Threat Information Collection and Analysis Method for Developing Cyber Security Threat Assessment Report

Seungmin Kim,Kookheui Kwon 한국방사성폐기물학회 2022 한국방사성폐기물학회 학술논문요약집 Vol.20 No.1

KINAC (Korea Institute of Nuclear Non-proliferation and Control) is entrusted with the NSSC (Nuclear Safety And Security Commission) to conduct threat assessments for nuclear facilities. As part of the threat assessment, DBT (Design Basis Threat) must be established every three years, and a threat assessment report must be developed for DBT establishment. This paper suggests a method for collecting and analyzing cyber threat information for the development of a cyber security threat assessment report. Recently, cyber threats not only in the IT (Information Technology) field but also in the ICS (Industrial Control System) field are rapidly increasing. As cyber threats increase, threat information including related attack techniques is also increasing. Although KINAC is conducting a threat assessment on cyber security at nuclear facilities, it cannot collect and analyze all cyber threat information. Therefore, it is necessary to determine a reliable source of threat information for threat assessment, and establish a strategy for collecting and analyzing threat information for DBT establishment. The first method for collecting and analyzing threat information is to first collect threat information on industrial fields with high similarity to nuclear facilities. Most of the disclosed cyber threat information is in the IT field, and most of this information is not suitable for closed-network nuclear facilities. Therefore, it is necessary to first collect and analyze threat information on facilities that use networks similar to nuclear facilities such as energy and financial sector. The second method is to analyze the attack technique for the collected threat information. The biggest factor in DBT reset is whether there is a new threat and how much it has increased compared to the existing threat. Therefore, it is necessary to analyze which attack technique was used in the collected threat information, and as part of the analysis, a cyber attack analysis model such as a kill chain can be used. The last method is to collect and manage the disclosed vulnerability information. In order to manage vulnerabilities, it is necessary to analyze what assets are in the nuclear facility first. By matching the reported vulnerability with the CDA (Critical Digital Asset) in the facility, it is possible to analyze whether the CDA can be affected by a cyber attack.As cyber threats continue to increase, it is necessary to analyze threat cases of similar facilities, attack techniques using attack models, and vulnerability analysis through asset identification in order to develop a threat assessments report.

군사위협의 신뢰성 평가 이론의 검토 -북한 위협 사례 분석을 중심으로-

전경주 한국정책개발학회 2020 정책개발연구 Vol.20 No.1

When assessing the credibility of a state’s military threat, there are two prominent theories: Past Actions theory and Current Calculus theory. The Past Actions theory posits that the credibility of a state’s current military threat rests on whether it kept or broke its declared commitments in the past. In contrast, according to the Current Calculus theory, past actions do not determine whether a state’s military threat is credible, but, rather, its power and interest to carry out the threat. This research revisits these two theories with the case of North Korea’s threat of all-out war in 2015 by looking at how the ROK government assessed the North’s threat credibility. The Current Calculus theory explains the examined case better than the Past Actions theory, but the case reveals those two theories’ disadvantages as well. This research concludes by suggesting additional points for the refinement of threat credibility theories and policy implications for the ROK government in assessing North Korea’s military threats. 군사적 위협의 신뢰성 평가와 관련하여 대표적인 두 가지 이론이 있다. 위협을 가하는 국가의 과거의 행적에 비추어 판단한다는 과거 행적 이론과, 해당 국가의 현재의 힘과 이해관계에 기반하여 판단한다는 현재 상황 이론이다. 본 논문은 두 이론들을 견주면서, 한국 정부가 북한 군사위협의 신뢰성을 어떻게 평가했는지를 설명하고자 한다. 본 논문은 2015년의 전면전 위협의 신뢰성을 평가할 때 2013년의 행적과 2015년 당시 상황 중 무엇이 한국 정부의 판단 근거였는지를 살펴봄으로써, 북한 사례에 있어서 현재 상황 이론이 더욱설득력을 가진다고 주장한다. 또한 북한 사례 분석을 통해 드러난 군사위협신뢰성 평가 이론들의 한계를 짚어보고, 동시에 도출할 수 있는 정책적 시사점을 제시한다.

포괄적 위험평가의 시론적 검토 : 미국 전략문서에 나타난 위험평가를 중심으로

손한별(Sohn Hanbyeol),최원석(Choe Wonseok) 신아시아연구소(구 신아세아질서연구회) 2022 신아세아 Vol.29 No.1

본 논문은 국가안보를 위협하는 요소를 총체적으로 평가하는 틀로서 ‘포괄적 위험평가’를 소개하고 그 필요성을 주장하는 데 목적을 둔다. 다양한 행위자의 등장, 세계화로 인한 지리적 제약의 소실과 영역의 융합, 선형적 위기단계 무력화 등으로 융합안보·융합보안의 시대를 맞고 있다. 기존의 위협평가만으로는 국가안보를 위협하는 요인을 모두 파악하기 힘들다는 것이다. 위협 또는 취약성만을 분석하는 것이 아니라 상대적 관계와 과정에 중점을 두는 인식의 전환이 필요하다. 이를 위해 자산, 위협, 취약성을 함께 평가하는 ‘포괄적 위험평가’를 강조한다. 논문은 미국의 시기별, 행정부별 전략문서 중 “국가안보전략서(NSS)”를 중심으로 위험평가의 관점에서 사례를 분석한다. 국가안보전략서에 나타난 미국의 위험평가가 시기별로 어떠한 요소를 강조하고 있는지, 왜 변화를 겪게 되었는지를 분석한다. ‘위협’의 주체와 양상, 스스로의 ‘취약성’을 강조하다가, 2010년대 후반부터는 중국과의 전략경쟁이 미국의 장기적인 국가이익에 미칠 ‘위험’을 포괄적으로 평가하기 시작했음을 밝힌다. 이를 통해 포괄적 위험평가가 한국의 전략기획을 위한 기초적 방법론으로서 필요함을 강조한다. This paper introduces the concept of ‘comprehensive risk assessment’ and argues for its adoption as a framework for a comprehensive evaluation of elements that threaten national security. Three perceptions of threat and threat assessment also apply to risk assessment. In the era of integrated security, and it is necessary to change perceptions to focus not only on threats or vulnerabilities but also on bilateral relationships. To this end, this paper emphasizes a ‘comprehensive risk assessment’ that jointly assesses assets, threats, and vulnerabilities. The paper analyzes the National Security Strategy (NSS) of the United States by time and administration as examples of a risk assessment perspective. It reveals that the U.S. emphasized the subject and aspect of “threat” periodically in the 1990s, recognized “vulnerability” after 9/11 in the 2000s, and began to comprehensively evaluate the “risk” of strategic competition with China since the late 2010s. It also argues for a comprehensive risk assessment as a basic methodology for Korea s strategic planning system.

Ordinary Citizens as Realists: How do Americans Assess Threat?

김석준 호남대학교 인문사회과학연구소 2020 인문사회과학연구 Vol.63 No.2

How do ordinary citizens assess threats posed by a rival state? International relations scholars, particularly realists, provide important insights into ordinary citizens’ threat assessment. Based on a survey experiment that utilizes a representative sample of U.S. citizens, this study examines how ordinary U.S. citizens assess a rival state’s threat. This study finds that instead of using all the information available, ordinary citizens utilize information about both state power and intentions heuristically for threat assessment. As a result, U.S. citizens respond as though they were offensive realists under certain conditions (when uncertainty about a strong state’s intentions is high), while they respond as though they were defensive (motivational) realists under some other conditions (when uncertainty about a strong state’s intentions is low). This study makes a theoretical contribution to the existing scholarship by empirically testing at the micro level the baseline assumption of realists of international relations over the role of a state’s intentions in threat assessment.

A Novel Information Fusion Model for Assessment of Malware Threat

Chao Dai,Jianmin Pang,Xiaochuan Zhang,Guanghui Liang,Hong Bai 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.5

It is not only important for security analysts to judge some binary code is malicious or not, but also to understand the malware “what to do” and “what’s the impact it posed on our information system”. In this paper, we proposed a novel information fusion model to quantitate the threat of malware. The model consists of three levels: the decision making level information fusion, the attribute level information fusion and the behavior level information fusion. These three levels portray special characteristics of malware threat distributed in the assessment model. Combined with the static analysis technology and real-time monitor technology, we implemented a framework of malware threat assessment. The experiment demonstrates that our information fusion model for malware threat assessment is effective to quantitate the threat of malware in accuracy and differentiation degree. In the end, we discussed several issues that could improve the performance of the model.

북한 대함탄도미사일 위협 분석

박영한,오경원,김지원,Park, Younghan,Oh, Kyungwon,Kim, Jiwon 항공우주시스템공학회 2016 항공우주시스템공학회지 Vol.10 No.3

This paper provides an empirical assessment of the development of North Korea's Anti-Ship Ballistic Missile (ASBM), and its influence on South Korea's maritime strategy. While research studies on North Korea's ballistic-missile capabilities and South Korea's ballistic-missile defense systems are proliferating, less analytical attention has been given to the way that the strengthening of North Korea's ballistic-missile capacities presents a critical threat to the ROK's navy and lines of communication. The authors of this paper identify the continuing development of unique ASBM capabilities by China and Iran, and determine that such processes are mutually interactive and in accordance with threat perceptions; furthermore, North Korea can enact the same process by learning lessons from these nations. The findings of this paper provide an implication for the formulation of South Korea's maritime strategy and the related assets in consideration of the ASBM as a future threat.

위협분석 도구로서 총괄평가의 필요성과 한국군 적용방안

김태현 ( Kim Taehyun ) 단국대학교 분쟁해결연구센터 2020 분쟁해결연구 Vol.18 No.1

본 논문은 한국이 직면한 전략환경의 도전적 요소와 군사위협 평가의 문제점을 제시하고, 이를 극복하기 위한 위협분석 도구로서 ‘총괄평가’의 필요성과 한국적 적용방안을 제시하는 데 목적을 둔다. 한국은 남북간 경쟁과 미중 경쟁이라는 이중 경쟁체제 속에서 국가생존을 도모해야 하는 도전적 국제질서에 직면해있다. 한국에는 어느 때보다 한국을 둘러싼 이중적 경쟁체제의 본질을 현실적으로 직시하고, 이러한 경쟁 관계의 핵심요소인 ‘군사력 균형’을 왜곡 없이 평가하는 노력이 절실하게 요구된다. 본 연구는 총괄평가가 냉전기 장기적 미소 군사경쟁을 미국의 ‘승리’로 견인하는데 유용한 위협분석 도구라는 점에 착안하여, 앞으로 한국군이 치열한 경쟁체제 속에서 복합적인 위협을 통찰력 있게 분석하고 효율적인 경쟁전략을 수립하기 위해서 총괄평가기구의 신설이 필요하다는 점을 주장할 것이다. This paper aims to present the challenges of the strategic environment facing Korea and problems in analyzing military threats, and to present the need for a “Net Assessment” as a analytical framework for “threat analysis”. South Korea faces a challenging “competitive international order” amid a dual competition system of “inter-Korean rivalry” and “U.S.-China competition.” More than ever, South Korea is desperately in need of efforts to realistically face up to the nature of the “double-competition system” surrounding the Korean Peninsula and evaluate without distortion the key element of such a rivalry, the military balance. After all, the study aims to provide insight into the problems of ‘inter-Korean’ and ‘inter-American’ balance in the current internal and external rivalry, based on the fact that the Net Assessment is a useful threat analysis tool that led the US to the long-term ‘winner’ of the Cold War.

A Study of the Security assessment methodology for Android Mobile App

김경곤,김휘강,김은진 한국지식정보기술학회 2015 한국지식정보기술학회 논문지 Vol.10 No.1

Apple iPhone was released on 2007, and Android 1.0 with alpha version was released in November of the same year. After seven years, in 2013, about 50 billion apps were downloaded from Android which tells that the mobile apps users were dramatically increased. Company also have developed and distributed mobile app to provide their service to users. As the number of mobile apps rapidlly increased, many mobile apps are still developed with vulnerability and distributed in markets due to the limitations of security assessment. Hackers usually repackag Apps and distribute the malicious Apps via Appstore or Googleplay in order to infect many devices. In this paper, we selected four mobile app security assessment methodologies. Local government, local private company, global security research institution and global consulting firm’s methodologies were selected. Android-based mobile app security assessment methodology was developed for the security personnel to develop and operate in their organization. Mobile app security assessments methodology consists of 3 areas and 9 sub items and added menu assessments approach. We conducted the assessment using this methodology for the major domestic tele-communication company and found out that the assessment methodology developed for Android mobile app was efficiently assessed without missing any items compared to existing assessment methodologies

Assessing North Korean Nuclear Intentions and Capacities: A New Approach

Jacques E. C. Hymans 동아시아연구원 2008 Journal of East Asian Studies Vol.8 No.2

This article develops a novel assessment of the nuclear program of the Democratic People's Republic of Korea. Using a theory-driven approach rooted in comparative foreign policy analysis, the article undermines two common assumptions about the DPRK nuclear threat: first, that the North Korean leadership's nuclear intentions are a measured response to the external environment and, second, that the DPRK has developed enough technical capacity to go nuclear whenever it pleases. In place of these assumptions, the article puts forth the general theoretical hypotheses that (1) the decision to go nuclear is rarely if ever based on typical cost-benefit analysis, and instead reflects deep-seated national identity conceptions, and (2) the capacity to go nuclear depends not only on raw levels of industrialization and nuclear technology, but also on the state's organizational acumen. Applied to the case of the DPRK, these hypotheses suggest that it has long been strongly committed to the goal of acquiring an operational nuclear deterrent, but also that it has been finding it very difficult to successfully implement that wish. The article also demonstrates that these hypotheses are supported by the meager evidence available on this case.

정보통신망 건축물의 재난관리를 위한 위험평가 연구

최윤철(Choi, Yun-Cheul),서광덕(Seo, Gwang-Deok) 대한건축학회 2016 大韓建築學會論文集 : 構造系 Vol.32 No.8

The frequency of occurrence of the disaster or large-scale accidents caused by recent hazard have increasingly. This is the sophistication of technology and pointed, due to rapid urbanization, is because the enclosing a variety of hazard and threat. Accordingly, in the present study was to determine the core risk of execution process based on the H building of risk assessment Risk management processes provided by ISO31000, and presents an efficient and systematic risk management scheme through the risk matrix analysis.