Download - Korea’s Approach to Network Security

1

Korea’s Approach to Network Korea’s Approach to Network SecuritySecurity

Korea’s Approach to Network Korea’s Approach to Network SecuritySecurity

21 May 2002

Cha, Yang-Shin

Ministry of Information and Communication

2

Advancement in the Information Society and New Threat

s

Information Infrastructure Protection Act

Information Infrastructure Protection Framework

Incident Prevention and Response

Other Activities

Future Policy Direction

ContentsContentsContentsContents

3

Advancement in the Information Society and New Threats

Advancement in the Information Society and New Threats

4

World’s Best Info-Communication Infrastructure and

Dramatic Increase of Internet Users

Connect Every Region of the Country with Info-Super-highway

Approximately 25 Million Internet Users (Dec. 2001)

More than 7.8 Million Broadband Subscribers (Dec. 2001)

1999.1 2000.8 2000.12 2001.12

Users(in thousands)

9,433 16,403 19,045 24,380

Percentage of Users

22.4 38.5 44.7 56.0

Rapid Growth in Information SocietyRapid Growth in Information SocietyRapid Growth in Information SocietyRapid Growth in Information Society

5

Increased Dependency on IT Systems

E-Government

E-Business

E-Education

E-Healthcare, etc.

Increased Interdependency

National Administration Network, Korean Education Network,

Online Banking, Electronic Commerce, etc.

Importance of the Information InfrastructureImportance of the Information InfrastructureImportance of the Information InfrastructureImportance of the Information Infrastructure

6

Hacking and Computer Virus Viruses, Trojan Horses, Logic Bombs, Internet worm

Manipulation or Destruction of Operating Systems, Application Software or Data

Manipulation by Insiders

Manipulation of Communication Links

Information Warfare, etc.

572

39,348

1,943

50,124

5,333

65,033

-

10,000

20,000

30,000

40,000

50,000

60,000

70,000

1999년 2000년 2001년

< Hacking & Computer Virus Incidents in '99 - '01 >

hacking incidents

Computer V irusesincidents

Challenges & Threats to the Information SocietyChallenges & Threats to the Information SocietyChallenges & Threats to the Information SocietyChallenges & Threats to the Information Society

7

Information Infrastructure Protection ActInformation Infrastructure Protection Act

8

MIC

Director General for Information Security

Cyber Crime Investigation bodies in Public Prosecutors’ office

Internet Crime Investigation Center, SPPO

Computer Crime Investigation Squad in 20 District PPO

KNPA

Cyber Terror Response Center

MoD, NIS, MoGHHA, etc

Korea Information Security Agency, etc

Legislation ( Background I ) Legislation ( Background I ) Legislation ( Background I ) Legislation ( Background I )

9

Facilities protected by Diverse Laws in each Sectors

Focused on Physical Protection

Insufficient Counter-Measures against Cyber-Attack

Outbreak of Cyber-Attacks on Internet Web-sites DoS Attack on Yahoo, CNN, e-Bay, etc. (Feb. 2000)

Enormous Econo-Social Damage due to Cyber-Attack

Legislation ( Background II )Legislation ( Background II )Legislation ( Background II )Legislation ( Background II )

Need for Overall Info-Communication Infrastructure Protection Initiatives

10

Developments

Ministerial Meeting on the Prevention of Cyber-Terrorism (Feb. 2000)

– Decided to Legislate a Law covering Comprehensive and

Systematic Information Infrastructure Protection and

Counter Measures against Cyber-Terrorism

Legislation Committee (Feb. 2000 to Dec. 2000)

Enactment of Information Infrastructure Protection Act (Jan. 2001)

Effective from July 2001

Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )Information Infrastructure Protection Act ( 1 )

Framework for II Protection

11

Outlines

Establish Governmental Framework for Information Infrastructure

Protection

– Committee on Protection of Information Infrastructure

– CII Related Ministries

– Infrastructure Management Bodies

Protection Measures

– Selection and designation of CII

– Vulnerability Assessment => Protection Measures & Plans

Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 ) Information Infrastructure Protection Act ( 2 )

12

Outlines (Cont.)

Prevention & Response

– Prevention : Security Guideline, Protection Measures

– Response : Security Warning, Recovery

Technical Support

Development of Technologies

International Cooperation

Severer Punishment for Cyber Crimes against II

Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 ) Information Infrastructure Protection Act ( 3 )

13



14

Committee on the Protection of Information Infrastructure

Chair : Prime Minister

Members : Ministers related to CII

Mission : Deliberation and Coordination of Selection of CII and

Security Plans and Policies

Ministers related to CII

Designation of CII, Establishment of Security Plan

Security Guidelines, Demand/Recommendation of Security Measures

Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )Overall Government Protection Framework ( 1 )

15

CII Management bodies

Vulnerability Assessment, Security Measures

Cyber Incidents Prevention and Response

Technical Supporting bodies Accredited Vulnerability Assessment bodies

KISA

ETRI

Information Security Consulting Service Providers

Technical support in vulnerability assessment, Security Measures

Implementation, Prevention and Response

Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )Overall Government Protection Framework ( 2 )

16

Designation of CII ( 1 )Designation of CII ( 1 )Designation of CII ( 1 )Designation of CII ( 1 )

Information Infrastructure

Electronic Control and Management Systems

Information Systems and Communication Networks, etc.

Critical Information Infrastructure

Have Major Impact on National, Economic and Social Security

Designated by Ministers through Committee on the Protection of

Information Infrastructure

17

Designation of CII ( 2 )Designation of CII ( 2 )Designation of CII ( 2 )Designation of CII ( 2 )

Criteria for Selection

Importance of its Service to the People and Nation

Reliance on CII in Performing its Missions

Interconnection with other Information and Communication

Infrastructures

Scope of Impact on the Defense or Economic Security

High Incidence, Difficulties of Efforts Needed for the Restoration

18

Vulnerability Assessment Vulnerability Assessment Vulnerability Assessment Vulnerability Assessment

Who

CII Management Body

When

Within 6 Months after the Designation of CII

Re-Assessment in Every Other Year

How Assessment by Infrastructure Management Body by assistance of

Technical Supporting bodies

Technical Supporting bodies

KISA, ETRI, Information Security Consulting Service Provider

19

Plan & Measures for Protection Plan & Measures for Protection Plan & Measures for Protection Plan & Measures for Protection

Infrastructure Management Body

After the Assessment, Develop Security Measures

Submit Security measures to the Ministry Concerned

Ministries

Combine Individual Infrastructure Protection Measures to form a

Security Plan under their Jurisdiction

Committee on the Protection of Information Infrastructure

Review and Coordinate Security Plans Developed by Ministers

20

Support ( 1 )Support ( 1 )Support ( 1 )Support ( 1 )

Korea Information Security Agency(KISA)

Develop and Disseminate Information Security Guideline

– Used by Infrastructure Management Bodies and Industries

Vulnerability Assessment

Develop Security Measures, Provide Technical Support for

Prevention and Recovery

Develop and Disseminate II Security Technology

21


Information Security Consulting Service Provider(ISCSP)

Authorized by MIC to Provide Consulting Service regarding Vulnerability

Assessment and Security Measure on CII

Designation Requirements

– More than 15 Qualified Technical Engineers

– Capital greater than 2 Billion KRW (USD 1.5 M)

– Equipments provided in Presidential Decree

22


Information Sharing and Analysis Center(ISAC)

Prevention and Response to Incidents in Specific Sectors such as

Financial or Telecommunication

Mission

– Real-Time Warning and Analysis on Incidents

– Provide Information on Vulnerabilities and Countermeasures

– Vulnerability Assessment if Accredited by MIC

Telecommunication ISAC established, Financial ISAC to be

formed soon

23

Incident Prevention and ResponseIncident Prevention and Response

24

Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 ) Incident Response and Recovery ( 1 )

Incident Response

Self Response by Infrastructure Management Body

– Report to Minister, KISA or Investigation Offices

If Necessary, Request for Technical Assistance from Technical Supporting bodies

such as KISA, ETRI

For Large Scale Incidents, Establish Temporary Incident Response Headquarters

25

Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )Incident Response and Recovery ( 2 )

Recovery

Prompt and Necessary Steps to Restore and Protect CII

If necessary, Request for Technical Assistance from KISA


Share Information on Vulnerability and Incident Responses

(FIRST, APSIRC, etc)

Collaborative Incident Investigation

26

Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )Incident Response and Recovery ( 3 )

Incident Response Headquarters

Established Temporarily, When Large Scale Incidents occurs,

by the Chairman of the Committee on the Protection of Information

Infrastructure

Mission

– Emergency Response, Technical Assistance and Recovery

Members

– Chief : Appointed by the Chairman(the Prime Minister)

– Members : Government Officers from the CII related Ministries, Civil

Specialists for IT Security

27

Offences and PenaltiesOffences and PenaltiesOffences and PenaltiesOffences and Penalties

Disrupt, Paralyze and Destroy Critical Information

Infrastructure by

Unauthorized Access to CII, or Fabrication, Destruction, etc., in excess of

his or her authority.

Installation of Malicious Programs/Code

Denial of Service Attack

=> Imprisonment for 10 Years or a Fine of 100 Million Won

Incidents against Ordinary Information Systems

Imprisonment for 5 years or a fine of 50 Million Won

28

CII Protection related ActivitiesCII Protection related ActivitiesCII Protection related ActivitiesCII Protection related Activities

Nov. 2001, 9 Companies were Accredited as ISCSPs

Dec. 2001, First Meeting of the Committee on Protection of the Information Infrastructure Meeting

Designated 23 Infrastructures under 4 Ministries as CIIs

– MIC, MoGAHA, MoFA, MoHW

First half of 2002

Vulnerability Assessment and Development of Security Measures for CIIs

under way

Develop Security Plans for 2003

2nd Designation of CIIs(Financial, Industrial Support Sectors)

29

Other ActivitiesOther Activities

30

Other Activities ( 1 )Other Activities ( 1 )Other Activities ( 1 )Other Activities ( 1 )

Prevention and Awareness Program(MIC, KISA)

Operation of Anti-Hacking & Virus Consulting Center

Remote Vulnerability Assessment

“Anti-Hacking & Virus Day” (15th of Every Month)

Develop & Disseminate Security and Response Guidelines

Education & Training for Managers(Schools, PC Room, Small & Mi

ddle Sized Companies)

Early Warning & Alert System (e-WAS) (being developed)

31

Other Activities ( 2 )Other Activities ( 2 )Other Activities ( 2 )Other Activities ( 2 )

Develop Cyber-Terror Prevention Technology

E-WAS and Secure Messenger

Real-Time Scan Detector(RTSD)

Develop Vulnerability Assessment and Intrusion Detection Tools

=> Build Vulnerability DB

Foster Industry

Develop and Disseminate Information Security Technologies

Information Security Industry Support Center(Test-Bed)

32

Other Activities(3)Other Activities(3)Other Activities(3)Other Activities(3)


Participate in International Meetings including OECD, APEC, ITU

– Measures for Enhancing Information and Network Security

– Exchange of information with Regard to Policies and Practices

– Frameworks for Security Information Sharing

– Raise Awareness of Security by Education & Training

Cross-border Information sharing on Incidents and Responses

Promotion of International Cooperation on Cyber-Terror Prevention

Technologies

Cooperation on Cyber-Terror Investigation

33

Future Policy DirectionFuture Policy Direction

34

Future Policy DirectionFuture Policy DirectionFuture Policy DirectionFuture Policy Direction

Continue to Improve and Develop Information Security Management

Framework for II

R&D on II Security Technologies

Enhance Level of Information Security in Public / Private Sectors

Strengthen International Cooperation Activities

Global Leader, e-KoreaGlobal Leader, s-Korea

35

Well begun is half done !