Early Cyber Security Ecosystem in Korea �(draft)
2022.01.08
Kim, Myungchul
mck@kaist.ac.kr
KAIST
2022.01 Kr4050 Meeting 2021.11.15rev11.15+
Table of Contents
References
Backup Pages
2
1. Definitions�1.1 Ecosystem, Technology Neutrality
3
1.2 The Internet Ecosystem
means the organizations and communities that help the Internet work and evolve.
Organizations that make up the Internet Ecosystem include:
[Source: Internet Society, Who makes the internet work: Internet Ecosystem, 2014.2.3]
4
1.3 Technology Neutrality
In the Internet, telecoms and data protection regulation, technology neutrality means that
[Source: Technology neutrality in Internet, telecoms and data protection regulation, Winston Maxwell and Marc Bourreau, Global Media and Communications Quarterly, 2014]
5
2. Timeline (Internet, 공인인증서, 기술중립성)
6
3. 공인인증서
7
3.1 공인인증서 - PC 보안 프로그램 설치 예�
8
4. Active X
이용자가 보안 프로그램 설치하지 않았다거나, 공인인증서 등 보안 관리를 소홀히 한 경우 등 이용자 과실이 있는 경우 금융사가 책임을 지지 않아도 되는 예외 조항 -> PC 보안 프로그램 설치
9
5. Issues
10
6. Remarks
11
References
- 전자정부 50년 (1967-2017), 행정안전부.
- Global Cyber Security Ecosystem, TR 103 306, ETSI, 2017.
12
References (continued)
- Technology neutrality in Internet, telecoms and data protection regulation, Winston Maxwell and Marc Bourreau, Global Media and Communications Quarterly, 2014.
- 운송 전환의 맥락에서 기술 중립성, De. Paul Lehmann, et al., Agora Verkehrswende, 2020.
- 이용자 보호 강화와 금융보안 합리화를 위한 전자금융거래법 개정안, 박지환, 오픈넷, 2015.03.
- 인터넷 이용자가 체감할 수 있는 변화를 만들기 위해, 공인인증서 의무사용 정책은 어떻게 폐기될 수 있었을까요?, 박지환, 오픈넷, 2020.
13
�
Backup Pages
14
Cyber Security Life-Cycle
15
Defense
Build
Attack
Basic Components of Cyber Security [1]
16
Organization of the global cyber security ecosystem
1) Forums that develop techniques, technical standards and operational practices; 3GPP - 3rd Generation Partnership Project, EC - European Commission, ETSI - European Telecommunication Standards Institute, ICANN - Internet Corporation for Assigned Names and Numbers, IEEE Standards Association, IETF, ISO, ITU, NATO, W3C, etc.
2) Major IT developer forums affecting cyber security; Amazon Web Services Forum, Android Developers Forum, Apple iOS Dev Center, Cisco Developer Network, FreeBSD, GitHub, Google Developers, Linux Foundation, Microsoft Windows, Oracle Java, etc.
3) Activities for continuous information exchange; ACSC - Australian Cyber Security Centre, CERT-FR. The French CERT, China National Vulnerability Database of Information Security, National Cyber Security Center, etc.
17
Organization of the global cyber security ecosystem
4) Centres of excellence; ACE-CSRs - Academic Centres of Excellence in Cyber Security Research, NCCoE - NIST National Cybersecurity Center of Excellence, etc.
5) Reference libraries, continuing conferences; Black hat® conference, DEF CON conference, RSA® conference, etc. and
6) Heritage sites and historical collections.
7) Customers: Individuals, Schools and Universities, Companies, Governments, Military, Security Agency, …
8) U.N. Charter (Geneva IV Convention), Tallinn Manual invited by NATO Cooperative Cyber Defence Center of Excellence
18
Case studies
Case 1. Cyber Attacks on Critical Infrastructure
Case 2. Analysis of Sate and Private-Led Cyberattacks
Case 3. 정보보호시장
Case 4. PC 보안프로그램
19
Case 1. Cyber Attacks on Critical Infrastructure� classified by Cybersecurity and Infrastructure Security Agency�
20
Top 11 cyber attacks on critical infrastructure�Adam Weinberg https://www.firstpoint-mg.com/blog/analysis-of-top-11-cyber-attackson-critical-infrastructure/
This state-sponsored malware attack was discovered first in a Saudi petrochemical plant, allowing hackers to take over the plant’s safety instrument systems (SIS).
2. Taiwan’s state-owned energy company, CPC Corp.
Though energy production remained undamaged, the hack threw the company’s payment system into chaos.
21
3. Israeli water systems
The attacks were designed to compromise the ICS command and control systems for Israel’s pumping stations, sewer systems, wastewater plants, and agriculture pumps.
4. Nippon Telegraph & Telephone (NTT)
The data breach leaked the data of 621 corporate clients and hybrid in nature, in that it was committed both from the cloud and on-site.
5. Moderna
Alleged China-backed hackers probed Moderna, a company at the forefront of Covid-19 vaccine development. They searched for site vulnerabilities and singled out users with expanded security authorization within the network in their hacking attempts.
22
6. Unnamed US natural gas operator
The cybercriminal first used a Spear Phishing Link to gain access to the IT network before employing the ransomware within the OT network. The compromised areas included Human Machine Interfaces (HMIs) and data storage.
7. Ukraine’s Power Grid
Half of the population (~700,000 individuals) of the Ivano-Frankivsk region in Ukraine was left without power in mid-December due to a malware attack.
8. San Francisco’s MUNI light-rail system
Hackers used ransomware called Mamba to compromise the city’s Municipal Railway (MUNI) light-rail, breaching the system to access and encrypt over 2000 office systems.
23
9. Iranian Cyber Attack on New York Dam
Iranian state-sponsored hackers, the ITSec Team, or Mersad Company, broke into the Supervisory Control And Data Acquisition (SCADA) systems of the Bowman Dam in New York.
10. Unnamed American Water Authority
The hackers used the cellular routers to jack up the cellular data bills by 15,000%, from $300 monthly to over $50,000 over a ~two-month period.
11. Colonial Oil Pipeline
The hacker group DarkSide also stole more than 100GB of data from company servers prior to the attack, and only handed over control after Colonial paid $5 million in cryptocurrency. �
24
25
Case 2. Analysis of Sate and Private-Led Cyberattacks [2]
26
27
Case 3. 정보보호 시장
28
29
Recommendation and discussion
30
References
[1] ETSI TR 103 306 - V1.2.1 - CYBER; Global Cyber Security Ecosystem, 2017.
[2] Preventing State-Led Cyberattacks Using the Bright Internet and Internet Peace Principles, Young Yung Shin, Jae Kyu Lee, and Myungchul Kim, Journal of the Association for Information Systems, 2018.
31
32