• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1189-1199
• /
• 2017

With the rapid increase in mobile device users, there are many cyber attacks using SMS messages to infect the mobile device. The monetary demage from those attacks are also increasing. Since those demage are generally related to mobile micropayement systems, we study the details of the incidents on smishing and mobile micropayment. We have identified several limitations of current regulations and laws of them. Thus, we propose new regulations and laws to reduce the financial demage from simishing and to strengthen the security and responsibility of the mobile network operator, payment gateway, and content providers who are participating in the structure of a mobile micropayment systems, such as a regulation for information security evaluation system, several laws for compensation of financial demage within mobile micropayement system.

• Convergence Security Journal
• /
• v.18 no.4
• /
• pp.53-61
• /
• 2018

Recently 4th Industrial Revolution era has come up and autonomous vehicle gets a huge attention for its commercialization as well as development. To this end, many countries such as US, UK, Germany are looking into laws and policies related to autonomous vehicle making a new law system, laws, policies or at least modifying the existing ones. Korea is also facing commercialization and development of autonomous vehicle yet it's law system, laws and policies are far beyond comparing to those of advanced countries. This paper details current law system comparison of several countries providing differences and characteristics for the purpose of success of auto drive vehicle industry. On top of that we suggest a new law system, laws and policies and then provide directions as steps for mature implementation. In addition, we discuss how the new laws and policies can bring out successful commercialization as well as industrial success of autonomous vehicle at the points of consumers, vehicle makers, insurance companies, and government.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.801-811
• /
• 2023

With the cyber incidents increasing every year, opinions are being raised that legal system relating to incident reporting needs to be revised to improve the cyber incident reporting rate, etc. Accordingly, this paper suggests a legal improvement to enhance the effectiveness of cyber incident reporting. First, by analyzing domestic media coverage, this paper defines the problems which need to be improved regarding an incident reporting system as "unreported" and "not timely reporting". Then, this paper finds four requirements for legal improvement like "a reporting entity", "a starting point of reporting", "a reporting deadline" and "a protection of reporting information" by analyzing the relationship between reporting relating problems and issues published by overseas institutions and additionally by analyzing the need to revise the law. Finally, through an analysis of legislative cases, this paper suggests a legal improvement for the requirements.

• Journal of Digital Convergence
• /
• v.17 no.10
• /
• pp.67-75
• /
• 2019

As 4th industrial revolution has emerged as a hot topic, the blockchain technology capable of enabling super intelligence as a premiere has been an attracting attention. With the interest in blockchains, various platforms using blockchains are emerging. Reflecting this trend, several countries including US, EU, China, and Japan are preparing blockchain and related laws or amending existing laws. In Korea, the platform business based on blockchain is being done, but the related laws are insufficient. In this study, we first present the legal system of the blockchain, examine each component, and then compare the current state of the legal system in US, EU, China, and Japan based on the blockchain legal system. Finally, we propose a brief improvement plan of the legal system for industrial development by commercialization of blockchain. In the future, we would like to study the individual legal system about the blockchain.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.1-6
• /
• 2014

A wireless sensor network is being actively researched around the world that are connected to the mesh are a plurality of sensor nodes in a wireless manner that span different regions of the techniques. However, wireless communications use the limitation of resources, so it is very weak due to the properties of the network itself secure in comparison to the normal network. Wireless sensor network is divided into tapped-based attacks, forgery based attacks, denial of service attacks based largely by securities laws must defend against various attacks such as insertion of the wrong information being sent eavesdropping or modification of information, which is usually sensor network applications need to do. The countermeasure of sensor network attack is described in this research, and it will contribute to establish a secure sensor network communication.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.2
• /
• pp.1-8
• /
• 2016

A convergence of finance and information technology brought a remarkable development in Fin-Tech industry. On the other hand, currently existing laws seemed inappropriate to address the liability of financial institutions, Fin-tech enterprises and consumers in case of financial accidents due to its ambiguity. The minimum insurance obligation by financial institutions specified under the Electronic Financial Transaction Act 2006 is not keeping with current reality, considering transaction volume, frequency of incidents, and security investments. This paper aims to lay stress on the need of cyber liability insurance by understanding the domestic financial incidents and management, and the limit of existing insurance policy.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.41-47
• /
• 2018

Theorists of war have often used Clausewitz's trinity theory as a framework for analyzing war strategies and histories. Heretofore, studies on cyber warfare have focused primarily on laws, policies, structuring organizations, manpower, and training pertaining to preparing the cyberspace for war. Currently, studies highlighting the comparative characteristics of war in cyberspace, how it differs from conventional warfare, and analytical frameworks for understanding war in cyberspace are rare. Using Clausewitz's trinity theory, this paper interprets the essence of war from the perspectives of (1) Intellect, (2) Bravery, and (3) Passion, to propose an analytical model for understanding war in cyberspace, one that factors in the intrinsic qualities and characteristics of cyberspace under spatial and temporal constraints. Furthermore, this paper applies the aforementioned analytical model to the Iraq War and concludes with a theoretical illustration that cyber warfare played a significant role in winning the war.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.33-40
• /
• 2012

Existing comparative studies on legal system of cyber security just listed and introduced several laws of Korea and other countries and presented comprehensive comparison. These studies makes it difficult to know that which part of the cyber security activities has insufficient legal system from a practical standpoint because it is not easy to figure out. So cybersecurity stages are chosen as comparison criteria. And the legal system of United States are chosen as the target comparing one of South Korea. Then the legal system on cybersecurity stages in South Korea is compared with one of United States. Therethrough many problems of the legal system of South Korea is identified, for example, the absence of regulations, the lack of clarity, lack of effectiveness, and overlapping regulations, in prevention, detection, response, the recovery in cyber security. And many ways are suggested to improve the legal system for the resolution of such problems.

• Convergence Security Journal
• /
• v.13 no.4
• /
• pp.3-10
• /
• 2013

Cyber attacks are threats to national security. Today, cybersecurity threats have various types, the theft or spread of privacy and national secret, the realization of direct attacks to infrastructure and the hacktivism with political or social objectives. Furthermore, There are special situations in South Korea because of North Korea's threats. Thus, It is necessary to handle cybersecurity as a kind of national security problem. It is a time to identify problems of governance system in cybersecurity and to improve related Acts and subordinate statutes. There are several tasks for legal improvement for governance system in cybersecurity. They are improving legal bases for the roles of the relevant authorities in cybersecurity, consolidating national joint response to cyber accidents, establishing and vitalizing information sharing system, constructing foundation of cybersecurity through industry promotion and manpower development, and acquiring defensive tools by enhancement research an development. In order to address these challenges, it is necessary to pay much attention to enactment and to revision laws and to practice legislative procedure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.187-188
• /
• 2022

As information processing technology develops with the trend of the times, the possibility of cyber threats to nuclear facilities is increasing. In the 2000s, there was a growing perception that cyberattacks on nuclear facilities were needed, and in fact, a cybersecurity regulatory system for nuclear power plants began to be established to prepare for cyberattacks. In Korea, in order to prepare for cyber threats, in 2013 and 2014, the Act on Protection and Radiation Disaster Prevention, Enforcement Decree, and Enforcement Rules of Nuclear Facilities, etc., and notices related to the Radioactive Disaster Prevention Act were revised. In 2015, domestic nuclear operators prepared information system security regulations for each facility in accordance with the revised laws and received approval from the Nuclear Safety Commission for implementation of information system security regulations divided into seven stages. In 2019, a special inspection for step-by-step implementation was completed, and since 2019, the cybersecurity system of operators has been continuously inspected through regular inspections. In this paper, we present some measures to build improved training to suit the steadily revised inspection of the nuclear facility cybersecurity system to counter cyber threats to the ever-evolving nuclear facilities.