The development of autonomous ships relies heavily on the Internet technologies, which have introduced a new type of risk to the shipping industry. Increasing dependence on the Internet computing and satellite communications makes cybersecurity a significant consideration for the current operation and future development of autonomy technology in the shipping industry. Cyber risks will be a more critical issue for maritime autonomous surface ships (MASS). This research identifies current international regulatory issues concerning cybersecurity in MASS, and exam ines potential regulatory improvements for the effective prevention and control of potential cyber risks. In terms of improvements, the authors suggest the adoption of a mandatory goal-based MASS code that constitutes an independent cyber risk management, separate from existing safety management systems based on the International Safety Management code. In addition, the SUA Convention for the suppression of unlawful acts against shipping must be revised to actively respond to cyber-crime as an emerging threat in the era of MASS.

The licensee of nuclear facilities in the Republic of Korea should ensure the functionality of Critical Digital Assets (CDAs) is maintained and minimize the negative impact of cyber-attacks by establishing a cyber security contingency plan. The contingency plan should include detailed response guidelines for each stage of detection, analysis, isolation, eradication, and recovery and comply with the requirements specified in KINAC’s “Regulatory Standard 015 - Security for Computer and Information System of Nuclear Facilities”. However, since the cyber security contingency plan describes the overall response guidelines for CDA, it may be difficult to respond practically to cyberattacks. This paper suggests a method to address this issue by performing exercises based on the classification of CDA types. CDAs in nuclear facilities can be classified according to their characteristics. The criteria for classifying CDA types include whether the asset is a PC, whether communication ports (RS-232, 422, 485) exist, whether storage devices can be connected through USB/memory card ports and whether internal settings can be changed through HMI devices such as built-in buttons. By classifying CDA types based on the proposed criteria, the attack vectors of CDAs can be defined. By defining the attack vectors, a list of cyber-attacks that CDAs may face can be created, and abnormal symptoms of CDAs resulting from the listed cyber-attacks can be defined. By using the defined abnormal symptoms of CDAs, the response measures of detection, analysis, isolation, eradication, and recovery can be concretized and reflected in the contingency plan. This may enable a more practical emergency response. This paper presents an improvement to the cyber security emergency response plan through the definition of cyber-attacks based on the classification of CDA types. By improving the contingency plan for CDAs as a whole using the proposed method, it is expected that more effective response measures can be taken in the event of a cyber-attack.

Nuclear Safety and Security Commission (NSSC) and KINAC review a Cyber Security Plan (CSP) by「ACT ON PHYSICAL PROTECTION AND RADIOLOGICAL EMERGENCY」. The CSP contains cyber security implementation plans for the licensee’s nuclear power plant, and it shall meet the requirements of KINAC/RS-015, a regulatory standard. The KINAC/RS-015 provides more detailed information on the legal requirements, so if licensees implement cyber security under the approved CSP, they can meet the law. To protect nuclear facilities from cyber-attacks, licensees should identify their essential digital assets, so-called “Critical Digital Assets” (CDAs). Then, they apply cyber security controls (countermeasures for cyber-attacks) on CDAs consisting of technical, operational, and management security controls. However, it is hard to apply cyber security controls on CDAs because of the large amounts of CDAs and security controls in contrast to the shortage of human resources. So, licensees in the USA developed a methodology to solve this problem and documented it by NEI 13-10, and US NRC endorsed this document. The main idea of this methodology is, by classifying CDAs according to their importance, applying small amounts of security controls on less important CDAs, so-called non-direct CDAs. In the case of non-direct CDAs, only basic cyber security controls are applied, that is, baseline cyber security controls. The baseline cyber security controls are a minimum set of cyber security controls; they consist of control a) from control g) a total of 7 controls. Although non-direct CDAs are less critical than other CDAs (direct CDAs), they are still essential to protect them from cyber-attacks. This paper aims to suggest a cyber security enhancement method for non-direct CDAs by analyzing the baseline cyber security controls. In this paper, baseline cyber security controls were analyzed respectively and relatively and then concluded how to apply small amounts of cyber security controls on non-direct CDAs rather than direct CDAs without scarifying cyber security.

디지털 기술의 발전에 따라 해상환경은 빠르게 변화할 것으로 예상된다. 자율운항선박의 경우 국내ㆍ외 많은 국가에서 기술개 발 중이며, 국제사회는 이를 운용하기 위한 논의도 시작되었다. 선박의 변화는 해상교통 환경의 변화를 야기하며, 육상지원시설에 대한 변화도 촉구한다. 본 연구는 항행지원시설의 사이버 보안 체계 개선을 위해 해상교통관제 인원의 사이버 보안 관리 인식을 분석하고자 한다. 이를 위해 해상교통관제 중심으로 사이버 보안 관리 현황을 살펴보고, 해상통관제 인원을 대상으로 설문조사를 실시하였다. 설문조 사 분석은 IPA 방법론을 활용했으며, 분석결과 보안담당 경험이 있는 인원과 경험 없는 인원의 사이버 보안에 대한 인식차이가 뚜렷하게 나타났다. 더불어 사이버 공격 탐지 및 차단 관련 기술적인 조치가 가장 우선적으로 시행되어야할 사항으로 나타났다. 본 연구 결과는 항 행지원시설에 대한 사이버 보안 관리 체계 개선을 위한 기초자료로 사용될 수 있다.

Nuclear power plants (NPPs) are designed in consideration of redundancy, diversity, and independence to prevent leakage of radioactive materials from safety of view, and a contingency plan is established in case of DBA (Design Basis Accident) occurrence. In addition, NPPs have established contingency plans for physical attacks, including terrorist intrusions and bomb attacks. However, the level of contingency plan caused by cyberattacks is quite insufficient compared to the contingency plan in terms of safety and physical protection. The purpose of this paper is to present the problems of cyberattack contingency plan and methods to supplement it. The first problem with cyberattack contingency plan is that the initiating event for implementing the contingency plan is undecided. In terms of safety, the DBA is identified as an initial event, and each contingency plan is based on the initial events specified in the DBA such as Loss of Coolant Accident and Loss of Offsite Power. In terms of physical protection, each has a contingency plan by identifying bomb attacks and terrorist intrusions in Protected Area and Vital Area as initial events. On the other hand, in the contingency plan related to a cyberattack, an initial event caused by a cyberattack is not identified. For this, it is necessary to classify the attack results that may occur when the CDA is compromised based on the attack technique described in Design Basis Threat. Based on this, an initiating event should be selected and a contingency plan according to each initiating event should be established. The second problem is that there is no responsibility matrix according to the occurrence of the initiating event. From a safety point of view, when a DBA occurs, the organization’s mission according to each initial event is described in the contingency plan, and related countermeasures are defined in case of an accident through Emergency Operation Procedure. In the case of physical protection, referring to IAEA’s Regulatory Guide 5.54, the organization’s responsibility is defined in matrix form when an initial event such as a bomb attack occurs. In this way, the responsibility matrix to be carried out in case of initiating events based on the defined initial event should be described in the contingency plan. In this paper, the problems of the cyberattack contingency plan are presented, and for this purpose, the definition of the initial event and the need for a responsibility matrix when the initial event occurs are presented.

Because a cyber-attack on industrial control system (ICS) and/or critical infrastructure such as NPPs is evolving, it is necessary to develop a cyber security regulation technology corresponding to the attack technology. Nevertheless, it is almost impossible to test actual I&C systems in NPPs for evaluating cyber security against new vulnerabilities or attack vectors. So, a testing environment is needed to conduct penetration tests and evaluate the overall cyber security of NPPs. For that purpose, KINAC is developing a cyber security test bed and has plans to apply the insight from the test bed to cyber security regulation in NPPs. Conceptually, the test bed is divided into two parts, H/W parts and S/W parts. The S/W part is mainly composed of a NPPs simulator, especially APR 1400 simulator model. Originally, the I&C systems are implemented by computer codes in the simulator model, however, parts of I&C systems in the simulator are implemented by H/W in the test bed. Then, these actual H/W-based I&C systems are wired to the simulator. Because the cyber security test only can be carried out on real I&C systems (H/W-based I&C systems), it is important to decide on the scoping of HIL in the simulator. In this decision process, the purpose of testing should be considered a priority. The decision process of scoping HIL in the simulator in line with the test purpose is discussed in this paper. For example, if the test purpose is to evaluate the consequences of NPPs induced by cyber-attacks, safety analysis results may be utilized in the decision process. Especially, if the consequences are fuel integrity in NPPs, level 1 PSA results may be used to decide the HIL scope. In that case, most of the I&C systems are safety-grade I&C systems. The number of safety-grade I&C systems is still too much so, more analysis should be accomplished to narrow down the numbers. To derive the most mitigation measures by comparing the mitigation measures in each initiating event may be one example of narrowing down the number of I&C systems. From these processes, the scope of HIL in the simulator corresponds to the test purpose may be decided.

KINAC has regulated cyber security of nuclear facilities based on「Act on Physical Protection and Radiological Emergency」and KINAC/RS-015 “Security for Computer and Information System of Nuclear Facilities”, a regulatory guide. By that law and regulatory guide, nuclear licensees shall protect digital assets so-called CDAs, which are conducting safety, security, and emergency preparedness functions from cyber-attack. First of all, to protect CDAs from cyber-attack, licensees should identify CDAs from their assets according to the RS-015. The identification methods are provided in another regulatory guide, RS-019. To research the best practice, a reference case is selected as a U.S. case. In this study, a comparison analysis was conducted especially focused on EP CDAs identification methodology between R.O.K. and U.S., because the regulation basis is relatively insufficient in R.O.K., and improvement plans for the cyber security regulations in R.O.K were proposed. From the analysis, it was identified that detailed methods to identify EP function are provided in NEI 10-14 “Identifying Systems and Assets Subject to the Cyber Security Rule” published by Nuclear Energy Institute (NEI), an institute of nuclear power reactor licensees. Also identified that the definition of EP function is provided clearly in NEI 10-04 based on related regulation, 10 CFR 50.47 “Emergency Plans”. In that regulation, licensees shall follow and maintain the effectiveness of an emergency plan that meets the sixteen planning standards of 10 CFR 50.47(b). So, these sixteen planning standards correspond to the emergency preparedness functions. In NEI 10-04, scoping considerations for emergency preparedness function are provided referring to sixteen planning standards. Moreover, in that scoping considerations, planning standards, planning standard functions and 10 CFR 73.54 “Protection of digital computer and communication systems and networks” scoping guidance are provided, so, licensees identify EP CDA in their assets conveniently. In case of R.O.K., because these sixteen planning standards are not established, there is an ambiguity in identifying EP CDAs. The only related provision is “Detailed Standards for Establishment of Emergency Plan”. To resolve the ambiguity, it is needed to analyze sixteen planning standards in 10 CFR 50.47(b) and “Detailed Standards for Establishment of Emergency Plan”. Then, should be developed ‘scoping considerations for emergency preparedness function’ based on the analysis as provided in NEI 10-04.

KINAC (Korea Institute of Nuclear Non-proliferation and Control) is entrusted with the NSSC (Nuclear Safety And Security Commission) to conduct threat assessments for nuclear facilities. As part of the threat assessment, DBT (Design Basis Threat) must be established every three years, and a threat assessment report must be developed for DBT establishment. This paper suggests a method for collecting and analyzing cyber threat information for the development of a cyber security threat assessment report. Recently, cyber threats not only in the IT (Information Technology) field but also in the ICS (Industrial Control System) field are rapidly increasing. As cyber threats increase, threat information including related attack techniques is also increasing. Although KINAC is conducting a threat assessment on cyber security at nuclear facilities, it cannot collect and analyze all cyber threat information. Therefore, it is necessary to determine a reliable source of threat information for threat assessment, and establish a strategy for collecting and analyzing threat information for DBT establishment. The first method for collecting and analyzing threat information is to first collect threat information on industrial fields with high similarity to nuclear facilities. Most of the disclosed cyber threat information is in the IT field, and most of this information is not suitable for closed-network nuclear facilities. Therefore, it is necessary to first collect and analyze threat information on facilities that use networks similar to nuclear facilities such as energy and financial sector. The second method is to analyze the attack technique for the collected threat information. The biggest factor in DBT reset is whether there is a new threat and how much it has increased compared to the existing threat. Therefore, it is necessary to analyze which attack technique was used in the collected threat information, and as part of the analysis, a cyber attack analysis model such as a kill chain can be used. The last method is to collect and manage the disclosed vulnerability information. In order to manage vulnerabilities, it is necessary to analyze what assets are in the nuclear facility first. By matching the reported vulnerability with the CDA (Critical Digital Asset) in the facility, it is possible to analyze whether the CDA can be affected by a cyber attack.As cyber threats continue to increase, it is necessary to analyze threat cases of similar facilities, attack techniques using attack models, and vulnerability analysis through asset identification in order to develop a threat assessments report.

In accordance with the Enforcement Decree of the Act on Physical Protection and Radiological Emergency, operators of Nuclear Power Plants (NPP)s must conduct full cyber security exercise once a year and partial exercise at least once every half year. Nuclear operators need to conduct exercise on systems with high attack attractiveness in order to respond to the unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities. Nuclear facilities identify digital assets that perform SSEP (Safety, Security, and Emergency Preparedness) functions as CDA (Critical Digital Assets), and nuclear operators select exercise target systems from the CDA list and perform the exercise. However, digital assets that have an indirect impact (providing access, support, and protection) from cyber attacks are also identified as CDAs, and these CDAs are relatively less attractive to attack. Therefore, guidelines are needed to select the exercise target system in the case of unauthorized removal of nuclear or other radioactive material and sabotage response exercise. In the case of unauthorized removal of nuclear or other radioactive material, these situations cannot occur with cyber attacks and external factors such as terrorists must be taken into consideration. Therefore, it is necessary to identify the list of CDAs that terrorists can use for cyber attacks among CDAs located in the path of stealing and transporting nuclear material and conduct intensive exercise on these CDAs. A typical example is a security system that can delay detection when terrorists attack facilities. In the case of sabotage exercise, a safety-related system that causes an initiating event by a cyber attack or failure to mitigate an accident in a DBA (Design Basis Accident) situation should be selected as an exercise target. It is difficult for sabotage to occur through a single cyber attack because a nuclear facility has several safety concepts such as redundancy, diversity. Therefore, it can be considered to select an exercise target system under the premise of not only a cyber attack but also a physical attack. In the case of NPPs, it is assumed that LOOP (Loss of Offsite Power) has occurred, and CDA relationships to accident mitigation can be selected as an exercise target. Through exercise on the CDA, which is more associated with unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities, it is expected to review the continuity plan and check systematic response capabilities in emergencies caused by cyber attacks.

The cyber-attack on Natanz nuclear facility in Iran which called Stuxnet showed how cyber could affect the physical system. If cyber-attack on NPPs compromise digital I&C system, it may occur some malfunction on actuators and at worst, radioactive material released into the environment. However, it is hard to test the cyber security on operating NPPs because of the safety problems. So, it is necessary to develop a test-bed to test both the cyber security of NPPs and the effect of cyber-attack on NPPs. KINAC has been developing NPPs test-bed to evaluate the cyber security of NPPs, validate cyber security controls of licensee and train the inspectors. In this paper, the conceptual design of NPPs cyber security test-bed will be discussed. Actual I&C systems such as PLC (Programmable Logic Controller) and DCS (Distributed Control System) are essential for testing cyber security. Also, NPPs simulator is one of important part to evaluate or analyze the effect of cyber-attack on NPPs. Usually, NPPs simulator consists of software which contains nuclear model, thermal-hydraulic model, execution program and GUI and hardware which contains workstation, operator console, PC and large display panel. It provides very similar to actual NPPs to users. However, in case of conventional NPPs simulator, I&C part is implemented as a software, so it is impossible to test the cyber security. To solve this issue, in case of the NPPs cyber security test-bed, I&C part should be hardware and simulation code should be modified to connect the hardware I&C part and software simulator using the HIL (Hardware-in-the-loop) method. The main purpose of this NPPs cyber security test-bed is to utilize in NPPs cyber security regulation. So, KINAC is developing the test-bed with APR 1400 simulator model and KNICS PLC and DCS platform. These real hardware I&C system will be connected to hacker’s PC to test cyber security of NPPs. Also, the data set will be updated with real NPPs data set after the test-bed development finished. Furthermore, to give various analysis environment, archiving equipment that archive major plant process data, network packet between I&C systems and the like will be added. This NPPs cyber security test-bed combined the good points of conventional NPPs simulator and cyber security test-bed. It can test the cyber security of NPPs that conventional NPPs simulator cannot do. Also, it can evaluate and analyze the impact of cyber-attack on NPPs that cyber security test-bed cannot do.

오늘날 선박의 운항시스템에는 고도의 정보통신기술이 적용된다. 이는 선박 운항의 경제성, 안전성, 친환경성을 향상시키는 반면에, 선박 사이버보안에 대한 위험성을 증가시켜 사이버보안 사고의 원인으로 작용한다. 선박 사이버보안 사고는 선박 및 항만의 운영시스템을 중단시킬 수 있으며, 복구 및 정상화를 위한 많은 시간과 비용 등의 막대한 피해를 발생시킨다. 최근 국제해사기구 및 각국의 선급은 선박 사이버보안 강화를 위하여 선박 사이버보안에 대한 지침을 개발하여 배포하였고, 이를 이행하도록 함으로써 법적 강제성을 부여하고 있다. 그러나 현재 우리나라의 경우 선박 사이버보안 관련 법제는 부재한 상태이며, 선박 사이버보안 사고에 대한 체계적인 대응이 미흡한 수준이다. 따라서 선박 사이버보안을 강화하기 위한 법적 근거를 마련할 필요성이 제기되고 있으며, 이를 위한 관련 법제의 정비가 시급한 시점이다. 이 연구는 선박 사이버보안을 강화하기 위하여 관련 법제를 정비함으로써 체계적 대응의 기반을 마련하는 것을 목적으로 한다. 이를 위해 선박 사이버 보안에 대한 국제적인 대응 즉, 국제해사기구, 선급, 해운 산업계 및 주요 해운국의 동향을 조사하였고, 우리나라의 사이버보안 관련 법제의 문제점을 도출하여, 효과적인 법제적 대응을 위한 개정방안을 제시하였다.

Small and medium-sized enterprises(SMEs) continue to adopt ICT to gain an edge in organizational innovation and competition. This has a management advantage, but it also brings vulnerabilities as to cyber security. Therefore, the purpose of this study is to conduct an exploratory study on the cyber security situation of SMEs. A survey was conducted on Korean SMEs to determine how well they are connected to ICT and how much they are exposed to cyber security threats. The results suggest two things. First, Korean SMEs are well connected to ICT, but there is a gap between the actual adoption and human recognition of its importance. Second, security threats and breaches affect the majority of SMEs, but several problems including costs have not been properly evaluated. The results of this study are expected to help improve the cyber security management system of Korean SMEs.

The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to ‘Hardware and Software upgrade’, ‘network access control’, and ‘data backup and recovery’ were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

정보통신기술의 발전에 따라 선박과 육상 간의 정보교환은 더욱 빠르고 편리해졌으나 선박정보에 대한 접근이 용이해져 사이 버보안 공격에 대한 우려도 커지고 있다. 선박이 사이버 공격의 피해를 입게 되면 복구하는데 막대한 비용과 시간 손해가 발생하며, 해사 산업계는 선박 사이버보안 책임자를 지정하여 보안관리 업무를 담당할 것을 요구하고 있다. 공격의 피해를 줄이고 효과적인 대응을 위하여 선박 사이버보안 책임자를 위한 전문적 교육과정이 필요하다. 이 연구의 목적은 선박 사이버보안 책임자 교육과정과 법제정비 필요성 제시에 있으며, 이를 위해 국내외 동향 및 사고사례, 주요 사이버보안 교육과정을 조사하였다. 조사결과를 바탕으로 선박 사이버보안 책임자에게 필요한 표준교육과정을 개발하였고 관련 법제정비의 방향성을 제시하였다. 연구의 결과는 향후 선박 사이버보안 책임자 교육과정을 개설하는데 기초자료로 활용될 수 있다.

대한민국은 세계 최초로 5G기술을 상용화하는데 성공하였다. 일부에서는 미비한 기술로 너무 서둘렀다는 비판도 제기하고 있지만 ‘경제전쟁’이 라는 용어가 일상화된 국제질서에서 불가피한 선택이었음은 분명하다. 5G기술은 우리의 혼자 힘으로 이룩한 것이라고 보기 곤란하다. 그 안에는 여러 국가의 기술과 제품이 혼재되어 있다. 이는 보안취약점을 노출 하는 위험성을 가지고 있다. 이미 여러 차례 북한으로부터 사이버공격을 받은 우리에게 5G는 역설적이게도 새로운 위협으로 다가올 수 있다. 미국이 중국의 특정회사를 지목하여 퇴출에 가까운 조치를 취한 것은 이러한 위험성을 새롭게 인식시키는 계기가 되었다. 최근 정부는 이러한 사이버안보문제에 대한 대책으로 지난 4월 청와대 국가안보실에서 ‘국가사 이버안보전략’을 발표했다. 5G기술에 필요한 기술이나 제품을 다른 국가의 기업에 의존할 수밖에 없는 것이 어쩔 수 없는 현실임을 감안한다면, 이를 적절하게 관리하고 통제하기 위해 일정한 국제협력이 반드시 필요하다. 5G표준화를 선도하여 국가경쟁력을 높이고 미래산업을 육성하기 위해서도 더욱 필요하다. 그러나 반대로 국제협력을 통해 5G기술의 취약점이 노출되지 않도록 조심해야한다. 결국 초연결로 만들어질 5G사회를 안전하게 관리하고 관련 산업분야를 발전시키기 위해서라도 국가의 사이버안보를 관리하는 주체가 마련되고 이를 법제화해야한다. 이를 위해 체계적인 관리방안을 마련 해야한다. 이미 우리의 삶에 밀접하게 다가오기 시작한 AI기술과 자율주행기술은 과거 우리가 경험했던 사이버테러와는 전혀 다른 피해규모를 가져올 개연성이 충분하다. 이를 미리 예방하고 대비하기 위해서 더욱 안보적인 관점으로 이에 접근할 필요성이 있다. 현재와 같이 관련기관이 모여 피해상황을 파악하고 해결방안을 마련하는 방식으로는 적절한 대응이 어렵다. 이제 시작된 5G의 상용화로 발생할 수 있는 안보상 문제점 등을 미리 파악하고 현장에서 즉시 대응하는 방식으로 조직체계를 재정비하고 이를 뒷받침하는 법률을 제정할 시점이다.