Korea’s Approach to Network Security Korea ’ s Approach to Network Security
advertisement
Korea ’s Approach Korea’s Approach to to Network Network Security Security 21 May 2002 Cha, Yang-Shin Ministry of Information and Communication 1 Contents Contents q Advancement in the Information Society and New Threats q Information Infrastructure Protection Act q Information Infrastructure Protection Framework q Incident Prevention and Response q Other Activities q Future Policy Direction 2 Advancement Advancement in in the the Information Information Society Society and and New New Threats Threats 3 Rapid Rapid Growth Growth in in Information Information Society Society q World’s Best Info-Communication Infrastructure and Dramatic Increase of Internet Users š Connect Every Region of the Country with Info-Super-highway š Approximately 25 Million Internet Users (Dec. 2001) Users (in thousands) Percentage of Users 1999.1 2000.8 2000.12 2001.12 9,433 16,403 19,045 24,380 22.4 38.5 44.7 56.0 š More than 7.8 Million Broadband Subscribers (Dec. 2001) 4 Importance Importanceof ofthe theInformation InformationInfrastructure Infrastructure q Increased Dependency on IT Systems ¡ E-Government ¡ E-Business ¡ E-Education ¡ E-Healthcare, etc. q Increased Interdependency ¡ National Administration Network, Korean Education Network, Online Banking, Electronic Commerce, etc. 5 Challenges Challenges& &Threats Threatsto tothe theInformation InformationSociety Society q Hacking and Computer Virus ¡ Viruses, Trojan Horses, Logic Bombs, Internet worm q Manipulation or Destruction of Operating Systems, Application Software or Data q Manipulation by Insiders q Manipulation of Communication Links q Information Warfare, etc. < Hacking & Computer Virus Incidents in ' 9 9 - ' 0 1 > 65,033 70,000 60,000 50,000 50,124 hacking incidents 39,348 40,000 Computer Viruses incidents 30,000 20,000 10,000 - 572 1999? 1,943 2000? 5,333 2001? 6 Information Information Infrastructure Infrastructure Protection Protection Act Act 7 Legislation Legislation((Background Background II)) q MIC š Director General for Information Security q Cyber Crime Investigation bodies in Public Prosecutors’ office ¡ Internet Crime Investigation Center, SPPO ¡ Computer Crime Investigation Squad in 20 District PPO q KNPA ¡ Cyber Terror Response Center q MoD, NIS, MoGHHA, etc q Korea Information Security Agency, etc 8 Legislation Legislation((Background Background II II)) q Facilities protected by Diverse Laws in each Sectors ¡ Focused on Physical Protection ¡ Insufficient Counter-Measures against Cyber-Attack q Outbreak of Cyber-Attacks on Internet Web-sites ¡ DoS Attack on Yahoo, CNN, e-Bay, etc. (Feb. 2000) q Enormous Econo-Social Damage due to Cyber-Attack Need for Overall Info-Communication Infrastructure Protection Initiatives 9 Information InformationInfrastructure InfrastructureProtection ProtectionAct Act((11)) q Developments ¡ Ministerial Meeting on the Prevention of Cyber-Terrorism (Feb. 2000) – Decided to Legislate a Law covering Comprehensive and Systematic Information Infrastructure Protection and Counter Measures against Cyber-Terrorism ¡ Legislation Committee (Feb. 2000 to Dec. 2000) ¡ Enactment of Information Infrastructure Protection Act (Jan. 2001) ¡ Effective from July 2001 Framework for II Protection 10 Information InformationInfrastructure InfrastructureProtection ProtectionAct Act((22)) q Outlines ¡ Establish Governmental Framework for Information Infrastructure Protection – Committee on Protection of Information Infrastructure – CII Related Ministries – Infrastructure Management Bodies ¡ Protection Measures – Selection and designation of CII – Vulnerability Assessment => Protection Measures & Plans 11 Information InformationInfrastructure InfrastructureProtection ProtectionAct Act((33)) q Outlines (Cont.) ¡ Prevention & Response – Prevention : Security Guideline, Protection Measures – Response : Security Warning, Recovery ¡ Technical Support ¡ Development of Technologies ¡ International Cooperation ¡ Severer Punishment for Cyber Crimes against II 12 Information Information Infrastructure Infrastructure Protection Protection Framework Framework 13 Overall OverallGovernment GovernmentProtection ProtectionFramework Framework((11)) q Committee on the Protection of Information Infrastructure ¡ Chair : Prime Minister ¡ Members : Ministers related to CII ¡ Mission : Deliberation and Coordination of Selection of CII and Security Plans and Policies q Ministers related to CII ¡ Designation of CII, Establishment of Security Plan ¡ Security Guidelines, Demand/Recommendation of Security Measures 14 Overall OverallGovernment GovernmentProtection ProtectionFramework Framework((22)) q CII Management bodies ¡ Vulnerability Assessment, Security Measures ¡ Cyber Incidents Prevention and Response q Technical Supporting bodies ¡ Accredited Vulnerability Assessment bodies − KISA − ETRI − Information Security Consulting Service Providers ¡ Technical support in vulnerability assessment, Security Measures Implementation, Prevention and Response 15 Designation Designationof ofCII CII((11)) q Information Infrastructure ¡ Electronic Control and Management Systems ¡ Information Systems and Communication Networks, etc. q Critical Information Infrastructure ¡ Have Major Impact on National, Economic and Social Security ¡ Designated by Ministers through Committee on the Protection of Information Infrastructure 16 Designation Designationof ofCII CII((22)) q Criteria for Selection ¡ Importance of its Service to the People and Nation ¡ Reliance on CII in Performing its Missions ¡ Interconnection with other Information and Communication Infrastructures ¡ Scope of Impact on the Defense or Economic Security ¡ High Incidence, Difficulties of Efforts Needed for the Restoration 17 Vulnerability VulnerabilityAssessment Assessment q Who ¡ CII Management Body q When ¡ Within 6 Months after the Designation of CII ¡ Re-Assessment in Every Other Year q How ¡ Assessment by Infrastructure Management Body by assistance of Technical Supporting bodies ¡ Technical Supporting bodies − KISA, ETRI, Information Security Consulting Service Provider 18 Plan Plan& &Measures Measuresfor forProtection Protection q Infrastructure Management Body ¡ After the Assessment, Develop Security Measures ¡ Submit Security measures to the Ministry Concerned q Ministries ¡ Combine Individual Infrastructure Protection Measures to form a Security Plan under their Jurisdiction q Committee on the Protection of Information Infrastructure ¡ Review and Coordinate Security Plans Developed by Ministers 19 Support Support((11)) q Korea Information Security Agency(KISA) ¡ Develop and Disseminate Information Security Guideline – Used by Infrastructure Management Bodies and Industries ¡ Vulnerability Assessment ¡ Develop Security Measures, Provide Technical Support for Prevention and Recovery ¡ Develop and Disseminate II Security Technology 20 Support Support((22)) q Information Security Consulting Service Provider(ISCSP) ¡ Authorized by MIC to Provide Consulting Service regarding Vulnerability Assessment and Security Measure on CII ¡ Designation Requirements – More than 15 Qualified Technical Engineers – Capital greater than 2 Billion KRW (USD 1.5 M) – Equipments provided in Presidential Decree 21 Support Support((33)) q Information Sharing and Analysis Center(ISAC) ¡ Prevention and Response to Incidents in Specific Sectors such as Financial or Telecommunication ¡ Mission – Real-Time Warning and Analysis on Incidents – Provide Information on Vulnerabilities and Countermeasures – Vulnerability Assessment if Accredited by MIC ¡ Telecommunication ISAC established, Financial ISAC to be formed soon 22 Incident Incident Prevention Prevention and and Response Response 23 Incident IncidentResponse Responseand andRecovery Recovery((11)) q Incident Response ¡ Self Response by Infrastructure Management Body – Report to Minister, KISA or Investigation Offices ¡ If Necessary, Request for Technical Assistance from Technical Supporting bodies such as KISA, ETRI ¡ For Large Scale Incidents, Establish Temporary Incident Response Headquarters 24 Incident IncidentResponse Responseand andRecovery Recovery((22)) q Recovery ¡ Prompt and Necessary Steps to Restore and Protect CII ¡ If necessary, Request for Technical Assistance from KISA q International Cooperation ¡ Share Information on Vulnerability and Incident Responses (FIRST, APSIRC, etc) ¡ Collaborative Incident Investigation 25 Incident IncidentResponse Responseand andRecovery Recovery((33)) q Incident Response Headquarters ¡ Established Temporarily, When Large Scale Incidents occurs, by the Chairman of the Committee on the Protection of Information Infrastructure ¡ Mission – Emergency Response, Technical Assistance and Recovery ¡ Members – Chief : Appointed by the Chairman(the Prime Minister) – Members : Government Officers from the CII related Ministries, Civil Specialists for IT Security 26 Offences Offencesand andPenalties Penalties q Disrupt, Paralyze and Destroy Critical Information Infrastructure by ¡ Unauthorized Access to CII, or Fabrication, Destruction, etc., in excess of his or her authority. ¡ Installation of Malicious Programs/Code ¡ Denial of Service Attack => Imprisonment for 10 Years or a Fine of 100 Million Won q Incidents against Ordinary Information Systems ¡ Imprisonment for 5 years or a fine of 50 Million Won 27 CII CII Protection Protection related related Activities Activities q Nov. 2001, 9 Companies were Accredited as ISCSPs q Dec. 2001, First Meeting of the Committee on Protection of the Information Infrastructure Meeting ¡ Designated 23 Infrastructures under 4 Ministries as CIIs – MIC, MoGAHA, MoFA, MoHW q First half of 2002 ¡ Vulnerability Assessment and Development of Security Measures for CIIs under way ¡ Develop Security Plans for 2003 ¡ 2nd Designation of CIIs(Financial, Industrial Support Sectors) 28 Other Other Activities Activities 29 Other OtherActivities Activities((11)) q Prevention and Awareness Program(MIC, KISA) ¡ Operation of Anti-Hacking & Virus Consulting Center ¡ Remote Vulnerability Assessment ¡ “Anti-Hacking & Virus Day” (15th of Every Month) ¡ Develop & Disseminate Security and Response Guidelines ¡ Education & Training for Managers(Schools, PC Room, Small & Middle Sized Companies) ¡ Early Warning & Alert System (e-WAS) (being developed) 30 Other OtherActivities Activities((22)) q Develop Cyber-Terror Prevention Technology ¡ E-WAS and Secure Messenger ¡ Real-Time Scan Detector(RTSD) ¡ Develop Vulnerability Assessment and Intrusion Detection Tools => Build Vulnerability DB q Foster Industry ¡ Develop and Disseminate Information Security Technologies ¡ Information Security Industry Support Center(Test-Bed) 31 Other OtherActivities(3) Activities(3) q International Cooperation ¡ Participate in International Meetings including OECD, APEC, ITU – Measures for Enhancing Information and Network Security – Exchange of information with Regard to Policies and Practices – Frameworks for Security Information Sharing – Raise Awareness of Security by Education & Training ¡ Cross-border Information sharing on Incidents and Responses ¡ Promotion of International Cooperation on Cyber-Terror Prevention Technologies ¡ Cooperation on Cyber-Terror Investigation 32 Future Future Policy Policy Direction Direction 33 Future FuturePolicy PolicyDirection Direction q Continue to Improve and Develop Information Security Management Framework for II q R&D on II Security Technologies q Enhance Level of Information Security in Public / Private Sectors q Strengthen International Cooperation Activities Global Leader, e-Korea Global Leader, s-Korea 34 Well begun is half done ! 35
