Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Security Framework Design for Stable Operation of Critical Infrastructure Service

주요기반시설 서비스의 안정적 운영을 위한 보안 프레임워크 설계에 관한 연구

  • 이수연 (고려대학교 정보보호대학원) ;
  • 유지연 (상명대학교 일반대학원 지식보안경영학과) ;
  • 임종인 (고려대학교 정보보호대학원)
  • Received : 2016.10.11
  • Accepted : 2016.11.21
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Critical infrastructure has been operating in a closed environment with a completely separate information system and in the private area. However, with the current ICT environment changes due to convergence and open platforms it has increased the threats and risks to critical infrastructure. The importance of cyber security is increasing in the infrastructure control system, such as the outbreak of Ukraine blackout in 2015 by a malicious code called 'black energy'. This thesis aims to recognize the importance and necessity of protecting the critical infrastructure service, designing a security framework reflecting environmental and characteristic changes, and analyzing the management system suitable for a security framework. We also propose a theoretical basis for constructing a new security framework by comparing and analyzing seven international security management system standards, such as NIST 800-82 and IEC 62443-2-1, which are used in the control system. As a result, the environment surrounding critical infrastructure changes with the characteristics of connectivity, openness, and finality was studied, and as a response to this, many scholars and institutions present critical infrastructure security frameworks as cycle enhancement type structures, risk management structures, and management domain expansion structures. In response, the security framework encompassing these structures, CISF (Critical Infrastructure Security Framework), was designed. Additionally, through the security related international standard and criterion analysis, as a newly designed security standard suitable for CISF, IEC 62443-2-1 is reviewed and suggestions are made.

Keywords

References

  1. Alcaraz, C. and S. Zeadally, "Critical Infrastructure Protection : Requirements and Challenges for the 21st Century", In International Journal of Critical, Infrastructure Protection(IJCIP), Vol.8, 2015, 53-66. https://doi.org/10.1016/j.ijcip.2014.12.002
  2. Bahsi, H. and O.M. Maennel, "A Conceptual Nationwide Cyber Situational Awareness Framework for Critical Infrastructures", Secure IT Systems, Vol. 9417, 2015, 3-10. https://doi.org/10.1007/978-3-319-26502-5_1
  3. Im, K.H., "Control System Security Vulnerabilities and Countermeasures", Korea University, 2011. (임길환, "제어시스템 보안취약점현황 및 개선방안 연구", 고려대학교 석사학위논문, 2011.)
  4. Jeimy, J., M. Cano, and Ph.D, CFE, "The Information Security Function : Current and Emerging Pressures From Information Insecurity", ISACA Journal, Vol.6, 2014.
  5. Langner, R., "The RIPE Framework : A Process-Driven Approach towards Effective and Sustainable Industrial Control System Security", Langner Communications GmbH, 2013.
  6. Lee, H.J., "The Study on Security Enhancement of National Control System for Critical Infrastructure : Focusing on Comparison about Policy of Major Countries and Domestice", Sangmyung University, 2016. (이현주, "국가기반 강화를 위한 제어시스템 보안대응 연구 : 주요국과 한국의 정책 비교중심으로", 상명대학교 석사학위논문, 2016)
  7. Nanni, G., "Security Posture for Critical Information Infrastructure Protection(CIIP)", RSAC Conference, 2015.
  8. Sodoma, P., "Resiliency Rules : 7 Steps for Critical Infrastructure Protection", Microsoft, 2007.
  9. Suter, M., "A Generic National Framework For Critical Information Infrastructure Protection(CIIP)", Center for Security Studies, ITU, 2007.
  10. Yoo, J.Y. and N.Y. Jeong, "A Study on the New Management System Considering Shadow IT", Journal of Information Technology Services, Vol.15. No.3, 2016, 33-50. (유지연, 정남영, "Shadow IT를 고려한 새로운 관리체계 도입에 관한 연구", IT서비스학회, 제15권, 제3호, 2016, 33-50.)