• Journal of Korea Society of Industrial Information Systems
• /
• v.29 no.4
• /
• pp.43-54
• /
• 2024

This study presented a cybersecurity risk management system in a smart factory environment. A smart factory refers to a factory that optimizes the production system and increases efficiency. However, this digitized environment is vulnerable to cyber attacks, and manufacturing companies can suffer serious damage from disruptions in production systems or information leaks. Therefore, a systematic approach to effectively managing cyber security risks is essential in smart factories. In this study, a continuous security risk management system for each stage of the smart factory was proposed along with business process-based security risk assessment. These studies will help to further improve cybersecurity risk management in smart factories. It will also play an important role in ensuring that smart factories operate safely and efficiently.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.1001-1010
• /
• 2021

Smart factories are complex systems which combine latest information technology (IT) with operation technology (OT). A smart factory aims to provide manufacturing capacity improvement, customized production, and resource reduction with these complex technologies. Although the smart factory is able to increase the efficiency through the technologies, the security level of the whole factory is low due to the vulnerability transfer from IT. In addition, the response and restoration of the business continuity plan are insufficient in case of damage due to the absence of factory security experts. The cope with the such problems, we propose an information security practice content for analyzing the damage by generating ransomware attacks in a digital twin-based smart factory similar to the real world. In our information security content, we introduce our conversion technique of physical devices into virtual machines or simulation models to build a practical environment for the digital twin. This content generates two types of the ransomware attacks according to a defined scenario in the digital twin. When the two generated attacks are successfully completed, at least 8 and 5 of the 23 virtual elements are take damage, respectively. Thus, our proposed content directly identifies the damage caused by the generation of two types of ransomware in the virtual world' smart factory.

• Journal of Platform Technology
• /
• v.11 no.3
• /
• pp.76-82
• /
• 2023

Starting from the 4th industrial revolution, core technologies were applied to industries to build various smart environments. Smart factories in the manufacturing industry produce high-quality products by applying IIoT as a core technology that can collect and control a wide range of data for customized production. However, the network environment of the smart factory converted to open through IIoT was exposed to various security risks. In accordance with security breaches, IIoT has shown degradation in the quality of manufactured products and production processes due to network disturbance, use and maintenance of forged IIoT, and can cause reliability problems in business. Accordingly, in this study, a method for safe connection and utilization of IIoT was studied during the initial establishment of a smart factory. Specifically, a study was conducted to check the IIoT connection situation so that the practicality of the IIoT connected to the smart factory could be confirmed and the harmless environment established.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.135-140
• /
• 2022

The purpose of this study is to develop security subjects that require engineering security knowledge. In particular, Engineering knowledge is required to perform security tasks such as smart factory security. However, although there are similar specialties such as mechanical security instructors, industrial security managers, and industrial security specialists(CPP), they are not based on engineering knowledge. Accordingly, Delphi analysis through expert interviews was used to derive a job analysis of security engineering. And I was able to sort out the necessary knowledge. Research Results 1-Line Security for Perimeter Security Architectural Structure, Architectural Dynamics, Including Septed, Control instrumentation including smart factory security for building security with 2-Line security, With 3-Line security, it was divided into ergonomics and mechanical expenses for indoor security. As a result of the survey, by age, those in their 30s showed the highest response with 75.8%, and by job, industrial security officers with 76.4%. This could be seen as a desire for a environmental security engineering certificate by practitioners in the industrial security field.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.6
• /
• pp.193-204
• /
• 2022

In a smart factory environment in a small and medium-sized enterprise (SME) environment, sensors and actuators operating on actual manufacturing lines, programmable logic controllers (PLCs) to manage them, human-machine interface (HMI) to control and manage such PLCs, and consists of operational technology server to manage PLCs and HMI again. PLC and HMI, which are in charge of control automation, perform direct connection with OT servers, application systems for factory operation, robots for on-site automation, and production facilities, so the development of security technology in a smart factory environment is demanded. However, smart factories in the SME environment are often composed of systems that used to operate in closed environments in the past, so there exist a vulnerable part to security in the current environment where they operate in conjunction with the outside through the Internet. In order to achieve the internalization of smart factory security in this SME environment, it is necessary to establish a process according to the IEC 62443-4-1 Secure Product Development Life cycle at the stage of smart factory SW and HW development. In addition, it is necessary to introduce a suitable development methodology that considers IEC 62443-4-2 Component security requirements and IEC 62443-3 System security requirements. Therefore, this paper proposes an application plan for the IEC 62443 based development security process to provide security internalization to smart factories in an SME environment.

• Convergence Security Journal
• /
• v.23 no.3
• /
• pp.49-56
• /
• 2023

A smart factory is recognized as a very important requirement for the survival and growth of a company, and it can be said to be an important factor in improving productivity and strengthening competitiveness of a company. In particular, many small and medium-sized manufacturing companies in Korea are making efforts to meet the needs of various markets through smart factories. Building and utilizing smart factories is very important for improving and innovating the production environment of small and medium-sized manufacturing companies. This is important for many companies as well as small and medium-sized manufacturing companies to introduce and utilize smart factories in the future to induce active participation by members of the organization without feeling reluctance or anxiety about changes in smart factories, thereby increasing the utilization of smart factories. was able to confirm.

• Journal of Industrial Convergence
• /
• v.22 no.4
• /
• pp.1-9
• /
• 2024

Smart factories represent production facilities where cutting-edge information and communication technologies are fused with manufacturing processes, reflecting rapid advancements and changes in the global manufacturing sector. They capitalize on the integration of robotics and automation, the Internet of Things (IoT), and the convergence of artificial intelligence technologies to maximize production efficiency in various manufacturing environments. However, the smart factory environment is prone to security threats and vulnerabilities due to various attack techniques. When security threats occur in smart factories, they can lead to financial losses, damage to corporate reputation, and even human casualties, necessitating an appropriate security response. Therefore, this paper proposes a security authentication mechanism for safe communication in the smart factory environment. The components of the proposed authentication mechanism include smart devices, an internal operation management system, an authentication system, and a cloud storage server. The smart device registration process, authentication procedure, and the detailed design of anomaly detection and update procedures were meticulously developed. And the safety of the proposed authentication mechanism was analyzed, and through performance analysis with existing authentication mechanisms, we confirmed an efficiency improvement of approximately 8%. Additionally, this paper presents directions for future research on lightweight protocols and security strategies for the application of the proposed technology, aiming to enhance security.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.07a
• /
• pp.161-164
• /
• 2018

최근 제조업의 근로 시간 단축 및 전문 노동력의 감소로 인하여 발생할 수 있는 문제를 개선할 수 있는 스마트 팩토리(Smart Factory)가 주목받고 있다. 스마트 팩토리는 생산품의 불량률을 줄이고, 숙련공 없이 비숙련공만으로 현장 가동이 가능하다는 점 등의 긍정적 효과를 기대할 수 있다. 그러나 스마트 팩토리는 높은 설비 도입 비용, 업무 시스템 재설계 등의 문제점이 등이 있으며, 특히 보안의 취약성이 심각하다. 그렇기 때문에 많은 기업이 현실에서 스마트 팩토리를 도입하는 어려움을 겪고 있다. 본 논문에서는 스마트 팩토리의 다양한 보안 사고를 유형 및 정형화시키고 여러 보안 사고를 유발하는 취약한 부분을 구체화하여 스마트 팩토리의 보안 연구의 방향성을 제시하고자 한다.

• Journal of Information Technology Services
• /
• v.21 no.5
• /
• pp.65-79
• /
• 2022

The smart factory has spread to small and mid-size enterprises (SMEs) under the leadership of the government. Smart factory consists of a work area, an operation management area, and an industrial control system (ICS) area. However, each site is combined with the IT system for reasons such as the convenience of work. As a result, various breaches could occur due to the weakness of the IT system. This study seeks to discover the items and vulnerabilities that SMEs who have difficulties in information security due to technology limitations, human resources, and budget should first diagnose and check. First, to compare the existing domestic and foreign smart factory vulnerability classification systems and improve the current classification system, the latest smart factory vulnerability information is collected from NVD, CISA, and OWASP. Then, significant keywords are extracted from pre-processing, co-occurrence network analysis is performed, and the relationship between each keyword and vulnerability is discovered. Finally, the improvement points of the classification system are derived by mapping it to the existing classification system. Therefore, configuration and maintenance, communication and network, and software development were the items to be diagnosed and checked first, and vulnerabilities were denial of service (DoS), lack of integrity checking for communications, inadequate authentication, privileges, and access control in software in descending order of importance.

• Journal of the Korean Society for Precision Engineering
• /
• v.32 no.1
• /
• pp.17-24
• /
• 2015

Smart factory requires 4 Zero factors including Zero Waiting-time, Zero Inventory, Zero Defect, Zero Down-time) that needs IT convergence for production resources of 4M1E(Man, Machine, Material, Method, Energy) in real time and event processing in all type of manufacturing enterprises. This paper will be explaining about core emerging production IT convergence technologies including cyber device security, 4M1E integration, real time event driven architecture, common platform of manufacturing standard applications, smart factory to-be model for small and medium manufacturing enterprises.