The Reality and Response of Cyber Threats to Critical Infrastructure: A Case Study of the Cyber-terror Attack on the Korea Hydro & Nuclear Power Co., Ltd.원문보기
Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the...
Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.
Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.
The Tallinn Manual is important in that it confirms that jus ad bellum and jus in bello may be applied to cyber warfare [25]. It may therefore be necessary to consider Rules 11, 13, and 30 of the Tallinn Manual when examining the nature of the KHNP cyber-terror attack.
This study aims to identify potential cyber threats to CI, understand the challenges faced in the implementation of the current cybersecurity posture of the ROK’s CI, and propose solutions for the reinforcement of cybersecurity systems having national CIP. To do this, we carried out research according to the following procedures.
성능/효과
First, substantial international cooperation regarding cybersecurity is deemed to be necessary. During the investigation, Chinese IP addresses were identified, and the GCIU-PIC asked the Chinese government for judicial assistance.
From the case study, we obtained the following results. First, the KHNP cyber-terror attack is significant in that it occurred during a period over which there had been warnings concerning cyber threats to the CI, and it therefore alerted the nation. It also provided the opportunity to strengthen the cybersecurity of the CI of the ROK.
First, the KHNP cyber-terror attack is significant in that it occurred during a period over which there had been warnings concerning cyber threats to the CI, and it therefore alerted the nation. It also provided the opportunity to strengthen the cybersecurity of the CI of the ROK. It is also important in that it revealed previously identified cybersecurity weaknesses in the CI that had remained unresolved, as well as actual problems that could not be adequately addressed using cybersecurity measures.
It also provided the opportunity to strengthen the cybersecurity of the CI of the ROK. It is also important in that it revealed previously identified cybersecurity weaknesses in the CI that had remained unresolved, as well as actual problems that could not be adequately addressed using cybersecurity measures. This served to provide a reminder to relevant agencies of the need for countermeasures that would result in practical results.
This served to provide a reminder to relevant agencies of the need for countermeasures that would result in practical results. Second, the KHNP cyber-terror attack is significant in that according to international norms, it may be interpreted as a cyber “attack” (a prohibited act), the “use of force” (a violation of the international norms), and an act that may be considered as an “armed attack” (grants the target the right to self-defense). There is therefore a need for international cooperation in formulating a response.
There is therefore a need for international cooperation in formulating a response. Third, cybersecurity awareness is the most essential step in strengthening the cybersecurity of CI, and a national strategy should be formulated as a first step in this regard. Through this strategy, improvements to the relevant legal systems, administrative guidelines, diversified cooperative systems, and cybersecurity R&D should be systematically pursued.
후속연구
However, this paper is limited in that it only proposes macroscopic countermeasures, so additional studies should be conducted to complement the proposed countermeasures.
Second, the KHNP cyber-terror attack is significant in that according to international norms, it may be interpreted as a cyber “attack” (a prohibited act), the “use of force” (a violation of the international norms), and an act that may be considered as an “armed attack” (grants the target the right to self-defense). There is therefore a need for international cooperation in formulating a response. Third, cybersecurity awareness is the most essential step in strengthening the cybersecurity of CI, and a national strategy should be formulated as a first step in this regard.
Through this strategy, improvements to the relevant legal systems, administrative guidelines, diversified cooperative systems, and cybersecurity R&D should be systematically pursued.
참고문헌 (42)
Nicolas Falliere, Liam O Murchu and Eric Chien, "White Paper of Symantec Security Response," W32.Stuxnet Dossier, version 1.4, February, 2011. Article (CrossRef Link)
Center for Preventive Action of Council on Foreign Relations (CPA-CFR), Preventive Priorities Survey, 2011-2015. Article (CrossRef Link)
Michael N. Schmitt, “Tallinn Manual on the International Law Applicable to Cyber Warfare,” Cambridge University Press, New York, March, 2013.
ISO/IEC JTC 1 SC 27, ISO/IEC 27005:2011(E) Information technology - Security techniques - Information security risk management, Second Edition, June 1, 2011.
Myriam Dunn Cavelty, “Cyber-Terror - Looming Threat or Phantom Menace? The Framing of the US Cyber-Threat Debate,” Journal of Information Technology and Politics, vol. 4, issue 1, pp. 19-36, October, 2008. Article (CrossRef Link)
Michael Stohl, “Cyber terrorism: A Clear and Present Danger, The Sum of All Fears, Breaking Point or Patriot Games?,” Crime, Law and Social Change, vol. 46, issue 4-5, pp. 223-238, December, 2006. Article (CrossRef Link)
Dakota L. Wood, “2015 Index of U.S. Military Strength: Assessing America’s Ability to Provide for the Common Defense,” The Heritage Foundation, Washington DC, 2015. Article (CrossRef Link)
Jong In Lim, You-joong Kwon, GyeHyun Jang and Seung-Jo Baek, “North Korea’s Cyber War Capability and South Korea’s National Counterstrategy,” The Quarterly Journal of Defense Policy Studies, vol. 29, no. 4, pp. 9-45, Winter, 2013. Article (CrossRef Link)
Nir Kshetri, “Cyberwarfare in the Korean Peninsula: Asymmetries and Strategic Responses,” East Asia, vol. 31, issue 3, pp. 183-201, September, 2014. Article (CrossRef Link)
Rhea Siers, “North Korea: The Cyber Wild Card,” Journal of Law and Cyber Warfare, vol. 4, issue 1, pp. 1-12, Winter, 2014. Article (CrossRef Link)
Richard A. Clarke and Robert Knake, “Cyber War: The Next Threat to National Security and What to Do About It,” HarperCollins, New York, 2010.
Joseph Menn, “Exclusive: U.S. Tried Stuxnet-style Campaign Against North Korea but Failed - sources,” Reuters, May 29, 2015. Article (CrossRef Link)
Kyung-Ae Kim, “[Exclusive] KHNP, 10,799 Employees’ Personal Information leaked!,” BoanNews, December 17, 2014. Article (CrossRef Link)
“Government Combined Investigation Unit on Personal Information Crime of ROK,” Interim Investigation Report of the KHNP Cyber-terror, March 17, 2015.
Katharina Krombholz, Heidelinde Hobel, Markus Huber and Edgar Weippl, “Advanced Social Engineering Attacks,” Journal of Information Security and Applications, vol. 22, pp. 113-122, June, 2015. Article (CrossRef Link)
Aditya K. Sood and Richard J. Enbody, “Targeted Cyberattacks: A Superset of Advanced Persistent Threats,” IEEE Security and Privacy, vol. 11, issue 1, pp. 54-61, Jan.-Feb., 2013. Article (CrossRef Link)
Chris W. Johnson, “Anti-social Networking: Crowdsourcing and the Cyber Defence of National Critical Infrastructures,” Ergonomics, vol. 57, issue 3, pp. 419-433, 2014. Article (CrossRef Link)
Kenneth Geers, Darien Kindlund, Ned Moran and Rob Rachwald, “WORLD WAR C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks,” FireEye's Annual and Regional Threat Reports, September 30, 2013. Article (CrossRef Link)
Rabiah Ahmad and Zahri Yunos, “A Dynamic Cyber Terrorism Framework,” International Journal of Computer Science and Information Security, vol. 10, no. 2, pp. 149-158, February, 2012. Article (CrossRef Link)
Dmitry Tarakanov, “The “Kimsuky” Operation: A North Korean APT?,” Securelist, September 11, 2013. Article (CrossRef Link)
Trend Micro, "MBR Wiper Attacks Strike Korean Power Plant," TrendLabs Security Intelligence Blog, December 23, 2014. Article (CrossRef Link)
Jungje Ri, “Slanderous <NK Hacking> Rumor Full of Absurd <Evidence>,” Uriminzokkiri, March 17, 2015. Article (CrossRef Link)
Ilchul Chae, “Cyber Terrorism is Absolutely Not Tolerated,” Rodong-Sinmun, June 9, 2015. Article (CrossRef Link)
Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, Report of the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security, United Nations General Assembly A/68/98, June 24, 2013.
Nohyoung Park and Myunghyun Chung, “Basic Concepts of Cyber Warfare in International Law: Focusing on the Tallinn Manual,” The Korean Journal of International Law, vol. 59, no. 2, pp. 65-93, June, 2014. Article (CrossRef Link)
Michael N. Schmitt, “Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework,” Columbia Journal of Transnational Law, vol. 37, pp. 885-937, 1998-1999. Article (CrossRef Link)
Michael N. Schmitt, “Cyber Operations and the Jus Ad Bellum Revisited,” Villanova Law Review, vol. 56, issue 3, pp. 569-605, November, 2011. Article (CrossRef Link)
James B. Michael, Thomas C. Wingfield and Duminda Wijesekera, "Measured Responses to Cyber Attacks Using Schmitt Analysis: A Case Study of Attack Scenarios for a Software-Intensive System," in Proc. of the 27th Annual International Computer Software and Applications Conference, pp. 622-626, November 3-6, 2003. Article (CrossRef Link)
Min-Jung Paik, “Application of Tallinn Manual to KHNP Cyber-terror,” Northeast Asia Strategic Analysis, pp. 1-4, May 12, 2015.
Board of Audit and Inspection of ROK, Audit and Inspection Report - Crisis Management of National Critical Infrastructure (Focusing on Nuclear Safety, Drinking Water and Oil.Gas), December, 2012.
Standing Auditor of KHNP, 2013 Annual Audit Report, March, 2014.
Standing Auditor of KHNP, 2014 Annual Audit Report, March, 2015.
Tae Kyung Ha, “Ha Tae Kyung, <KHNP Nuclear Power Plants Security Status> Confirmation of Overall Insufficiency,” Press Release, November 2, 2014.
Standing Auditor of KHNP, Request for Penalty as per Audit Result - Inspection of Information Management and Use of Internet Network, March, 2015.
Won Sik Choi, "Inquiry Material to Nuclear Safety and Security Commission," 2014 Parliamentary Audit - Science, ICT, Future Planning, Broadcasting and Communications Committee, October 8, 2014.
Antony Bridges, “Industrial Control Systems: The Human Threat,” in Christopher Laing, Atta Badii and Paul Vickers, Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection, IGI Global, Pennsylvania, pp. 82-104, December, 2012. Article (CrossRef Link)
John D’Arcy and Anat Hovav, “Deterring Internal Information Systems Misuse,” Communications of the ACM, vol. 50, no. 10, pp. 113-117, October, 2007. Article (CrossRef Link)
Michael E. Whitman, “Enemy at the Gate: Threats to Information Security,” Communications of the ACM, vol. 46, no. 8, pp. 91-95, August, 2003. Article (CrossRef Link)
Eirik Albrechtsen and Jan Hovden, “Improving Information Security Awareness and Behaviour Through Dialogue, Participation and Collective Reflection. An Intervention Study,” Computers and Security, vol. 29, issue 4, pp. 432-445, June, 2010. Article (CrossRef Link)
Geun-hye Kim, Kyung-bok Lee and Jong-in Lim, “CBMs for Cyberspace Beyond the Traditional Security Environment: Focusing on Features for CBMs for Cyberspace in Northeast Asia,” Korean Journal of Defense Analysis, vol. 27, no. 1, pp. 87-106, March, 2015. Article (CrossRef Link)
Injung Kim, "Status and Outlook of North Korea's Cyber Terror," in Proc. of the 2015 Joint Conference Between Institute for National Security Strategy and National Security Research Institute: North Korea's Cyber-terrorism Threats and Countermeasures, pp. 25-46, March 31, 2015. Article (CrossRef Link)
※ AI-Helper는 부적절한 답변을 할 수 있습니다.