Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Korea’s Approach to Network Security 21 May 2002 Cha, Yang-Shin Ministry of Information and Communication.

Published byKathryn Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Korea’s Approach to Network Security 21 May 2002 Cha, Yang-Shin Ministry of Information and Communication."— Presentation transcript:

1 1 Korea’s Approach to Network Security 21 May 2002 Cha, Yang-Shin Ministry of Information and Communication

2 2  Advancement in the Information Society and New Threats  Information Infrastructure Protection Act  Information Infrastructure Protection Framework  Incident Prevention and Response  Other Activities  Future Policy Direction ContentsContents

3 3 Advancement in the Information Society and New Threats

4 4  World’s Best Info-Communication Infrastructure and Dramatic Increase of Internet Users  Connect Every Region of the Country with Info-Super-highway  Approximately 25 Million Internet Users (Dec. 2001)  More than 7.8 Million Broadband Subscribers (Dec. 2001) 1999.12000.82000.122001.12 Users (in thousands) 9,43316,40319,04524,380 Percentage of Users 22.438.544.756.0 Rapid Growth in Information Society

5 5  Increased Dependency on IT Systems  E-Government  E-Business  E-Education  E-Healthcare, etc.  Increased Interdependency  National Administration Network, Korean Education Network, Online Banking, Electronic Commerce, etc. Importance of the Information Infrastructure

6 6  Hacking and Computer Virus  Viruses, Trojan Horses, Logic Bombs, Internet worm  Manipulation or Destruction of Operating Systems, Application Software or Data  Manipulation by Insiders  Manipulation of Communication Links  Information Warfare, etc. Challenges & Threats to the Information Society

7 7 Information Infrastructure Protection Act

8 8  MIC  Director General for Information Security  Cyber Crime Investigation bodies in Public Prosecutors’ office  Internet Crime Investigation Center, SPPO  Computer Crime Investigation Squad in 20 District PPO  KNPA  Cyber Terror Response Center  MoD, NIS, MoGHHA, etc  Korea Information Security Agency, etc Legislation ( Background I )

9 9  Facilities protected by Diverse Laws in each Sectors  Focused on Physical Protection  Insufficient Counter-Measures against Cyber-Attack  Outbreak of Cyber-Attacks on Internet Web-sites  DoS Attack on Yahoo, CNN, e-Bay, etc. (Feb. 2000)  Enormous Econo-Social Damage due to Cyber-Attack Legislation ( Background II ) Need for Overall Info-Communication Infrastructure Protection Initiatives

10 10  Developments  Ministerial Meeting on the Prevention of Cyber-Terrorism (Feb. 2000) – Decided to Legislate a Law covering Comprehensive and Systematic Information Infrastructure Protection and Counter Measures against Cyber-Terrorism  Legislation Committee (Feb. 2000 to Dec. 2000)  Enactment of Information Infrastructure Protection Act (Jan. 2001)  Effective from July 2001 Information Infrastructure Protection Act ( 1 ) Framework for II Protection

11 11  Outlines  Establish Governmental Framework for Information Infrastructure Protection –Committee on Protection of Information Infrastructure –CII Related Ministries –Infrastructure Management Bodies  Protection Measures –Selection and designation of CII –Vulnerability Assessment => Protection Measures & Plans Information Infrastructure Protection Act ( 2 )

12 12  Outlines (Cont.)  Prevention & Response –Prevention : Security Guideline, Protection Measures –Response : Security Warning, Recovery  Technical Support  Development of Technologies  International Cooperation  Severer Punishment for Cyber Crimes against II Information Infrastructure Protection Act ( 3 )

13 13 Information Infrastructure Protection Framework

14 14  Committee on the Protection of Information Infrastructure  Chair : Prime Minister  Members : Ministers related to CII  Mission : Deliberation and Coordination of Selection of CII and Security Plans and Policies  Ministers related to CII  Designation of CII, Establishment of Security Plan  Security Guidelines, Demand/Recommendation of Security Measures Overall Government Protection Framework ( 1 )

15 15  CII Management bodies  Vulnerability Assessment, Security Measures  Cyber Incidents Prevention and Response  Technical Supporting bodies  Accredited Vulnerability Assessment bodies  KISA  ETRI  Information Security Consulting Service Providers  Technical support in vulnerability assessment, Security Measures Implementation, Prevention and Response Overall Government Protection Framework ( 2 )

16 16 Designation of CII ( 1 )  Information Infrastructure  Electronic Control and Management Systems  Information Systems and Communication Networks, etc.  Critical Information Infrastructure  Have Major Impact on National, Economic and Social Security  Designated by Ministers through Committee on the Protection of Information Infrastructure

17 17 Designation of CII ( 2 )  Criteria for Selection  Importance of its Service to the People and Nation  Reliance on CII in Performing its Missions  Interconnection with other Information and Communication Infrastructures  Scope of Impact on the Defense or Economic Security  High Incidence, Difficulties of Efforts Needed for the Restoration

18 18 Vulnerability Assessment  Who  CII Management Body  When  Within 6 Months after the Designation of CII  Re-Assessment in Every Other Year  How  Assessment by Infrastructure Management Body by assistance of Technical Supporting bodies  Technical Supporting bodies  KISA, ETRI, Information Security Consulting Service Provider

19 19 Plan & Measures for Protection  Infrastructure Management Body  After the Assessment, Develop Security Measures  Submit Security measures to the Ministry Concerned  Ministries  Combine Individual Infrastructure Protection Measures to form a Security Plan under their Jurisdiction  Committee on the Protection of Information Infrastructure  Review and Coordinate Security Plans Developed by Ministers

20 20 Support ( 1 )  Korea Information Security Agency(KISA)  Develop and Disseminate Information Security Guideline –Used by Infrastructure Management Bodies and Industries  Vulnerability Assessment  Develop Security Measures, Provide Technical Support for Prevention and Recovery  Develop and Disseminate II Security Technology

21 21 Support ( 2 )  Information Security Consulting Service Provider(ISCSP)  Authorized by MIC to Provide Consulting Service regarding Vulnerability Assessment and Security Measure on CII  Designation Requirements –More than 15 Qualified Technical Engineers –Capital greater than 2 Billion KRW (USD 1.5 M) –Equipments provided in Presidential Decree

22 22 Support ( 3 )  Information Sharing and Analysis Center(ISAC)  Prevention and Response to Incidents in Specific Sectors such as Financial or Telecommunication  Mission –Real-Time Warning and Analysis on Incidents –Provide Information on Vulnerabilities and Countermeasures –Vulnerability Assessment if Accredited by MIC  Telecommunication ISAC established, Financial ISAC to be formed soon

23 23 Incident Prevention and Response

24 24 Incident Response and Recovery ( 1 )  Incident Response  Self Response by Infrastructure Management Body –Report to Minister, KISA or Investigation Offices  If Necessary, Request for Technical Assistance from Technical Supporting bodies such as KISA, ETRI  For Large Scale Incidents, Establish Temporary Incident Response Headquarters

25 25 Incident Response and Recovery ( 2 )  Recovery  Prompt and Necessary Steps to Restore and Protect CII  If necessary, Request for Technical Assistance from KISA  International Cooperation  Share Information on Vulnerability and Incident Responses (FIRST, APSIRC, etc)  Collaborative Incident Investigation

26 26 Incident Response and Recovery ( 3 )  Incident Response Headquarters  Established Temporarily, When Large Scale Incidents occurs, by the Chairman of the Committee on the Protection of Information Infrastructure  Mission –Emergency Response, Technical Assistance and Recovery  Members –Chief : Appointed by the Chairman(the Prime Minister) –Members : Government Officers from the CII related Ministries, Civil Specialists for IT Security

27 27 Offences and Penalties  Disrupt, Paralyze and Destroy Critical Information Infrastructure by  Unauthorized Access to CII, or Fabrication, Destruction, etc., in excess of his or her authority.  Installation of Malicious Programs/Code  Denial of Service Attack => Imprisonment for 10 Years or a Fine of 100 Million Won  Incidents against Ordinary Information Systems  Imprisonment for 5 years or a fine of 50 Million Won

28 28 CII Protection related Activities  Nov. 2001, 9 Companies were Accredited as ISCSPs  Dec. 2001, First Meeting of the Committee on Protection of the Information Infrastructure Meeting  Designated 23 Infrastructures under 4 Ministries as CIIs –MIC, MoGAHA, MoFA, MoHW  First half of 2002  Vulnerability Assessment and Development of Security Measures for CIIs under way  Develop Security Plans for 2003  2nd Designation of CIIs(Financial, Industrial Support Sectors)

29 29 Other Activities

30 30 Other Activities ( 1 )  Prevention and Awareness Program(MIC, KISA)  Operation of Anti-Hacking & Virus Consulting Center  Remote Vulnerability Assessment  “Anti-Hacking & Virus Day” (15th of Every Month)  Develop & Disseminate Security and Response Guidelines  Education & Training for Managers(Schools, PC Room, Small & Middle Sized Companies)  Early Warning & Alert System (e-WAS) (being developed)

31 31 Other Activities ( 2 )  Develop Cyber-Terror Prevention Technology  E-WAS and Secure Messenger  Real-Time Scan Detector(RTSD)  Develop Vulnerability Assessment and Intrusion Detection Tools => Build Vulnerability DB  Foster Industry  Develop and Disseminate Information Security Technologies  Information Security Industry Support Center(Test-Bed)

32 32 Other Activities(3)  International Cooperation  Participate in International Meetings including OECD, APEC, ITU –Measures for Enhancing Information and Network Security –Exchange of information with Regard to Policies and Practices –Frameworks for Security Information Sharing –Raise Awareness of Security by Education & Training  Cross-border Information sharing on Incidents and Responses  Promotion of International Cooperation on Cyber-Terror Prevention Technologies  Cooperation on Cyber-Terror Investigation

33 33 Future Policy Direction

34 34 Future Policy Direction  Continue to Improve and Develop Information Security Management Framework for II  R&D on II Security Technologies  Enhance Level of Information Security in Public / Private Sectors  Strengthen International Cooperation Activities Global Leader, e-Korea Global Leader, s-Korea

35 35 Well begun is half done !

Download ppt "1 Korea’s Approach to Network Security 21 May 2002 Cha, Yang-Shin Ministry of Information and Communication."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism

Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.

Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Computer Crimes and Security Professor Matt Thatcher.

Computer Crimes and Security Professor Matt Thatcher.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.

Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Computer Crimes and Abuses1 By: Saad Shwaileh. Computer Crimes and Abuses2 Outline Introduction. Computer crime and computer Abuse ? Types of Computer.

Computer Crimes and Abuses1 By: Saad Shwaileh. Computer Crimes and Abuses2 Outline Introduction. Computer crime and computer Abuse ? Types of Computer.

Similar presentations

Ads by Google