerability Identification

Search Result 66, Processing Time 0.146 seconds

Digital Asset Analysis Methodology against Cyber Threat to Instrumentation and Control System in Nuclear Power Plants (원자력발전소의 디지털계측제어시스템의 사이버보안을 위한 디지털 자산분석 방법)

  • Koo, In-Soo;Kim, Kwan-Woong;Hong, Seok-Boong;Park, Geun-Ok;Park, Jae-Yoon
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.6 no.6
    • /
    • pp.839-847
    • /
    • 2011
  • Instrumentation & Control(I&C) System in NPP(Nuclear Power Plant) plays a important role as the brain of human being, it performs protecting, controling and monitoring safety operation of NPP. Recently, the I&C system is digitalized as digital technology such as PLC, DSP, FPGA. The different aspect of digital system which use digital communication to analog system is that it has potential vulnerability to cyber threat in nature. Possibility that digital I&C system is defected by cyber attack is increasing day by day. The result of cyber attack can be adverse effect to safety function in NPP. Therefore, I&C system required cyber security counter-measures that protect themselves from cyber threat efficiently and also cyber security design should be taken into consideration at concept stage in I&C system development process. In this study, we proposed the digital asset analysis method for cyber security assessment of I&C system design in NPP and we performed digital asset analysis of I&C system by using the proposed method.

Multimorbidity and Its Impact on Workers: A Review of Longitudinal Studies

  • Cabral, Giorgione G.;de Souza, Ana C. Dantas;Barbosa, Isabelle R.;Jerez-Roig, Javier;Souza, Dyego L.B.
    • Safety and Health at Work
    • /
    • v.10 no.4
    • /
    • pp.393-399
    • /
    • 2019
  • Objective: This study investigates the impact of multimorbidity on work through a literature review of longitudinal studies. Methods: A systematic review was carried out in the databases Lilacs, SciELO, PAHO, PubMed/Medline, Scopus, Web of Science, and Cochrane. There were no restrictions regarding the year of publication or language to maximize the identification of relevant literature. The quality of studies was assessed by the protocol STrengthening the Reporting of OBservational studies in Epidemiology (STROBE). Results: An initial database search identified 7522 registries, and at the end of the analysis, 7 manuscripts were included in the review. Several studies have demonstrated direct and indirect impacts of multimorbidity on the health of workers. For this, the number of missed days due to health-related issues was evaluated, as well as the reduction in work productivity of the unhealthy worker, vulnerability of the worker with multimorbidity regarding higher indices of dismissal and recruitment difficulties, and incidence of early retirement and/or receipt of benefits due to disabilities. Conclusions: Multimorbidity has a negative impact on work, with damages to quality of life and work productivity, worsening the absenteeism/presenteeism indices, enhancing the chances of temporary or permanent leaves, and lowering employability and admission of individuals with multimorbidity.

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

  • Song, Jae-Gu;Lee, Jung-Woon;Lee, Cheol-Kwon;Kwon, Kee-Choon;Lee, Dong-Young
    • Nuclear Engineering and Technology
    • /
    • v.44 no.8
    • /
    • pp.919-928
    • /
    • 2012
  • The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

A Study on Cybersecurity Risk Assessment in Maritime Sector (해상분야 사이버보안 위험도 분석)

  • Yoo, Yun-Ja;Park, Han-Seon;Park, Hye-Ri;Park, Sang-Won
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2019.11a
    • /
    • pp.134-136
    • /
    • 2019
  • The International Maritime Organization (IMO) issued 2017 Guidelines on maritime cyber risk management. In accordance with IMO's maritime cyber risk management guidelines, each flag State is required to comply with the Safety Management System (SMS) of the International Safety Management Code (ISM) that the cyber risks should be integrated and managed before the first annual audit following January 1, 2021. In this paper, to identify cyber security management targets and risk factors in the maritime sector and to conduct vulnerability analysis, we catagorized the cyber security sector in management, technical and physical sector in maritime sector based on the industry guidelines and international standards proposed by IMO. In addition, the Risk Matrix was used to conduct a qualitative risk assessment according to risk factors by cyber security sector.

  • PDF

CASE Study: Policy implications of HAZUS analysis

  • Kim, Yong-Gyun
    • Magazine of the Korean Society of Hazard Mitigation
    • /
    • v.8 no.1
    • /
    • pp.48-52
    • /
    • 2008
  • 대형태풍 카트리나가 준 주요 교훈 중의 하나는, 위험도 분석에 기반한 종합적인 재해경감 프로그램의 중요성이다. 미국에서는 이를 위해 다양한 위험도 분석(risk analysis) 프로그램 개발에 노력해 왔다. HAZUS(Hazarda-US) 프로그램은 대표적인 자연재해 예측 시스템으로서, 위험요인 파악(hazard identification), 지역사회의 취약성 분석(vulnerability of the society), 그리고 피해결과예측(loss estimation)의 세 가지 요소로 구성된다. 1992년 지진을 대상으로 개발된 이 프로그램은 현재, 지진 홍수 허리케인 윈드에 대해 피해예측을 할 수 있는 HAZUS-MH MR3가 사용 중에 있다. FEMA에서는 주정부에서 HAZUS를 활용, 피해 예측에 기반한 재해경감 정책을 추진할 수 있도록 다양한 재정적 기술적 지원을 하고 있다. 이에 따라, 2004년 머릴랜드 주에서는 미국 최초로 주 전역에 걸친 홍수피해 예측을 실히하고 이를 바탕으로 다양한 경감정책을 추진하였다. 머릴랜드 주정부에서 Salisbury 대학에 의뢰하여 수행한 홍수 피해 예측 과정은, 조사구역 및 위험요인(홍수) 결정, 사용 데이터 확정, 수문학적 분석, 수리학적 분석, 피해예측(건물 용도별 피해면적, 건물 용도별 피해액, 건물 재질별 피해면적, 건물 재질별 피해액, 지역의 경제학적 피해)의 과정으로 수행되었다. 홍수피해 예측 결과, 100년 빈도 홍수가 재현될 경우, 주 전체 면적 중 13%이상의 지역에서 약 80조 이상의 피해액이 예측됨에 따라, 종합적인 재해경감 대책의 필용성이 제기되었다. 이에 따라, 머릴랜드 주정부에서는 홍수피해예측 결과를 토대로, 주정부 재해경감 예산 재분배, 홍수터 보호, 건물규제 강화, 토지이용계획 재조정 등 보다 과학적이고 종합적인 재해경감 프로그램을 추진하였다. 머릴랜드 주정부의 이번 연구는 주정부로서는 최초로 HAZUS를 활용하여 주 전역에 걸친 피해예측을 실시한 것으로서, 피해예측 시스템이 어떻게 주정부의 과학적 피해경감 프로그램에 기여할 수 있는 지를 보여주는 사례이다.

  • PDF

A Study on Analysis and Countermeasure of Security threat in NFC (NFC 서비스 보안 위협 분석 및 대응방안 연구)

  • Kim, Hyung-Uk;Kim, Hyung-joo;Kang, Jung-ho;Jun, Moon-seog
    • Journal of Digital Convergence
    • /
    • v.14 no.12
    • /
    • pp.183-191
    • /
    • 2016
  • Most recent trend reveals broader state of provision of NFC service as NFC technology was applied on smartphones which has become core communication tools by providing integrated services such as payment, medical, and personal authentication. Moreover, with integration of original service and NFC technology, new service providers now can handle personal information of original service or can handle other personal information with transition of previous service provider to NFC service provider. Considering current state of security industry along with NFC technology and service, we would like to analyze current stage of security threats and plan the counter strategies to create NFC service structure.

A Multi-Channel Security Card based on Cryptographically Secure Pseudo-Random Number Generator (난수생성기를 이용한 멀티채널 보안카드 설계)

  • Seo, Hwa-jeong;Seok, Seon-hee;Kim, Kyoung-hoon;Kim, Ho-won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.3
    • /
    • pp.501-507
    • /
    • 2015
  • The online banking service handles a banking business over the internet, it is necessary to ensure that all financial transactions are processed securely. So, there are various authentication technique for e-banking service : a certificate, a personal identification number(PIN), a security card and a one-time password(OTP). Especially, the security card is most important means including secret information. If the secret information of card is leaked, it means not only loss of security but also easy to attack because security card is a difficult method to get. In this paper, we propose that a multi-channel security card saves an secret information in distributed channel. Proposed multi-channel security card reduces vulnerability of the exposed and has a function to prevent phishing attacks through decreasing the amount of information displayed and generating secret number randomly.

Biometric Template Security for Personal Information Protection (개인정보 보호를 위한 바이오인식 템플릿 보안)

  • Shin, Yong-Nyuo;Lee, Yong-Jun;Chun, Myung-Geun
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.18 no.4
    • /
    • pp.437-444
    • /
    • 2008
  • This paper deals with the biometric template protection in the biometric system which has been widely used for personal authentication. First, we consider the structure of the biometric system and the function of its sub-systems and define the biometric template and identification(ID) information. And then, we describe the biometric template attack points of a biometric system and attack examples and provide their countermeasures. From this, we classify the vulnerability which can be protected by encryption and hashing techniques. For more detail investigation of these at real operating situations, we analyze them and suggest several protection methods for the typical application scheme of biometric systems such as local model, download model, attached model, and center model. Finally, we also handle the privacy problem which is most controversy issue related to the biometric systems and suggest some guidances of safeguarding procedures on establishing privacy sympathy biometric systems.

Toward Design and Implement to Multiple Schemes for Strong Authentication Mechanism - Case Studying : Secure Entrance System - (다단계 사용자 신분확인 메커니즘 설계와 구현 방안 : 출입통제 시스템 사례 중심으로)

  • Hong Seng-Phil;Kim Jae-Hyoun
    • Journal of Internet Computing and Services
    • /
    • v.7 no.2
    • /
    • pp.161-172
    • /
    • 2006
  • As the innovative technologies related to ubiquitous computing are being rapidly developed in recent IT trend, the concern for IT dysfunction(e.g., personal information abuse, information risk, threat, vulnerability, etc.) are also increasing. In our study, we suggested how to design and implement to multiple schemes for strong authentication mechanism in real system environments. We introduce the systematic and secure authentication technologies that resolve the threats incurring from the abuse and illegal duplication of financial transaction card in the public and financial institutions. The multiple schemes for strong authentication mechanism applied to java technology, so various application programs can be embedded, Independent of different platforms, to the smartcard by applying the consolidated authentication technologies based on encryption and biometrics(e.g., finger print identification). We also introduce the appropriate guidelines which can be easily implemented by the system developer and utilized from the software engineering standpoint of view. Further, we proposed ways to utilize java card based biometrics by developing and applying the 'smartcard class library' in order for the developer and engineers involved in real system environment(Secure entrance system) to easily understand the program. Lastly, we briefly introduced the potential for its future business application.

  • PDF

LH-FAS v2: Head Pose Estimation-Based Lightweight Face Anti-Spoofing (LH-FAS v2: 머리 자세 추정 기반 경량 얼굴 위조 방지 기술)

  • Hyeon-Beom Heo;Hye-Ri Yang;Sung-Uk Jung;Kyung-Jae Lee
    • The Journal of the Korea institute of electronic communication sciences
    • /
    • v.19 no.1
    • /
    • pp.309-316
    • /
    • 2024
  • Facial recognition technology is widely used in various fields but faces challenges due to its vulnerability to fraudulent activities such as photo spoofing. Extensive research has been conducted to overcome this challenge. Most of them, however, require the use of specialized equipment like multi-modal cameras or operation in high-performance environments. In this paper, we introduce LH-FAS v2 (: Lightweight Head-pose-based Face Anti-Spoofing v2), a system designed to operate on a commercial webcam without any specialized equipment, to address the issue of facial recognition spoofing. LH-FAS v2 utilizes FSA-Net for head pose estimation and ArcFace for facial recognition, effectively assessing changes in head pose and verifying facial identity. We developed the VD4PS dataset, incorporating photo spoofing scenarios to evaluate the model's performance. The experimental results show the model's balanced accuracy and speed, indicating that head pose estimation-based facial anti-spoofing technology can be effectively used to counteract photo spoofing.