With the recent convergence of IT technologies, the environment surrounding the Critical infrastructure is changing from the existing independent and closed environment to the open environment. Also, As cyber attacks increase, the stable and continuou...
With the recent convergence of IT technologies, the environment surrounding the Critical infrastructure is changing from the existing independent and closed environment to the open environment. Also, As cyber attacks increase, the stable and continuous operation of the main infrastructure It is in danger. In particular, in the energy sector, cyber threats may not only result in an end to systems and critical services, but may lead to economic and financial turmoil, Therefore, there is a need for a cybersecurity capability enhancement plan that can cope with this.
This paper, first, analyzes the security threats according to the characteristics of the Critical infrastructure of the energy sector and environment, and analyzes the necessity and importance of protection.
Then, compared the strategies and policies established in Korea and abroad, the system for responding to cyber risk, and the organization for continuous communication and information sharing.
Lastly, This paper emphasize the necessity of management evaluation system, in order to continuously respond to cyber threats at the national level. The basic direction for the construction of the energy management evaluation system was set to reflect the characteristics of the energy sector and the elements for responding to security threats, based on the items of the management evaluation system currently being implemented in Korea .
The international standard used in this process is ISO / IEC27019, NERC CIP002-009, which is an international standard that is mainly used for building cybersecurity regulation and management evaluation of Critical infrastructure of energy sector. Finally, the elements are 13 items in five areas(information security organization, human security, physical and environmental security, communication and operation management, and business continuity).
In addition in order to strengthening cybersecurity, It is also necessary to establish an integrated policy as a support plan to implementing effective measures and continuously monitoring and managing cybersecurity. Also, It is necessary to provide a plan to cultivate professional manpower by establishing a human resources framework so that appropriate manpower can be provided for the protection of major infrastructure.
keyword: Critical Infrastructure Protection, Cybersecurity, Energy Sector, Policy Direction