1 korea’s approach to network security 21 may 2002 cha, yang-shin ministry of information and...
TRANSCRIPT
1
Korea’s Approach to Network Korea’s Approach to Network SecuritySecurity
Korea’s Approach to Network Korea’s Approach to Network SecuritySecurity
21 May 2002
Cha, Yang-Shin
Ministry of Information and Communication
2
Advancement in the Information Society and New Threat
s
Information Infrastructure Protection Act
Information Infrastructure Protection Framework
Incident Prevention and Response
Other Activities
Future Policy Direction
ContentsContentsContentsContents
3
Advancement in the Information Society and New Threats
Advancement in the Information Society and New Threats
4
World’s Best Info-Communication Infrastructure and
Dramatic Increase of Internet Users
Connect Every Region of the Country with Info-Super-highway
Approximately 25 Million Internet Users (Dec. 2001)
More than 7.8 Million Broadband Subscribers (Dec. 2001)
1999.1 2000.8 2000.12 2001.12
Users(in thousands)
9,433 16,403 19,045 24,380
Percentage of Users
22.4 38.5 44.7 56.0
Rapid Growth in Information SocietyRapid Growth in Information SocietyRapid Growth in Information SocietyRapid Growth in Information Society
5
Increased Dependency on IT Systems
E-Government
E-Business
E-Education
E-Healthcare, etc.
Increased Interdependency
National Administration Network, Korean Education Network,
Online Banking, Electronic Commerce, etc.
Importance of the Information InfrastructureImportance of the Information InfrastructureImportance of the Information InfrastructureImportance of the Information Infrastructure
6
Hacking and Computer Virus Viruses, Trojan Horses, Logic Bombs, Internet worm
Manipulation or Destruction of Operating Systems, Application Software or Data
Manipulation by Insiders
Manipulation of Communication Links
Information Warfare, etc.
572
39,348
1,943
50,124
5,333
65,033
-
10,000
20,000
30,000
40,000
50,000
60,000
70,000
1999년 2000년 2001년
< Hacking & Computer Virus Incidents in '99 - '01 >
hacking incidents
Computer V irusesincidents
Challenges & Threats to the Information SocietyChallenges & Threats to the Information SocietyChallenges & Threats to the Information SocietyChallenges & Threats to the Information Society
7
Information Infrastructure Protection ActInformation Infrastructure Protection Act
8
MIC
Director General for Information Security
Cyber Crime Investigation bodies in Public Prosecutors’ office
Internet Crime Investigation Center, SPPO
Computer Crime Investigation Squad in 20 District PPO
KNPA
Cyber Terror Response Center
MoD, NIS, MoGHHA, etc
Korea Information Security Agency, etc
Legislation ( Background I ) Legislation ( Background I ) Legislation ( Background I ) Legislation ( Background I )
9
Facilities protected by Diverse Laws in each Sectors
Focused on Physical Protection
Insufficient Counter-Measures against Cyber-Attack
Outbreak of Cyber-Attacks on Internet Web-sites DoS Attack on Yahoo, CNN, e-Bay, etc. (Feb. 2000)
Enormous Econo-Social Damage due to Cyber-Attack
Legislation ( Background II )Legislation ( Background II )Legislation ( Background II )Legislation ( Background II )
Need for Overall Info-Communication Infrastructure Protection Initiatives
10
Developments
Ministerial Meeting on the Prevention of Cyber-Terrorism (Feb. 2000)
– Decided to Legislate a Law covering Comprehensive and
Systematic Information Infrastructure Protection and
Counter Measures against Cyber-Terrorism
Legislation Committee (Feb. 2000 to Dec. 2000)
Enactment of Information Infrastructure Protection Act (Jan. 2001)
Effective from July 2001
Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )
Framework for II Protection
11
Outlines
Establish Governmental Framework for Information Infrastructure
Protection
– Committee on Protection of Information Infrastructure
– CII Related Ministries
– Infrastructure Management Bodies
Protection Measures
– Selection and designation of CII
– Vulnerability Assessment => Protection Measures & Plans
Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 )
12
Outlines (Cont.)
Prevention & Response
– Prevention : Security Guideline, Protection Measures
– Response : Security Warning, Recovery
Technical Support
Development of Technologies
International Cooperation
Severer Punishment for Cyber Crimes against II
Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 )
13
Information Infrastructure Protection Framework
Information Infrastructure Protection Framework
14
Committee on the Protection of Information Infrastructure
Chair : Prime Minister
Members : Ministers related to CII
Mission : Deliberation and Coordination of Selection of CII and
Security Plans and Policies
Ministers related to CII
Designation of CII, Establishment of Security Plan
Security Guidelines, Demand/Recommendation of Security Measures
Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )
15
CII Management bodies
Vulnerability Assessment, Security Measures
Cyber Incidents Prevention and Response
Technical Supporting bodies Accredited Vulnerability Assessment bodies
KISA
ETRI
Information Security Consulting Service Providers
Technical support in vulnerability assessment, Security Measures
Implementation, Prevention and Response
Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )
16
Designation of CII ( 1 )Designation of CII ( 1 )Designation of CII ( 1 )Designation of CII ( 1 )
Information Infrastructure
Electronic Control and Management Systems
Information Systems and Communication Networks, etc.
Critical Information Infrastructure
Have Major Impact on National, Economic and Social Security
Designated by Ministers through Committee on the Protection of
Information Infrastructure
17
Designation of CII ( 2 )Designation of CII ( 2 )Designation of CII ( 2 )Designation of CII ( 2 )
Criteria for Selection
Importance of its Service to the People and Nation
Reliance on CII in Performing its Missions
Interconnection with other Information and Communication
Infrastructures
Scope of Impact on the Defense or Economic Security
High Incidence, Difficulties of Efforts Needed for the Restoration
18
Vulnerability Assessment Vulnerability Assessment Vulnerability Assessment Vulnerability Assessment
Who
CII Management Body
When
Within 6 Months after the Designation of CII
Re-Assessment in Every Other Year
How Assessment by Infrastructure Management Body by assistance of
Technical Supporting bodies
Technical Supporting bodies
KISA, ETRI, Information Security Consulting Service Provider
19
Plan & Measures for Protection Plan & Measures for Protection Plan & Measures for Protection Plan & Measures for Protection
Infrastructure Management Body
After the Assessment, Develop Security Measures
Submit Security measures to the Ministry Concerned
Ministries
Combine Individual Infrastructure Protection Measures to form a
Security Plan under their Jurisdiction
Committee on the Protection of Information Infrastructure
Review and Coordinate Security Plans Developed by Ministers
20
Support ( 1 )Support ( 1 )Support ( 1 )Support ( 1 )
Korea Information Security Agency(KISA)
Develop and Disseminate Information Security Guideline
– Used by Infrastructure Management Bodies and Industries
Vulnerability Assessment
Develop Security Measures, Provide Technical Support for
Prevention and Recovery
Develop and Disseminate II Security Technology
21
Support ( 2 )Support ( 2 )Support ( 2 )Support ( 2 )
Information Security Consulting Service Provider(ISCSP)
Authorized by MIC to Provide Consulting Service regarding Vulnerability
Assessment and Security Measure on CII
Designation Requirements
– More than 15 Qualified Technical Engineers
– Capital greater than 2 Billion KRW (USD 1.5 M)
– Equipments provided in Presidential Decree
22
Support ( 3 )Support ( 3 )Support ( 3 )Support ( 3 )
Information Sharing and Analysis Center(ISAC)
Prevention and Response to Incidents in Specific Sectors such as
Financial or Telecommunication
Mission
– Real-Time Warning and Analysis on Incidents
– Provide Information on Vulnerabilities and Countermeasures
– Vulnerability Assessment if Accredited by MIC
Telecommunication ISAC established, Financial ISAC to be
formed soon
23
Incident Prevention and ResponseIncident Prevention and Response
24
Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 )
Incident Response
Self Response by Infrastructure Management Body
– Report to Minister, KISA or Investigation Offices
If Necessary, Request for Technical Assistance from Technical Supporting bodies
such as KISA, ETRI
For Large Scale Incidents, Establish Temporary Incident Response Headquarters
25
Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )
Recovery
Prompt and Necessary Steps to Restore and Protect CII
If necessary, Request for Technical Assistance from KISA
International Cooperation
Share Information on Vulnerability and Incident Responses
(FIRST, APSIRC, etc)
Collaborative Incident Investigation
26
Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )
Incident Response Headquarters
Established Temporarily, When Large Scale Incidents occurs,
by the Chairman of the Committee on the Protection of Information
Infrastructure
Mission
– Emergency Response, Technical Assistance and Recovery
Members
– Chief : Appointed by the Chairman(the Prime Minister)
– Members : Government Officers from the CII related Ministries, Civil
Specialists for IT Security
27
Offences and PenaltiesOffences and PenaltiesOffences and PenaltiesOffences and Penalties
Disrupt, Paralyze and Destroy Critical Information
Infrastructure by
Unauthorized Access to CII, or Fabrication, Destruction, etc., in excess of
his or her authority.
Installation of Malicious Programs/Code
Denial of Service Attack
=> Imprisonment for 10 Years or a Fine of 100 Million Won
Incidents against Ordinary Information Systems
Imprisonment for 5 years or a fine of 50 Million Won
28
CII Protection related ActivitiesCII Protection related ActivitiesCII Protection related ActivitiesCII Protection related Activities
Nov. 2001, 9 Companies were Accredited as ISCSPs
Dec. 2001, First Meeting of the Committee on Protection of the Information Infrastructure Meeting
Designated 23 Infrastructures under 4 Ministries as CIIs
– MIC, MoGAHA, MoFA, MoHW
First half of 2002
Vulnerability Assessment and Development of Security Measures for CIIs
under way
Develop Security Plans for 2003
2nd Designation of CIIs(Financial, Industrial Support Sectors)
29
Other ActivitiesOther Activities
30
Other Activities ( 1 )Other Activities ( 1 )Other Activities ( 1 )Other Activities ( 1 )
Prevention and Awareness Program(MIC, KISA)
Operation of Anti-Hacking & Virus Consulting Center
Remote Vulnerability Assessment
“Anti-Hacking & Virus Day” (15th of Every Month)
Develop & Disseminate Security and Response Guidelines
Education & Training for Managers(Schools, PC Room, Small & Mi
ddle Sized Companies)
Early Warning & Alert System (e-WAS) (being developed)
31
Other Activities ( 2 )Other Activities ( 2 )Other Activities ( 2 )Other Activities ( 2 )
Develop Cyber-Terror Prevention Technology
E-WAS and Secure Messenger
Real-Time Scan Detector(RTSD)
Develop Vulnerability Assessment and Intrusion Detection Tools
=> Build Vulnerability DB
Foster Industry
Develop and Disseminate Information Security Technologies
Information Security Industry Support Center(Test-Bed)
32
Other Activities(3)Other Activities(3)Other Activities(3)Other Activities(3)
International Cooperation
Participate in International Meetings including OECD, APEC, ITU
– Measures for Enhancing Information and Network Security
– Exchange of information with Regard to Policies and Practices
– Frameworks for Security Information Sharing
– Raise Awareness of Security by Education & Training
Cross-border Information sharing on Incidents and Responses
Promotion of International Cooperation on Cyber-Terror Prevention
Technologies
Cooperation on Cyber-Terror Investigation
33
Future Policy DirectionFuture Policy Direction
34
Future Policy DirectionFuture Policy DirectionFuture Policy DirectionFuture Policy Direction
Continue to Improve and Develop Information Security Management
Framework for II
R&D on II Security Technologies
Enhance Level of Information Security in Public / Private Sectors
Strengthen International Cooperation Activities
Global Leader, e-KoreaGlobal Leader, s-Korea
35
Well begun is half done !