최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기情報保護學會論文誌 = Journal of the Korea Institute of Information Security and Cryptology, v.29 no.3, 2019년, pp.657 - 673
조용현 (고려대학교 정보보호대학원) , 차영균 (고려대학교 정보보호대학원)
As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and...
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
핵심어 | 질문 | 논문에서 추출한 답변 |
---|---|---|
바다는 지구의 몇 %를 차지하고 있는가? | 지구의 70%를 차지하고 있는 바다를 통한 해양산업은 국가간 교역의 90% 이상을 차지하고 있는 국가의 기간산업이다. 4차 산업 혁명으로 인해 조선·해양 산업에서는 해운은 Shipping 4. | |
선박을 중심으로 한 조선·해양 분야의 보안 위협 모델링을 실시하여 선박의 사이버보안 위협을 식별한 연구에 대한 위험관리를 위해서는 무엇이 필요한가? | 따라서 본 연구에서는 선박을 중심으로 한 조선·해양 분야의 보안 위협 모델링을 실시하여 선박의 사이버보안 위협을 식별하였다. 이에 대한 위험관리를 위해서는 첫 번째, 항해 중인 선박의 네트워크 아키텍쳐를 변경하기 어려운 환경상 신조 선박의 경우 선박 네트워크 구성을 안전하게 구성하기 위해 IT/OT/Crew 또는 Passenger 구간의 분리 조치 등 선박 사이버보안 요구사항의 표준화가 필요하다. 두 번째, 선박에 탑재되는 시스템의 보안성 평가 제도를 통한 안전성 확보가 요구된다. 세 번째, 선박의 사이버보안 위협을 정기적으로 평가/측정하여야 한다. 네 번째, 선박 또는 선단, 선주사의 사이버보안 위협을 모니터링하고 공유할 수 있는 체계가 요구된다. 다섯 번째, 해양사고의 경우 환경오염, 인명사고 등의 위험 파급력이 높아 관련 업계에서는 위험관리전략으로 해상보험을 채택하고 있다. 보험 업계에서는 본 논문에서 제기한 선박의 사이버보안 위협과 보안대책의 요구사항을 기반으로 해상 사이버보험이 요구된다. 여섯 번째, 해상 사고 조사에서는 본 논문의 DFD에서 도출된 선박의 주요 데이터 처리와 저장장치에 대해서 디지털 증거수집을 위한 아티팩트 수집에 관한 연구가 요구된다. | |
4차 산업 혁명으로 인해 조선·해양 산업에서는 무엇이 추진되고 있는가? | 지구의 70%를 차지하고 있는 바다를 통한 해양산업은 국가간 교역의 90% 이상을 차지하고 있는 국가의 기간산업이다. 4차 산업 혁명으로 인해 조선·해양 산업에서는 해운은 Shipping 4.0, 항만은 Port 4.0, 조선은 Smart ship 4.0, 해양은 Marine 4.0으로 추진되고 있다[1]. 조선·해양 산업과 ICT 기술을 융합하여 스마트십, 디지털십을 건조했으며 향후 자율운항 선박을 건조할 계획을 추진 중이다. |
Hye-Ri Park, Han-Sun Park and, Bo Ram Kim, A Study on the Policy Directions related to the Introduction of Maritime Autonomous Surface Ship (MASS), Korea Maritime Institute, Aug. 2018
Paul Barnes and Richard Oloruntoba , "Assurance of Security in Maritime Supply Chains," The 6th International Business research Forum, Vol. 11, no. 4, pp. 519-540, Dec. 2005
OECD Maritime Transport Committee, Security in maritime transport: risk factors and economic impact, OECD, Jul. 2003
Joel Whitehead, Safety and Shipping Review 2018, ALLIANZ, Jul. 2018
Kimberly Tam and Kevin Jones, "Cyber-Risk Assessment for Autonomous Ships," 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp.1-8, Jun. 2018
Kevin D. Jones, Kimberly Tam and, Maria Papadaki, "Threats and Impacts in Maritime Cyber Security", Engineering & Technology Reference, pp. 5, Apr. 2016
Adam Shostack, "Experiences Threat Modeling at Microsoft," MODSEC@MoDELS 2008, 2008
Zhendong Ma and Christoph Schmittner, "Threat Modeling for Automotive Security Analysis, Advanced Science and Technology Letters", SecTech 2016, Vol.139, pp.333-339, Nov. 2016
Rafiullah Khan, Kieran McLaughlin, David Laverty and, Sakir Sezer, "STRIDE-based Threat Modeling for Cyber-Physical," 2017 IEEE PES: Innovative Smart Grid Technologies Conference Europe (ISGT-Europe): Proceedings 2017, pp.1-7, Sep. 2017
Stijn van Winsen, "Threat Modelling for Future Vehicles, On Identifying and Analysing Threats for Future Autonomous and Connected Vehicles", Master Thesis, University of Twente, Jan. 2017
Gwang-Il Lee, Jun-Hui Park, and Won-Seok Choe, "International standardization trend of onboard communication", TTA Journal, 126, pp. 45-51, 2009
K.I. Lee and J.H. Park, "Standardization Activities for Ship IT Convergence Technology", ETRI, Electronics and telecommunications trends, 28(4), 2013
Dong-Keun Jeon and Yeon-woo Lee, "TDMA based HR-WPAN Application for a Ship Area Network with Link Transmission Parameters Selection Algorithm", International Journal of Control and Automation, 8(2), pp. 299-310, 2015
Ik-roh Yoon, Jung-min Choi, and Kyung Suk Seo, Technology Assessment : Autonomous Ships, 1st Ed., KIMST, Sep. 2018
Dr. Marco Balduzzi, "AIS Exposed Understanding Vulnerabilities & Attacks 2.0," Blackhat asia 2014, 2014
Arstechnica, "Hacked at sea: Researchers find ships' data recorders vulnerable to attack" https://arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/, 2019-04-25
Ruben Santamarta, "SATCOM Terminals:Hacking by Air, Sea, and Land," IOACTIVE, 2014
USCG, "Global Navigation Satellite Systems - Trust, But Verify - Report Disruptions Immediately ", https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0116.pdf, 2019-04-23
USCG, "Global Navigation Satellite Systems - Trust, But Verify - Report Disruptions Immediately ", https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0116.pdf, 2019-04-23
US-CERT, "Navis WebAccess SQL Injection Vulnerability" https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01, 2019-04-15
maritime-executive, "Nigerian Hacking Group Targets Shipping Firms " https://www.maritime-executive.com/article/nigerian-hacking-group-targets-shipping-firms, 2019-04-15
ABC news,"Svitzer employee details stolen in data breach affecting almost half of its Australian employees" https://www.abc.net.au/news/2018-03-15/sensitive-data-stolen-from-global-shipping-company-svitzer/9552600, 2019-04-15
spglobal,"Shipping: BW Group's computer systems hacked; steps up cyber security" https://www.spglobal.com/platts/en/market-insights/latest-news/shipping/101317-shipping-bw-groups-computer-systems-hacked-steps-up-cyber-security, 2019-04-15
reuters,"UK shipping firm Clarkson reports cyber attack" https://www.reuters.com/article/us-clarkson-cyber/uk-shipping-firm-clarkson-reports-cyber-attack-idUSKBN1DT1KO,2019-04-15
cimsec, "CYBERPHYSICAL FORENSICS: LESSONS FROM THE USS JOHN S. MCCAIN COLLISION" http://cimsec.org/cyberphysical-forensics-lessons-from-the-uss-john-s-mccain-collision/35254, 2019-04-15
A.P Moller,"A.P Moller 2017 Risk Management Report" https://www.maersk.com/-/media/ml/about/sustainability/20180209-a-p-moller-maersk-annual-report.pdf, 2019-04-23
YonHapnews, "Court to sentence 2 employees of a company that hacked into Jindo VTS" http://www.yonhapnews.co.kr/local/2014/11/17/0805010000AKR20141117128500054.HTML, 2019-04-15
OSM,"CYBER SECURITY FLEET PROTECTION" https://static1.squarespace.com/static/57a8878837c58153c1897c2c/t/5ab3b85f88251b5549a07357/1521727638547/8PeterSchellenberger_OSM_APM18.pdf. 2019-04-20
rntfnd,"Hackers took 'full control' of container ship's navigation systems for 10 hours - IHS Fairplay" https://rntfnd.org/2017/11/25/hackers-took-full-control-of-container-ships-navigation-systems-for-10-hours-ihs-fairplay, 2019-04-15
Trendmicro, "Vulnerabilities Found in AmosConnect 8 Maritime Communications Systems" https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/vulnerabilities-found-in-amosconnect-8-maritime-communications-systems, ,2019-04-15
Marco Balduzzi, Kyle Wilhoit, and Alessandro Pasta, "A Security Evaluation of AIS," Trend Micro, 2014
Jenna Ahokas and Tuomas Kiiski, "CYBERSECURITY IN PORTS", HAZARD Project Turku School of Economics University of Turku, pp 15, 2017
SOPHOS, "Pirates hacked shipping company to steal info for efficient hijackings" https://nakedsecurity.sophos.com/2016/03/07/pirates-hacked-shipping-company-to-steal-info-for-efficient-hijackings/, 2019-04-20
Marko Helenius , "MARITIME CYBER SECURITY INCIDENT DATA REPORTING FOR AUTONOMOUS SHIPS," Master of Science Thesis, Tampere University of Technology, Nov. 2017
Marco Balduzzi, Alessandro Pasta, and Kyle Wilhoit, "A security evaluation of AIS automated identification system," ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference, pp. 436-445, Dec. 2014
Cyril Ray, Clement Iphar, Aldo Napoli, Romain Gallen, and Alain Bouju. "DeAIS project: Detectionof AIS Spoofing and Resulting Risks," MTS/IEEE OCEANS'15, May. 2015
MITRE,"CVE-2018-5728" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5728, 2019-04-15
MITRE,"CVE-2018-5267" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5267, 2019-04-15
MITRE,"CVE-2013-7180" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2013-7180, 2019-04-15
MITRE,"CVE-2018-5266" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5266, 2019-04-15
MITRE,"CVE-2018-5071" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5071, 2019-04-15
MITRE,"CVE-2014-2964" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-2964, 2019-04-15
MITRE,"CVE-2014-2942" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-2942, 2019-04-15
MITRE,"CVE-2014-0328" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-0328, 2019-04-15
MITRE,"CVE-2013-7180" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2013-19393, 2019-04-15
MITRE,"CVE-2014-2940" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-2940, 2019-04-15
CERT, "Cobham Sailor 6000 series satellite terminal contain hardcoded credentials", https://kb.cert.org/vuls/id/269991/, 2019-04-15
MITRE,"CVE-2014-2941" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-2941, 2019-04-15
MITRE,"CVE-2013-2038" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2013-2038, 2019-04-15
CVE Details,"CVE-2016-9339" https://www.cvedetails.com/cve/CVE-2016-9339/, 2019-04-15
MITRE,"CVE-2018-5401" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5401, 2019-04-15
MITRE,"CVE-2006-6488" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2006-6488, 2019-04-15
CVE Details,"CVE-2016-5817" https://www.cvedetails.com/cve/CVE-2016-5817/, 2019-04-15
CERT, "Furuno Voyage Data Recorder(VDR) moduleserv firmware update utility fails to properly sanitize user-provided input", https://www.kb.cert.org/vuls/id/820196/, 2019-04-15
MITRE,"CVE-2018-16705" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-16705, 2019-04-15
MITRE,"CVE-2018-16591" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-16591, 2019-04-15
MITRE,"CVE-2018-16590" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-16590, 2019-04-15
MITRE,"CVE-2017-3221" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2017-3221, 2019-04-15
MITRE,"CVE-2017-3222" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2017-3222, 2019-04-15
NVD,"CVE-2014-0326" https://nvd.nist.gov/vuln/detail/CVE-2014-0326, 2019-04-15
MITRE,"CVE-2014-0327" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2014-0327, 2019-04-15
NVD,"CVE-2018-5399" https://nvd.nist.gov/vuln/detail/CVE-2018-5399, 2019-04-15
MITRE,"CVE-2018-5400" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5400, 2019-04-15
MITRE,"CVE-2018-5401" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5401, 2019-04-15
MITRE,"CVE-2018-5402" https://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2018-5402, 2019-04-15
NVD,"CVE-2018-17174" https://nvd.nist.gov/vuln/detail/CVE-2018-17174, 2019-04-15
Shim Jae-Suk, Technical and Managerial Study of Personal Information Protection on Smart Grid Service, KISA-WP-2015-0044, KISA, pp. 90, Feb. 2016
*원문 PDF 파일 및 링크정보가 존재하지 않을 경우 KISTI DDS 시스템에서 제공하는 원문복사서비스를 사용할 수 있습니다.
Free Access. 출판사/학술단체 등이 허락한 무료 공개 사이트를 통해 자유로운 이용이 가능한 논문
※ AI-Helper는 부적절한 답변을 할 수 있습니다.