[go: up one dir, main page]

WO2023158111A1 - Système de gestion de cybersécurité pour navire de surface autonome maritime - Google Patents

Système de gestion de cybersécurité pour navire de surface autonome maritime Download PDF

Info

Publication number
WO2023158111A1
WO2023158111A1 PCT/KR2023/000729 KR2023000729W WO2023158111A1 WO 2023158111 A1 WO2023158111 A1 WO 2023158111A1 KR 2023000729 W KR2023000729 W KR 2023000729W WO 2023158111 A1 WO2023158111 A1 WO 2023158111A1
Authority
WO
WIPO (PCT)
Prior art keywords
security management
network
management system
cyber security
autonomous
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2023/000729
Other languages
English (en)
Korean (ko)
Inventor
최성민
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange Security Co Ltd
Original Assignee
Orange Security Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange Security Co Ltd filed Critical Orange Security Co Ltd
Publication of WO2023158111A1 publication Critical patent/WO2023158111A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • One embodiment of the present invention relates to a cyber security management system for an autonomous vessel.
  • VSAT fast satellite communication
  • a general ship cyber security management system has a basic network structure of a digital ship (smart ship) and an autonomous navigation system.
  • a general ship cyber security management system sets up a logical network configuration using a hub switch. It has a structure in which cyber attacks generated in IT networks can easily propagate to autonomous navigation systems and OT networks. In the general ship cyber security management system, it is difficult to check whether the OT system is abnormal until a direct failure occurs.
  • This embodiment integrates and monitors the IT (Information Technology) network and the OT (Operational Technology) network of the autonomous ship in order to manage the cyber security of the autonomous ship, and when a cyber attack occurs, both the IT network and the OT network are monitored. It aims to provide a cyber security management system for autonomous vessels that protects and simplifies onboard operations while complying with maritime security regulations to prevent cyber attacks from spreading.
  • IT Information Technology
  • OT Operaational Technology
  • the data collection unit for generating collected data by collecting transmission and reception data for a plurality of networks in the autonomous vessel; a cyber attack identification unit that analyzes the collected data and checks whether a cyber attack or abnormal traffic to one or more networks among the plurality of networks is detected; and a cyber attack blocking unit blocking the cyber attack or the network in which the abnormal traffic is detected among the plurality of networks.
  • FIG. 1 is a block diagram schematically illustrating an autonomous ship cyber security management system according to an embodiment.
  • FIG. 2 is a block diagram schematically showing an apparatus for managing cyber security for an autonomous vessel according to the present embodiment.
  • FIG. 3 is a diagram showing the functions of the cyber security management system according to the present embodiment.
  • FIG. 4 is a diagram showing the configuration of a cyber security management system according to this embodiment.
  • FIG. 5 is a diagram showing a risk evaluation matrix according to the present embodiment.
  • 6a, 6b, and 6c are diagrams illustrating impact (importance) indexes according to the present embodiment.
  • 7a and 7b are diagrams showing probability indexes according to this embodiment.
  • FIG. 8 is a diagram showing a threat list according to the present embodiment.
  • FIG. 9 is a diagram showing vulnerability scores according to this embodiment.
  • FIG. 10 is a diagram illustrating an account extortion scenario among risk scenarios according to the present embodiment.
  • FIG. 11 is a diagram illustrating a privilege abuse scenario among risk scenarios according to the present embodiment.
  • FIG. 12 is a diagram illustrating information tampering/altering scenarios among risk scenarios according to the present embodiment.
  • FIG. 13 is a diagram illustrating an information leakage scenario among risk scenarios according to the present embodiment.
  • FIG. 14 is a diagram illustrating an unauthorized person access scenario among risk scenarios according to the present embodiment.
  • 15 is a diagram illustrating an unauthorized USB use scenario among risk scenarios according to the present embodiment.
  • 16 is a diagram illustrating an illegal SW installation scenario among risk scenarios according to the present embodiment.
  • 17 is a diagram showing a DDOS scenario among risk scenarios according to the present embodiment.
  • FIG. 18 is a diagram illustrating an unauthorized terminal scenario among risk scenarios according to the present embodiment.
  • 19 is a diagram showing a malicious code scenario among risk scenarios according to the present embodiment.
  • 20 is a diagram illustrating a malicious action scenario among risk scenarios according to the present embodiment.
  • 21 is a diagram illustrating a personal information abuse scenario among risk scenarios according to the present embodiment.
  • 22 is a diagram illustrating a denial of infringement scenario among risk scenarios according to the present embodiment.
  • FIG. 23 is a diagram illustrating an operation mistake scenario among risk scenarios according to the present embodiment.
  • 24 is a diagram illustrating a hardware failure scenario among risk scenarios according to the present embodiment.
  • 25 is a diagram illustrating a power outage scenario among risk scenarios according to the present embodiment.
  • FIG. 1 is a block diagram schematically illustrating an autonomous ship cyber security management system according to an embodiment.
  • the autonomous ship cyber security management system 100 is mounted in a ship.
  • the autonomous ship cyber security management system 100 refers to a system for evaluating or managing cyber security according to regulations corresponding to autonomous ships.
  • the autonomous ship cyber security management system 100 manages cyber security for the IT network 120 and the OT network 150 as well as the crew network 130 .
  • the autonomous vessel cyber security management system 100 generates a cyber security evaluation result that evaluates the cyber security risk for the router 108, the IT network 120, the OT network 150, and the crew network 130 .
  • the autonomous ship cyber security management system 100 manages the security of the router 108, the IT network 120, the OT network 150, and the crew network 130 based on the cyber security evaluation result.
  • the autonomous ship cyber security management system 100 is applied to a special environment of a ship to provide a solution capable of performing satellite communication, responding to situations in which additional technical support is not received, and various adverse conditions.
  • the autonomous ship cyber security management system 100 predicts cyber attacks (threats) on autonomous ships in advance using AI by combining AI or cloud big data.
  • the autonomous ship cyber security management system 100 analyzes cyber attacks (threats) on autonomous ships using cloud big data.
  • the autonomous vessel cyber security management system 100 provides risk scenarios that can be selected according to constraints, since there are many cases when evaluating risks for cyber security. For example, the autonomous ship cyber security management system 100 provides a scenario in a manner of confirming whether the cause is infiltration by an outsider or email by an insider based on a result of a malicious code destroying specific information.
  • the autonomous ship cyber security management system 100 provides a risk scenario when a cyber attack occurs on an autonomous ship, so that a captain or crew member operating the ship can select a risk scenario corresponding to the ship.
  • the autonomous ship cyber security management system 100 controls the navigation system by itself, and controls and monitors the ship remotely from land.
  • the autonomous ship cyber security management system 100 is exposed to cyber threats because the land and the ship are constantly connected.
  • the autonomous ship cyber security management system 100 monitors and controls an IT network 120 , a crewman network 130 , and an OT network 150 .
  • the autonomous vessel cyber security management system (100) blocks the propagation of cyber attacks between networks when individual cyber attacks occur in the IT network (120), the crew network (130), and the OT network (150), thereby preventing navigation accidents caused by cyber attacks. prevent.
  • the autonomous vessel cyber security management system 100 integrates and manages the vessel's internal IT network 120 and the OT network 150.
  • the autonomous vessel cyber security management system 100 installs an agent program in the IT network 120 and installs a traffic detection sensor in the OT network 150 to collect and monitor all network traffic generated in the vessel.
  • the autonomous vessel cyber security management system includes a cyber security management device 110, an IT network 120, a crew member network 130, an autonomous navigation device 140, and an OT network 150.
  • the cyber security management device 110 communicates with a Very Small Aperture Terminal (VSAT) that communicates with a satellite via a router.
  • VSAT Very Small Aperture Terminal
  • the cyber security management device 110 checks whether a cyber attack occurs during communication with the VSAT.
  • the cyber security management device 110 communicates with a base station via a router via Long-Term Evolution (LTE) and 5G.
  • LTE Long-Term Evolution
  • 5G Long-Term Evolution
  • the cyber security management device 110 checks whether a cyber attack occurs during communication with the base station.
  • the cyber security management device 110 communicates with a router via a firewall/Intrusion Preventing System (IPS).
  • IPS firewall/Intrusion Preventing System
  • the cyber security management device 110 communicates with the IT network 120 via the L3 switch.
  • the cyber security management device 110 checks whether a cyber attack occurs during communication with the IT network 120 .
  • the cyber security management device 110 communicates with the crew member network 130 via the L3 switch. The cyber security management device 110 checks whether a cyber attack occurs during communication with the flight attendant network 130 . The cyber security management device 110 communicates with the autonomous navigation device 140 via the L3 switch. The cyber security management device 110 checks whether a cyber attack occurs during communication with the autonomous navigation device 140 .
  • the cyber security management device 110 provides an integrated system for ship cyber security management for each of the router 108, the IT network 120, the OT network 150, and the crew network 130.
  • the cyber security management device 110 performs integrated network monitoring on the router 108, the IT network 120, the OT network 150, and the crew network 130 to prevent mutual damage from spreading.
  • the IT network 120 refers to a network capable of transmitting and receiving data by being connected to a business PC and a business server provided inside the ship.
  • the IT network 120 installs an endpoint agent to control and manage individual PCs.
  • the crew network 130 refers to a network capable of transmitting and receiving data by being connected to a wireless AP and a crew terminal provided inside the ship.
  • An Operational Technology (OT) network 150 refers to a network capable of transmitting and receiving data by connecting a monitoring device, a navigation device, and a control device provided inside a ship. Since it is impossible to install an agent on the OT network 150, the cyber security management device 110 identifies abnormal traffic on the OT network 150 through machine learning.
  • the autonomous navigation device 140 uses the OT network 150 to interwork with a monitoring device, a navigation device, and a control device for autonomous navigation.
  • FIG. 2 is a block diagram schematically showing an apparatus for managing cyber security for an autonomous vessel according to the present embodiment.
  • the cyber security management device 110 includes a collection unit 210, a cyber attack confirmation unit 220, a risk evaluation unit 230, a cyber attack blocking unit 240, and a scenario providing unit 250. do. Components included in the cyber security management device 110 are not necessarily limited thereto.
  • Each component included in the cyber security management device 110 is connected to a communication path that connects software modules or hardware modules inside the device and can operate organically with each other. These components communicate using one or more communication buses or signal lines.
  • Each component of the cyber security management device 110 shown in FIG. 2 means a unit that processes at least one function or operation, and may be implemented as a software module, a hardware module, or a combination of software and hardware.
  • the data collection unit 210 collects transmission and reception data for a plurality of networks (router 108, IT network 120, OT network 150, and crew network 130) in the autonomous ship to generate collected data. .
  • the data collection unit 210 collects transmission/reception data collected from the router, the IT network 120 , the crew network 130 , and the OT network 150 to generate aggregated data.
  • the data collecting unit 210 generates collected data by compressing the collected data and then applying an open stack for a maximum protocol range.
  • a plurality of networks are a VSAT (Very Small Aperture Terminal) that interworks with satellites, a router (108) that communicates with mobile communication base stations, and an IT network (120) that communicates with business PCs and business servers installed inside autonomous ships.
  • VSAT Very Small Aperture Terminal
  • IT network 120
  • Wireless AP Access Point
  • crew network 130 communicating with the crew terminal
  • monitoring device installed inside the autonomous ship
  • navigation device interlocking with control device It includes an OT network 150 that
  • the cyber attack check unit 220 analyzes the collected data to detect a cyber attack or abnormality on one or more networks among a plurality of networks (router 108, IT network 120, OT network 150, crew network 130). Check whether traffic is detected or not.
  • the cyber attack checking unit 220 checks whether a cyber attack or abnormal traffic of the collected data on the IT network 120 is detected using an agent program installed on a work PC and a work server.
  • the cyber attack check unit 220 detects a cyber attack or abnormal traffic of collected data for the OT network 150 from a traffic detection sensor that detects traffic for a monitoring device, a navigation device, and a control device installed inside the autonomous ship. check whether the
  • the risk evaluation unit 230 evaluates the risk against cyber threats for each of a plurality of networks (router 108, IT network 120, OT network 150, crew network 130) Calculate risk evaluation results do.
  • the risk evaluation unit 230 evaluates each of the plurality of networks based on the transmission and reception data received from the plurality of networks (router 108, IT network 120, OT network 150, and crew network 130) to determine the risk level Create a Risk Assessment Matrix.
  • the risk evaluation unit 230 is included in the risk evaluation matrix based on the results of checking items set in a plurality of networks (router 108, IT network 120, OT network 150, crew network 130) Determine the Impact Index from 1 to 25.
  • the risk evaluation unit 230 determines that the impact index is low when the impact index is 1 to 7, determines it to be significant when the impact index is 8 to 14, and determines it to be significant when the impact index is 15 to 25. ) judged by
  • the risk evaluation unit 230 determines a probability index for a cyber attack as '1' when all five impact indices are determined to be low.
  • the risk evaluation unit 230 determines a probability index for a cyber attack as '2' when three out of five impact indices are determined to be low and two are determined to be significant. .
  • the risk evaluation unit 230 determines that 2 out of 5 impact indices are low, 2 are significant, and 1 is significant, the probability index for a cyber attack ( Probability Index) is set to '3'.
  • the risk evaluation unit 230 determines that one of the five impact indices is low, two are significant, and two are determined to be significant, the probability index for a cyber attack ( Probability Index) is set to '4'.
  • the risk evaluation unit 230 determines that one of the five impact indices is low, one is significant, and three are determined to be major, the probability index for a cyber attack ( Probability Index) is set to '5'.
  • the risk evaluation unit 230 classifies the impact index into a confidentiality index, an integrity index, and an availability index.
  • the risk evaluation unit 230 is one of 5 Critical, 4 Significant, 3 Moderate, 2 Minor, and 1 Negligible for each of the confidentiality index, integrity index, and availability index. determined by the value of The risk evaluation unit 230 calculates a value obtained by adding the confidentiality index, the integrity index, and the availability index as an asset criticality value, and the asset criticality value (Confidentiality Index + Integrity Index + Availability Index) as an impact index Recognize.
  • the risk evaluation unit 230 sets the asset importance value to a preset standard (3 ⁇ Index 1 ⁇ 4, 5 ⁇ Index 2 ⁇ 6, 7 ⁇ Index 3 ⁇ 9, 10 ⁇ Index 4 ⁇ 12, 13 ⁇ Index 5 ⁇ 15) decide according to The risk evaluation unit 230 determines the impact index value as index 1 (Index 1) when 3 ⁇ asset importance value ⁇ 4. When 5 ⁇ asset importance value ⁇ 6, the risk evaluation unit 230 determines the impact index value as index 2 (Index 2). The risk evaluation unit 230 determines the impact index value as index 3 when 7 ⁇ asset importance value ⁇ 9. The risk evaluation unit 230 determines the impact index value as Index 4 when 10 ⁇ asset importance value ⁇ 12. The risk evaluation unit 230 determines the impact index value as Index 5 when 13 ⁇ asset importance value ⁇ 15.
  • the risk evaluation unit 230 divides the probability index into a threat index and a vulnerability index.
  • the risk evaluation unit 230 determines the threat index as one of 5 Definite, 4 Probable, 3 Occasional, 2 Remote, and 1 Improbable.
  • the risk assessment unit 230 determines the vulnerability index as one of 5 very high, 4 high, 3 medium, 2 low, and 1 very low. .
  • the risk evaluation unit 230 calculates the product of the threat index and the vulnerability index as a cyber attack probability value, and recognizes the cyber attack probability value (Threat Index ⁇ Vulnerability Index) as the probability index.
  • the risk evaluation unit 230 sets the cyber attack probability value to a predetermined standard (1 ⁇ Index 1 ⁇ 5, 6 ⁇ Index 2 ⁇ 10, 11 ⁇ Index 3 ⁇ 15, 16 ⁇ Index 4 ⁇ 20, 21 ⁇ Index 5 ⁇ 25) decide according to When 1 ⁇ cyber attack probability value ⁇ 5, the risk evaluation unit 230 determines the probability index value as index 1 (Index 1). When 6 ⁇ cyber attack probability value ⁇ 10, the risk evaluation unit 230 determines the probability index value as index 2 (Index 2). When 11 ⁇ cyber attack probability value ⁇ 15, the risk evaluation unit 230 determines the probability index value as index 3 (Index 3). When 16 ⁇ cyber attack probability value ⁇ 20, the risk evaluation unit 230 determines the probability index value as index 4 (Index 4). When 21 ⁇ cyber attack probability value ⁇ 25, the risk evaluation unit 230 determines the probability index value as Index 5.
  • a predetermined standard (1 ⁇ Index 1 ⁇ 5, 6 ⁇ Index 2 ⁇ 10, 11 ⁇ Index 3 ⁇ 15, 16 ⁇ Index 4 ⁇ 20, 21 ⁇
  • the code is assigned T101 and the threat index (TI) is determined to be '5'.
  • the code is assigned T102 and the threat index (TI) is determined to be '4'.
  • the code is assigned T103 and the threat index (TI) is determined to be '4'.
  • the code is assigned T201 and the threat index (TI) is determined to be '4'.
  • the code is assigned T202 and the threat index (TI) is determined to be '4'.
  • the code is assigned T203 and the threat index (TI) is determined to be '4'.
  • the code is assigned T204 and the threat index (TI) is determined to be '2'.
  • the code is assigned T301 and the threat index (TI) is determined to be '5'.
  • the code is assigned T302 and the threat index (TI) is determined to be '5'.
  • the code is assigned T401 and the threat index (TI) is determined to be '4'.
  • the code is assigned T402 and the threat index (TI) is determined to be '5'.
  • the code is assigned T403 and the threat index (TI) is determined to be '4'.
  • the code is assigned T404 and the threat index (TI) is determined to be '4'.
  • the code is assigned T501 and the threat index (TI) is determined to be '3'.
  • the code is assigned T51 and the threat index (TI) is determined to be '3'.
  • the risk assessment unit 230 detects a threat when important information (network/cargo/financial information) is leaked by a hacker among the router 108, the IT network 120, the OT network 150, and the crew network 130.
  • the scenario provision unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'information leakage', 'illegal SW installation', 'DDOS', 'malicious code', 'abuse of personal information', 'denial of infringement'). , 'operation mistake', 'hardware defect', 'power outage').
  • the risk assessment unit 230 classifies the threat factor as 'authority abuse' when exposure to an intrusion occurs through a port of a vulnerable service among the router 108, the IT network 120, the OT network 150, and the crew network 130. ', 'information leakage', 'illegal SW installation', 'unauthorized terminal', 'malicious code', 'infringement denial', 'operation mistake', 'hardware defect', 'power outage'.
  • the scenario providing unit 250 is responsible for threat factors ('authority abuse', 'information leakage', 'illegal SW installation', 'unauthorized terminal', 'malicious code', 'infringement denial', 'operation mistake', 'hardware defect'). , one or more of 'power outages') to provide response scenarios.
  • the risk assessment unit 230 identifies threat factors in the event of unauthorized tampering (manipulation) of the router 108, the IT network 120, the OT network 150, and the crew network 130.
  • the scenario providing unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'falsification/change of information', 'access by unauthorized persons', 'illegal SW installation', 'DDOS', 'malicious behavior', It provides response scenarios according to 'denial of infringement', 'operating mistake', 'hardware defect', 'outage').
  • the risk evaluation unit 230 classifies the threat factors as 'authority abuse' and 'information' when exposure to a zero-day attack occurs among the router 108, the IT network 120, the OT network 150, and the crew network 130. Leakage', 'illegal software installation', 'operation mistake', 'hardware defect', 'power outage'.
  • the scenario providing unit 250 provides response scenarios according to threat factors (one or more of 'authority abuse', 'information leakage', 'illegal SW installation', 'operation mistake', 'hardware defect', and 'power outage') .
  • the risk evaluation unit 230 determines the threat factor as 'authority abuse' when a system failure occurs due to the execution of a patch whose stability has not been verified among the router 108, the IT network 120, the OT network 150, and the crew network 130. ', 'illegal SW installation', 'operation mistake', 'hardware defect', 'power failure'.
  • the scenario providing unit 250 provides response scenarios according to threat factors (at least one of 'authority abuse', 'illegal SW installation', 'operation mistake', 'hardware defect', and 'power outage').
  • the risk evaluation unit 230 determines the threat factor as 'unauthorized access' when infection and propagation of malicious code/ransomware occurs among the router 108, the IT network 120, the OT network 150, and the crew network 130. ', 'use of unauthorized USB', 'installation of illegal SW', 'DDOS', 'malicious code', 'denial of infringement', 'operating mistake', 'hardware defect', 'power outage'.
  • the scenario provision unit 250 provides threat factors ('access by unauthorized person', 'use of unauthorized USB', 'installation of illegal SW', 'DDOS', 'malicious code', 'denial of infringement', 'operation mistake', 'hardware defect'). ', 'outage') to provide response scenarios.
  • the risk evaluation unit 230 determines the threat factor as 'account hijacking' when infection and propagation of malicious code/ransomware occurs among the router 108, the IT network 120, the OT network 150, and the crew network 130. , 'abuse of authority', 'information leakage', 'access by unauthorized person', 'use of unauthorized USB', 'unauthorized terminal', 'malicious code', 'malicious behavior', 'abuse of personal information', 'operation mistake', It is recognized as one or more of 'hardware defect' and 'power outage'.
  • the scenario providing unit 250 provides threat factors ('account hijacking', 'authority abuse', 'information leakage', 'unauthorized person access', 'unauthorized USB use', 'unauthorized terminal', 'malicious code', 'malicious Action', 'misuse of personal information', 'operation mistake', 'hardware defect', 'power outage').
  • threat factors 'account hijacking', 'authority abuse', 'information leakage', 'unauthorized person access', 'unauthorized USB use', 'unauthorized terminal', 'malicious code', 'malicious Action', 'misuse of personal information', 'operation mistake', 'hardware defect', 'power outage').
  • the risk evaluation unit 230 accesses a system among the router 108, the IT network 120, the OT network 150, and the crew network 130 and changes important information to determine the threat factor when work (flight) delay occurs. 'account hijacking', 'abuse of authority', 'tampering/altering of information', 'access by unauthorized person', 'DDOS', 'unauthorized terminal', 'malicious code', 'malicious act', 'abuse of personal information' , 'denial of infringement', 'operation mistake', 'hardware defect', 'outage'.
  • the scenario provision unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'falsification/altering of information', 'access by an unauthorized person', 'DDOS', 'unauthorized terminal', 'malicious code', 'malicious code'). Provides response scenarios according to one or more of 'personal information misuse', 'infringement denial', 'operation mistake', 'hardware defect', and 'power outage').
  • the risk assessment unit 230 determines the threat factor as 'illegal SW installation', when a work delay occurs due to system overload among the router 108, the IT network 120, the OT network 150, and the crew network 130. Recognizes one or more of 'DDOS', 'unauthorized terminal', 'malicious code', 'operation error', 'hardware defect', and 'power outage'.
  • the scenario providing unit 250 responds according to threat factors (one or more of 'illegal SW installation', 'DDOS', 'unauthorized terminal', 'malicious code', 'operation mistake', 'hardware defect', and 'power outage') provide a scenario.
  • the risk evaluation unit classifies the threat factors as 'account takeover' and 'abuse of authority' in the case of system interruption due to unauthorized person's random manipulation among the router (108), IT network (120), OT network (150), and crew network (130). ', 'tampering/altering of information', 'access by unauthorized person', 'DDOS', 'unauthorized terminal', 'malicious code', 'malicious act', 'denial of infringement', 'operation mistake', 'hardware defect' , recognized as one or more of 'blackouts'.
  • the scenario provision unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'falsification/altering of information', 'access by an unauthorized person', 'DDOS', 'unauthorized terminal', 'malicious code', 'malicious code'). response scenarios) are provided.
  • the risk assessment unit 230 is a threat when an unauthorized person among the router 108, the IT network 120, the OT network 150, and the crew network 130 randomly tries to log in and steals an account to falsify or destroy important information.
  • the scenario provision unit 250 provides threat factors ('account hijacking', 'falsification/change of information', 'access by unauthorized persons', 'unauthorized terminal', 'malicious code', 'malicious behavior', 'abuse of personal information'). , 'denial of infringement', 'operation mistake', 'hardware defect', 'outage').
  • the risk evaluation unit identifies the threat factor as an 'account' in the case of intentional business (flight) delay by accessing and changing unauthorized information among the router (108), IT network (120), OT network (150), and crew network (130).
  • the router 108
  • IT network 120
  • OT network 150
  • crew network 130
  • Stealing', 'abuse of authority', 'falsification/altering of information', 'access by unauthorized person', 'use of unauthorized USB', 'installation of illegal SW', 'unauthorized terminal', 'malicious code', 'malicious behavior' Recognize it as one or more of 'abuse of personal information', 'denial of infringement', 'operation mistake', 'hardware defect', and 'power outage'.
  • the scenario providing unit 250 provides threat factors ('account hijacking', 'abuse of authority', 'falsification/change of information', 'access by unauthorized persons', 'use of unauthorized USB', 'installation of illegal SW', 'unauthorized terminal'). , 'malicious code', 'malicious behavior', 'abuse of personal information', 'denial of infringement', 'operation mistake', 'hardware defect', 'power outage').
  • the risk assessment unit 230 accesses important information and arbitrarily manipulates the OT network 150 by connecting to the internal network with an unauthorized terminal among the router 108, the IT network 120, the OT network 150, and the crew network 130 If this occurs, the threat factors are 'abuse of authority', 'access by unauthorized person', 'use of unauthorized USB', 'installation of illegal SW', 'unauthorized terminal', 'malicious code', 'malicious act', 'denial of infringement' ', 'Operation mistake', 'Hardware defect', or 'Power outage'.
  • the scenario provision unit 250 provides threat factors ('abuse of authority', 'access by unauthorized persons', 'use of unauthorized USB', 'installation of illegal SW', 'unauthorized terminal', 'malicious code', 'malicious behavior', ' denial of infringement', 'operating mistake', 'hardware defect', 'outage').
  • the risk evaluation unit 230 determines the threat factor as an 'account' when malicious code propagation occurs by connecting to an internal network with an unauthorized terminal among the router 108, the IT network 120, the OT network 150, and the crew network 130. Stealing', 'Abuse of authority', 'Access by unauthorized person', 'Use of unauthorized USB', 'Installation of illegal SW', 'Unauthorized terminal', 'Malicious act', 'Denial of infringement', 'Operation mistake', 'Hardware defect' ', 'power outage'.
  • the scenario providing unit 250 provides threat factors ('account hijacking', 'authority abuse', 'unauthorized access', 'unauthorized USB use', 'illegal SW installation', 'unauthorized terminal', 'malicious behavior', ' denial of infringement', 'operating mistake', 'hardware defect', 'outage').
  • the risk assessment unit 230 determines the threat factor as 'information' when a vulnerability to a cyberattack occurs due to a missing security patch among the router 108, the IT network 120, the OT network 150, and the crew network 130. 'modification/change', 'illegal SW installation', 'operation mistake', 'hardware defect', and 'power outage'.
  • the scenario providing unit 250 provides response scenarios according to threat factors (one or more of 'falsification/change of information', 'illegal SW installation', 'operation mistake', 'hardware defect', and 'power outage').
  • the risk evaluation unit 230 is a threat factor in the case of stealing important information and malicious behavior by accessing administrator/user privileges among the router 108, the IT network 120, the OT network 150, and the crew network 130. 'account hijacking', 'abuse of authority', 'tampering/altering of information', 'information leakage', 'access by unauthorized person', 'illegal SW installation', 'DDOS', 'unauthorized terminal', 'malicious code', Recognize one or more of 'malicious acts', 'abuse of personal information', 'denial of infringement', 'operation mistakes', 'hardware defects', and 'power outages'.
  • the scenario providing unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'falsification/change of information', 'information leakage', 'access by unauthorized persons', 'illegal SW installation', 'DDOS', ' Provides response scenarios according to one or more of 'unauthorized terminal', 'malicious code', 'malicious behavior', 'abuse of personal information', 'denial of infringement', 'operation mistake', 'hardware defect', and 'power outage' .
  • the risk evaluation unit 230 determines the threat factor as 'illegal SW installation', in the case of a business delay caused by excessive traffic generation among the router 108, the IT network 120, the OT network 150, and the crew network 130. Recognizes one or more of 'DDOS', 'malicious code', 'operation error', 'hardware defect', and 'power outage'.
  • the scenario providing unit 250 provides response scenarios according to threat factors (one or more of 'illegal SW installation', 'DDOS', 'malicious code', 'operation mistake', 'hardware defect', and 'power outage').
  • the risk assessment unit 230 determines whether an account theft occurs when a hacker infiltrates because the password (PW) is not encrypted and stored among the router 108, the IT network 120, the OT network 150, and the crew network 130.
  • Threat factors include 'tampering/altering of information', 'information leakage', 'access by unauthorized person', 'installation of illegal software', 'DDOS', 'unauthorized terminal', 'malicious code', 'denial of infringement', and 'operation mistake'. ', 'hardware defect', 'power outage'.
  • the scenario provision unit 250 is responsible for threat factors ('information alteration/modification', 'information leakage', 'unauthorized access', 'illegal SW installation', 'DDOS', 'unauthorized terminal', 'malicious code', ' denial of infringement', 'operating mistake', 'hardware defect', 'outage').
  • threat factors 'information alteration/modification', 'information leakage', 'unauthorized access', 'illegal SW installation', 'DDOS', 'unauthorized terminal', 'malicious code', ' denial of infringement', 'operating mistake', 'hardware defect', 'outage').
  • the risk evaluation unit 230 is a router 108, IT network 120, OT network 150, crew network 130 of the OT network arbitrarily manipulated / important information falsification, when a flight accident occurs, the threat factor 'Account hijacking', 'abuse of authority', 'tampering/altering of information', 'access by unauthorized person', 'installation of illegal SW', 'DDOS', 'unauthorized terminal', 'malicious code', 'malicious behavior', It is recognized as one or more of 'denial of infringement', 'operation mistake', 'hardware defect', and 'power outage'.
  • the scenario providing unit 250 is responsible for threat factors ('account takeover', 'abuse of authority', 'falsification/change of information', 'access by unauthorized person', 'illegal SW installation', 'DDOS', 'unauthorized terminal', ' Malicious code', 'malicious behavior', 'denial of infringement', 'operation mistake', 'hardware defect', 'power outage').
  • threat factors 'account takeover', 'abuse of authority', 'falsification/change of information', 'access by unauthorized person', 'illegal SW installation', 'DDOS', 'unauthorized terminal', ' Malicious code', 'malicious behavior', 'denial of infringement', 'operation mistake', 'hardware defect', 'power outage').
  • the risk assessment unit 230 determines the threat factor as 'unauthorized access' when a system is interrupted by removing/changing a LAN port among the router 108, the IT network 120, the OT network 150, and the crew network 130. ', 'unauthorized terminal', 'malicious behavior', 'operation error', 'hardware defect', and 'power outage'.
  • the scenario provider 250 provides response scenarios according to threat factors (one or more of 'access by an unauthorized person', 'unauthorized terminal', 'malicious behavior', 'operation mistake', 'hardware defect', and 'power outage'). do.
  • the cyber attack blocking unit 240 blocks a network in which a cyber attack or abnormal traffic is detected among a plurality of networks (router 108, IT network 120, OT network 150, and crew network 130).
  • the cyber attack blocker 240 detects cyber attacks or abnormalities among a plurality of networks (router 108, IT network 120, OT network 150, crew network 130) based on the index included in the risk evaluation matrix. Block networks where traffic has been detected.
  • the scenario providing unit 250 extracts and provides a (risk level) scenario corresponding to the risk evaluation result.
  • FIG. 3 is a diagram showing the functions of the cyber security management system according to the present embodiment.
  • the autonomous vessel cyber security management system 100 provides a visibility function, a security function, and a security compliance function.
  • the autonomous vessel cyber security management system 100 searches and maintains an asset inventory with a visibility function.
  • the autonomous vessel cyber security management system 100 calculates cyber risks for the IT network 120 , the OT network 150 , and the crew network 130 as a visibility function.
  • the autonomous vessel cyber security management system 100 determines when a crew member behaves unsafely based on a degree of cyber risk.
  • the autonomous ship cyber security management system 100 provides a countermeasure method and an emergency situation when a cyber attack occurs as a security function.
  • the autonomous vessel cybersecurity management system 100 allows access to security operations expertise when needed as a security function.
  • the autonomous vessel cyber security management system 100 can be applied by extending a corporate cyber monitoring function to a vehicle as a security function.
  • the autonomous ship cyber security management system 100 identifies the cyber policy violation time with a security compliance function.
  • the autonomous ship cyber security management system 100 can prove the ship cyber security management status to an inspector.
  • FIG. 4 is a diagram showing the configuration of a cyber security management system according to this embodiment.
  • the autonomous ship cyber security management system 100 includes a visualization unit, a user input unit, an analysis and control unit, a data collection unit, an agent, an app server, a database, and an OT sensing unit.
  • the data collection unit collects local data.
  • the data collection unit collects IT network data from agents installed in the IT network 120 .
  • the data collection unit collects crew member network data from the crew member network 130 .
  • the data collection unit collects OT network data from OT network monitoring sensors installed in the OT network 150 .
  • the data collection unit generates aggregated data by collecting IT network data, OT network data, and crew network data.
  • the data collection unit compresses the aggregated data to optimize bandwidth usage.
  • the data collection unit applies an open stack for maximum protocol coverage to the collection data.
  • the analysis and control unit transmits the corresponding hacking information to the visualization unit and outputs it.
  • the analytics and control unit performs centralized analytics to detect machine learning for cyber and compliance risks.
  • the analysis and control unit may analyze the collected data using the cloud.
  • the analysis and control unit detects a cyber attack or abnormal traffic to any one of the router 108, the IT network 120, the OT network 150, and the crew network 130 based on the collected data, preventing the spread to block the network.
  • the visualization unit performs security information and event management.
  • the visualization unit includes a fleet management dashboard.
  • the visualization unit generates risk-based scores and report information.
  • the visualization unit creates and outputs an asset list and configuration diagram.
  • FIG. 5 is a diagram showing a risk evaluation matrix according to the present embodiment.
  • the autonomous vessel cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to generate a risk assessment matrix.
  • the autonomous ship cyber security management system 100 determines an impact of 1 to 25.
  • the autonomous vessel cyber security management system 100 determines that the impact is low when the impact is 1 to 7, determines it to be significant when the impact is 8 to 14, and determines it to be significant when the impact is 15 to 25 (maj).
  • the autonomous vessel cyber security management system 100 determines a probability index for cyber attack as '1' when all five impacts are determined to be low.
  • the autonomous ship cyber security management system 100 sets the probability index for cyber attacks to '2' when three of the five impacts are determined to be low and two are determined to be significant. to decide
  • the cyber attack Determine the probability index as '4'.
  • the cyber attack Determine the probability index as '5'.
  • 6a, 6b, and 6c are diagrams illustrating impact (importance) indexes according to the present embodiment.
  • the autonomous ship cyber security management system 100 divides the impact (criticality) index into a confidentiality index, an integrity index, and an availability index.
  • the autonomous ship cyber security management system 100 has 5 Critical, 4 Significant, 3 Moderate, 2 Minor, and 1 negligible for each of the confidentiality index, integrity index, and availability index ( Negligible) is determined by one of the values.
  • the autonomous vessel cyber security management system 100 calculates a value obtained by adding the confidentiality index, the integrity index, and the availability index as an asset criticality value, and the asset criticality value (Confidentiality Index + Integrity Index + Availability Index) It is recognized as an impact index.
  • the autonomous ship cyber security management system 100 sets the asset importance value to a preset standard (3 ⁇ Index 1 ⁇ 4, 5 ⁇ Index 2 ⁇ 6, 7 ⁇ Index 3 ⁇ 9, 10 ⁇ Index 4 ⁇ 12, 13 ⁇ Index 5 ⁇ 15).
  • the autonomous vessel cyber security management system 100 determines the corresponding asset importance value as index 1 (Index 1). When 5 ⁇ asset importance value ⁇ 6, the autonomous vessel cyber security management system 100 determines the corresponding asset importance value as index 2 (Index 2). When 7 ⁇ asset importance value ⁇ 9, the autonomous vessel cyber security management system 100 determines the corresponding asset importance value as Index 3.
  • the autonomous ship cyber security management system 100 determines the corresponding asset importance value as Index 4.
  • the autonomous ship cyber security management system 100 determines the corresponding asset importance value as Index 5.
  • 7a and 7b are diagrams showing probability indexes according to this embodiment.
  • the autonomous ship cyber security management system 100 divides a probability index into a threat index and a vulnerability index.
  • the autonomous ship cyber security management system 100 determines the threat index as one of 5 Definite, 4 Probable, 3 Occasional, 2 Remote, and 1 Improbable. .
  • the autonomous ship cyber security management system 100 sets the vulnerability index to one of 5 Very high, 4 High, 3 Medium, 2 Low, and 1 Very Low. determined by the value
  • the autonomous ship cyber security management system 100 calculates the product of the threat index and the vulnerability index as a cyber attack probability value, and recognizes the cyber attack probability value (Threat Index ⁇ Vulnerability Index) as the probability index.
  • the autonomous vessel cyber security management system 100 determines the cyber attack probability value based on a preset standard (1 ⁇ Index 1 ⁇ 5, 6 ⁇ Index 2 ⁇ 10, 11 ⁇ Index 3 ⁇ 15, 16 ⁇ Index 4 ⁇ 20, 21 ⁇ Index 5 ⁇ 25).
  • the autonomous ship cyber security management system 100 determines the asset importance value as index 1 (Index 1). When 6 ⁇ cyber attack probability value ⁇ 10, the autonomous ship cyber security management system 100 determines the asset importance value as Index 2 (Index 2).
  • the autonomous vessel cyber security management system 100 determines the asset importance value as Index 3.
  • the autonomous vessel cyber security management system 100 determines the asset importance value as Index 4.
  • the autonomous vessel cyber security management system 100 determines the corresponding asset importance value as Index 5.
  • FIG. 8 is a diagram showing a threat list according to the present embodiment.
  • the autonomous ship cyber security management system 100 identifies an attacker in a threat list as an outsider (remote), an outsider (radio), an insider (remote), and an insider (crew).
  • the autonomous ship cyber security management system 100 verifies the intent intentionally or unintentionally.
  • the code is assigned T101 and the threat index (TI: Threat Index) is determined to be '5'.
  • the code is assigned T102 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T103 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T201 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T202 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T203 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T204 and the threat index (TI: Threat Index) is determined to be '2'.
  • the code is assigned T301 and the threat index (TI: Threat Index) is determined to be '5'.
  • the code is assigned T302 and the threat index (TI: Threat Index) is determined to be '5'.
  • the code is assigned T401 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T402 and the threat index (TI: Threat Index) is determined to be '5'.
  • TI Threat Index
  • the code is assigned T403 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T404 and the threat index (TI: Threat Index) is determined to be '4'.
  • the code is assigned T501 and the threat index (TI: Threat Index) is determined to be '3'.
  • the autonomous ship cyber security management system 100 determines that the threat factor is 'power outage', the code is assigned T51 and the threat index (TI: Threat Index) is determined to be '3'.
  • FIG. 9 is a diagram showing vulnerability scores according to this embodiment.
  • the autonomous ship cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to extract a plurality of vulnerabilities.
  • the autonomous ship cyber security management system 100 calculates scores according to a plurality of vulnerabilities.
  • the vulnerability score is calculated as '5'.
  • the vulnerability score is calculated as '5'.
  • the vulnerability score is calculated as '4'.
  • the vulnerability score is calculated as '4'.
  • the vulnerability score is calculated as '3'.
  • the vulnerability score is calculated as '3'.
  • the vulnerability score is calculated as '4'.
  • the vulnerability score is calculated as '3'.
  • the vulnerability score is calculated as '4'.
  • the autonomous ship cyber security management system 100 determines that 'file management' is necessary as a vulnerability, it calculates the vulnerability score as '3'.
  • the vulnerability score is calculated as '4'.
  • FIG. 10 is a diagram illustrating an account extortion scenario among risk scenarios according to the present embodiment.
  • Autonomous vessel cyber security management system 100 describes a method for providing scenarios corresponding to account theft by evaluating each of router 108, IT network 120, OT network 150, and crew network 130 .
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'account hijacking' and provides a response scenario when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'account hijacking' when business (operation) delays occur due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'account hijacking' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the cyber security management system 100 for autonomous ships recognizes the threat factor as 'account hijacking' and provides a response scenario in the event of intentional delay in business (operation) by accessing and changing unauthorized information.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'account hijacking' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'account hijacking' and provides a response scenario when a malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'account takeover' in the event of unauthorized tampering (manipulation) of important systems, business delays/operation interruptions.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'account hijacking' when important information (network/cargo/financial information) is leaked by a hacker.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'account hijacking' and provides a response scenario when system shutdown occurs due to unauthorized person's arbitrary manipulation.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'account hijacking' and provides a response scenario.
  • FIG. 11 is a diagram illustrating a privilege abuse scenario among risk scenarios according to the present embodiment.
  • An autonomous ship cyber security management system (100) describes a method for evaluating each of a router (108), an IT network (120), an OT network (150), and a crewman network (130) to provide a scenario to respond to abuse of authority. .
  • the autonomous ship cyber security management system 100 recognizes that 'abuse of authority' has occurred by recognizing the threat factor as 'internal information leakage' when important information is leaked to the outside (competitor/institution) after accessing the system. do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'internal information tampering' and recognizes it as 'authority abuse' and provides response scenarios when business (operation) delays occur due to access to the system and change of important information. do.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'destruction of internal information' and recognizes it as 'abuse of authority' to provide response scenarios in the case of stealing important information and malicious behavior by accessing administrator/user rights do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'disclosure of navigation information' and recognizes it as 'abuse of authority' to provide response scenarios in case of intentional delay in business (flight) due to access to and change of unauthorized information. do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'falsification of flight information' and recognizes it as 'abuse of authority' when malicious code propagation occurs by connecting to the internal network with an unauthorized terminal, and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'destruction of navigation information' and recognizes it as 'abuse of authority' to provide response scenarios in the event of unauthorized modification (manipulation) of important systems, delays/operation interruptions, etc. .
  • the autonomous ship cyber security management system (100) recognizes 'delay/accident' as a threat factor when accessing important information and arbitrary manipulation of the OT network (150) by connecting to the internal network with an unauthorized terminal ' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes 'environmental pollution' as an 'environmental pollution' when important information (network/cargo/financial information) is leaked by a hacker, recognizes the threat factor as 'authority abuse', and provides a response scenario. do.
  • the autonomous ship cyber security management system 100 recognizes a 'life accident' when a system shutdown occurs due to arbitrary manipulation by an unauthorized person, recognizes the threat factor as 'authority abuse', and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'authority abuse' and provides a response scenario when a navigation accident occurs due to arbitrary manipulation/modulation of important information of the OT network 150.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'authority abuse' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'authority abuse' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous ship cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous ship cyber security management system 100 recognizes the threat factor as 'authority abuse' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'authority abuse' and provides a response scenario when a system failure occurs due to the execution of a patch whose stability has not been verified.
  • FIG. 12 is a diagram illustrating information tampering/altering scenarios among risk scenarios according to the present embodiment.
  • the autonomous vessel cyber security management system 100 accesses the system and changes important information to cause business (operation) delays by accessing the system, recognizing it as 'internal information leakage' and changing the threat factor to 'information falsification/alteration'. Recognize and provide countermeasure scenarios.
  • Autonomous ship cyber security management system 100 recognizes 'internal information tampering' and recognizes the threat as 'information tampering/altering' in the event of stealing important information and malicious behavior by accessing administrator/user privileges, and responding to scenarios provides
  • the cyber security management system 100 for autonomous vessels responds by recognizing the threat as 'information tampering/altering' by recognizing it as 'internal information destruction' in case of intentional delay in business (operation) due to access to and modification of unauthorized information. provide a scenario.
  • the autonomous ship cyber security management system (100) recognizes as 'disclosure of navigation information' and responds by recognizing the threat factor as 'information tampering/altering' when an unauthorized person attempts to log in at random and steals an account and falsification or destruction of important information occurs. provide a scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'falsification/altering of information' when an account is stolen when a hacker infiltrates because the password (PW) is not encrypted and stored. Provide response scenarios.
  • the autonomous ship cyber security management system 100 recognizes 'destruction of navigation information' in the case of unauthorized modification (manipulation) of important systems, and 'destruction of operational information' in case of unauthorized modification (manipulation) of important systems, and recognizes the threat factor as 'information alteration/alteration' to develop a response scenario. to provide.
  • the autonomous ship cyber security management system 100 recognizes 'delay/accident' as a 'delay/accident' and recognizes the threat factor as 'information falsification/alteration' in the event of a system shutdown due to arbitrary manipulation by an unauthorized person, and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes it as 'environmental pollution' and recognizes the threat as 'information alteration/alteration' Provide response scenarios.
  • the autonomous vessel cyber security management system 100 recognizes a threat factor as 'information tampering/altering' in case of delay in business (operation) due to access to the system and changes in important information, and responds to scenarios. to provide.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'information falsification/change' when vulnerability to cyber attacks occurs due to missing security patches.
  • FIG. 13 is a diagram illustrating an information leakage scenario among risk scenarios according to the present embodiment.
  • Autonomous vessel cyber security management system 100 describes a method for providing a scenario corresponding to an information leakage scenario by evaluating each of the router 108, the IT network 120, the OT network 150, and the crew network 130 do.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'information leakage' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'information leakage' when important information stealing or malicious behavior occurs by accessing administrator/user rights.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'information leakage' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'information leak' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'information leakage' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous ship cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous ship cyber security management system 100 recognizes the threat factor as 'information leakage' and provides a response scenario.
  • FIG. 14 is a diagram illustrating an unauthorized person access scenario among risk scenarios according to the present embodiment.
  • the autonomous ship cyber security management system 100 evaluates each router 108, IT network 120, OT network 150, and crew network 130 to provide a scenario corresponding to an unauthorized access scenario.
  • each router 108, IT network 120, OT network 150, and crew network 130 evaluates each router 108, IT network 120, OT network 150, and crew network 130 to provide a scenario corresponding to an unauthorized access scenario.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' when business (operation) delays occur due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized person access' when intentional business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario when malicious code propagation occurs by connecting to the internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' in case of unauthorized modification (manipulation) of important systems, delay / operation interruption.
  • Autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario when access to important information and arbitrary manipulation of the OT network 150 occurs by connecting to the internal network with an unauthorized terminal do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario when system interruption occurs due to removal/change of the LAN port.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'access by an unauthorized person' when system shutdown occurs due to arbitrary manipulation by an unauthorized person.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'unauthorized access' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized access' when business (operation) delays occur due to access to the system and change of important information.
  • 15 is a diagram illustrating an unauthorized USB use scenario among risk scenarios according to the present embodiment.
  • the autonomous ship cyber security management system 100 evaluates each router 108, IT network 120, OT network 150, and crew network 130 to provide a scenario corresponding to an unauthorized USB usage scenario.
  • each router 108, IT network 120, OT network 150, and crew network 130 evaluates each router 108, IT network 120, OT network 150, and crew network 130 to provide a scenario corresponding to an unauthorized USB usage scenario.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized USB use' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized USB use' when intentional business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized USB use' when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'unauthorized USB use' when a malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'unauthorized USB use' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal do.
  • 16 is a diagram illustrating an illegal SW installation scenario among risk scenarios according to the present embodiment.
  • the autonomous ship cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to provide a scenario corresponding to an illegal SW installation scenario.
  • the autonomous ship cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to provide a scenario corresponding to an illegal SW installation scenario.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'illegal SW installation' when important information stealing or malicious behavior occurs by accessing administrator/user rights.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when a deliberate business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when a malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario in the case of unauthorized modification (manipulation) of important systems, delay / operation interruption.
  • Autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides response scenarios when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'illegal SW installation' when a business delay occurs due to system overload.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous vessel cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous vessel cyber security management system 100 recognizes the threat factor as 'illegal software installation' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when a system failure occurs due to the execution of a patch whose stability has not been verified.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'illegal SW installation' and provides a response scenario when vulnerability to cyber attacks occurs due to missing security patches.
  • 17 is a diagram showing a DDOS scenario among risk scenarios according to the present embodiment.
  • Autonomous ship cyber security management system 100 describes a method of providing a scenario corresponding to a DDOS scenario by evaluating each of a router 108, an IT network 120, an OT network 150, and a crewman network 130 .
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'DDOS' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario in case of unauthorized modification (manipulation) of important systems, delay / operation interruption.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when system shutdown occurs due to unauthorized manipulation.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when business delay occurs due to excessive traffic.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'DDOS' and provides a response scenario when a business delay occurs due to system overload.
  • FIG. 18 is a diagram illustrating an unauthorized terminal scenario among risk scenarios according to the present embodiment.
  • Autonomous ship cyber security management system 100 describes a method of providing a scenario corresponding to an unauthorized terminal scenario by evaluating each of a router 108, an IT network 120, an OT network 150, and a crew member network 130 do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'unauthorized terminal' and provides a response scenario when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when important information stealing or malicious behavior occurs by accessing administrator/user rights.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when a deliberate business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'unauthorized terminal' and provides a response scenario when an account theft occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'unauthorized terminal' and provides a response scenario when malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'unauthorized terminal' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal .
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'unauthorized terminal' and provides a response scenario when system interruption occurs due to removal/change of the LAN port.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when system shutdown occurs due to arbitrary manipulation by an unauthorized person.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when a business delay occurs due to system overload.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'unauthorized terminal' when exposure to intrusion through a port of a vulnerable service occurs.
  • 19 is a diagram showing a malicious code scenario among risk scenarios according to the present embodiment.
  • Autonomous ship cyber security management system 100 describes a method of providing a scenario corresponding to a malicious code scenario by evaluating each of the router 108, the IT network 120, the OT network 150, and the crew network 130 do.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'malicious code' when important information stealing or malicious behavior occurs by accessing administrator/user rights.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when a deliberate business (operation) delay occurs by accessing and changing unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal .
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when system shutdown occurs due to unauthorized manipulation.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when a business delay occurs due to excessive traffic.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when a business delay occurs due to system overload.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious code' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • 20 is a diagram illustrating a malicious action scenario among risk scenarios according to the present embodiment.
  • the autonomous ship cyber security management system (100) evaluates each of the router (108), IT network (120), OT network (150), and crew network (130) to provide a scenario for responding to malicious behavior scenarios.
  • the autonomous ship cyber security management system (100) evaluates each of the router (108), IT network (120), OT network (150), and crew network (130) to provide a scenario for responding to malicious behavior scenarios.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'malicious act' when accessing the system and leaking important information to the outside (competitor/institution).
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'malicious act' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'malicious behavior' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'malicious act' in case of intentional delay in business (operation) by accessing and changing unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'malicious act' and provides a response scenario when an unauthorized person randomly attempts to log in and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'malicious act' and provides a response scenario when malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'malicious act' in case of unauthorized modification (manipulation) of important systems, business delays/operation interruptions.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'malicious behavior' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal do.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'malicious act' and provides a response scenario when system interruption occurs due to removal/change of the LAN port.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'malicious act' and provides a response scenario when system shutdown occurs due to unauthorized manipulation.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'malicious act' when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • 21 is a diagram illustrating a personal information abuse scenario among risk scenarios according to the present embodiment.
  • the autonomous vessel cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to provide a scenario corresponding to a personal information abuse scenario.
  • the autonomous vessel cyber security management system 100 evaluates each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to provide a scenario corresponding to a personal information abuse scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'abuse of personal information' and provides a response scenario when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'abuse of personal information' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'personal information abuse' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'abuse of personal information' and provides a response scenario when intentional business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'abuse of personal information' and provides a response scenario when an unauthorized person randomly attempts to log in and steals an account and falsification or destruction of important information occurs.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'abuse of personal information' and provides a response scenario.
  • 22 is a diagram illustrating a denial of infringement scenario among risk scenarios according to the present embodiment.
  • Autonomous ship cyber security management system 100 describes a method for providing a scenario corresponding to a denial of infringement scenario by evaluating each of a router 108, an IT network 120, an OT network 150, and a crewman network 130 do.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'denial of infringement' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'infringement denial' when intentional business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'denial of infringement' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'infringement denial' and provides a response scenario when account hijacking occurs when a hacker infiltrates because the password (PW) is not encrypted.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'infringement denial' and provides a response scenario when malicious code propagation occurs by connecting to the internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system (100) provides a response scenario by recognizing the threat factor as 'infringement denial' in case of unauthorized modification (manipulation) of important systems, business delays/operation interruptions.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'denial of infringement' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal .
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'denial of infringement' and provides a response scenario.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'infringement denial' when system shutdown occurs due to unauthorized manipulation.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as 'infringement denial' when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'denial of infringement' when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'infringement denial' when business (operation) delays occur due to access to the system and change of important information.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'infringement denial' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • FIG. 23 is a diagram illustrating an operation mistake scenario among risk scenarios according to the present embodiment.
  • Autonomous vessel cyber security management system (100) describes a method for evaluating each router (108), IT network (120), OT network (150), and crew network (130) to provide scenarios corresponding to operational error scenarios do.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a deliberate business (operation) delay occurs due to accessing and changing unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operation mistake' and provides a response scenario when malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' in the event of an unauthorized modification (manipulation) of important systems, delay / operation interruption.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario when access to important information and arbitrary manipulation of the OT network 150 occur by connecting to the internal network with an unauthorized terminal .
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a system shutdown occurs due to an unauthorized person's arbitrary manipulation.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when business delay occurs due to excessive traffic.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when a business delay occurs due to system overload.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous ship cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as an 'operational mistake' and provides a response scenario when a system failure occurs due to the execution of a patch whose stability has not been verified.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as an 'operational mistake' when vulnerability to cyber attacks occurs due to missing security patches.
  • 24 is a diagram illustrating a hardware failure scenario among risk scenarios according to the present embodiment.
  • Autonomous ship cyber security management system 100 describes a method for evaluating each router 108, IT network 120, OT network 150, and crew network 130 to provide a scenario corresponding to a hardware fault scenario do.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'hardware defect' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'hardware defect' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a deliberate delay in business (operation) occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when an unauthorized person randomly attempts to log in and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'hardware defect' in the event of an unauthorized modification (manipulation) of an important system, a delay / operation interruption.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal .
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when system interruption occurs due to removal/change of the LAN port.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a system shutdown occurs due to an unauthorized person's arbitrary manipulation.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when business delay occurs due to excessive traffic.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as a 'hardware defect' when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a business delay occurs due to system overload.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous vessel cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous vessel cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when a system failure occurs due to the execution of a patch whose stability has not been verified.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as a 'hardware defect' and provides a response scenario when vulnerability to cyber attacks occurs due to missing security patches.
  • 25 is a diagram illustrating a power outage scenario among risk scenarios according to the present embodiment.
  • the autonomous ship cyber security management system 100 describes a method for evaluating each of the router 108, the IT network 120, the OT network 150, and the crew network 130 to provide a scenario corresponding to a power outage scenario. .
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'power outage' when important information is leaked to the outside (competitor/institution) by accessing the system.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a business (operation) delay occurs due to access to the system and change of important information.
  • the autonomous ship cyber security management system 100 provides a response scenario by recognizing the threat factor as 'power outage' when important information stealing or malicious behavior occurs by accessing administrator/user privileges.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a deliberate business (operation) delay occurs due to access to and change of unauthorized information.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when an unauthorized person attempts to log in randomly and steals an account and falsification or destruction of important information occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when account hijacking occurs when a hacker invades because the password (PW) is not encrypted.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when infection and propagation of malicious code/ransomware occurs.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a malicious code propagation occurs by connecting to an internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario in case of unauthorized modification (manipulation) of important systems, delay / operation interruption.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when accessing important information and arbitrary manipulation of the OT network 150 by connecting to the internal network with an unauthorized terminal.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a system interruption occurs due to the removal/change of the LAN port.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a system shutdown occurs due to unauthorized manipulation.
  • the autonomous vessel cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when business delay occurs due to excessive traffic.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a navigation accident occurs due to arbitrary manipulation/modulation of important information on the OT network 150.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a business delay occurs due to system overload.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when exposure to intrusion through a port of a vulnerable service occurs.
  • the autonomous ship cyber security management system 100 When exposure to a zero-day attack occurs, the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when a system failure occurs due to the execution of a patch whose stability has not been verified.
  • the autonomous ship cyber security management system 100 recognizes the threat factor as 'power outage' and provides a response scenario when vulnerability to cyber attacks occurs due to missing security patches.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Technology Law (AREA)

Abstract

Un système de gestion de cybersécurité pour un navire de surface autonome maritime est divulgué. Le présent mode de réalisation concerne un système de gestion de cybersécurité pour un navire de surface autonome maritime, le système gérant la cybersécurité pour un navire de surface autonome maritime en protégeant à la fois des systèmes de technologie de l'information (IT) et de technologie opérationnelle (OT) d'un navire de surface autonome maritime, et en simplifiant le travail embarqué tout en respectant des réglementations de sécurité maritime de façon à empêcher des cyberattaques de se propager.
PCT/KR2023/000729 2022-02-15 2023-01-16 Système de gestion de cybersécurité pour navire de surface autonome maritime Ceased WO2023158111A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020220019444A KR102433928B1 (ko) 2022-02-15 2022-02-15 자율 운항 선박의 사이버 보안 관리 시스템
KR10-2022-0019444 2022-02-15

Publications (1)

Publication Number Publication Date
WO2023158111A1 true WO2023158111A1 (fr) 2023-08-24

Family

ID=83113574

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2023/000729 Ceased WO2023158111A1 (fr) 2022-02-15 2023-01-16 Système de gestion de cybersécurité pour navire de surface autonome maritime

Country Status (2)

Country Link
KR (1) KR102433928B1 (fr)
WO (1) WO2023158111A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024162927A3 (fr) * 2023-12-29 2024-09-19 Bts Kurumsal Bi̇li̇şi̇m Teknoloji̇leri̇ Anoni̇m Şi̇rketi̇ Honeypot pris en charge par des jumeaux numériques pour des ports maritimes intelligents à cybersécurité

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102433928B1 (ko) * 2022-02-15 2022-08-19 주식회사 오렌지씨큐리티 자율 운항 선박의 사이버 보안 관리 시스템
KR102578059B1 (ko) 2023-04-11 2023-09-13 사단법인 한국선급 자율 운항 선박 사이버 위험도 정량적 평가 시스템 및 이의 실행 방법
WO2024248529A1 (fr) * 2023-05-31 2024-12-05 한화오션 주식회사 Procédé de mesure de l'état de cybersécurité d'un navire, et procédé d'évaluation du risque de cybersécurité et de détection de signe anormal de navire
KR102821719B1 (ko) * 2023-05-31 2025-06-18 한화오션 주식회사 선박 사이버보안 상태 측정을 위한 방법
KR102729650B1 (ko) * 2023-06-02 2024-11-15 한화오션 주식회사 선박 사이버 공격 시나리오 개발 방법 및 시스템
KR102596396B1 (ko) * 2023-07-04 2023-10-30 손순배 선박 보안 서버 및 이의 선박 보안 강화 방법
KR102824543B1 (ko) 2024-11-26 2025-06-26 주식회사 이글루코퍼레이션 선박 통합 보안 관리 시스템 및 이의 실행 방법
KR102847531B1 (ko) * 2025-01-07 2025-08-18 동명대학교산학협력단 항만장비 ot 인공지능 분석기반 항만터미널 보안위험 모니터링 시스템

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050120875A (ko) * 2004-06-21 2005-12-26 엘지엔시스(주) 서버 보안 솔루션과 네트워크 보안 솔루션을 이용한시스템 보안 방법 및 이를 구현하는 보안시스템
KR101327477B1 (ko) * 2013-07-16 2013-11-08 서원기 통합 관제 및 제어 관리 시스템
KR20200029266A (ko) * 2018-09-10 2020-03-18 대우조선해양 주식회사 선박 통신네트워크 해킹방지 보안시스템
KR20200141774A (ko) * 2019-06-11 2020-12-21 대우조선해양 주식회사 사이버 보안이 강화된 스마트쉽의 통합 선내 보안 네트워크 시스템
KR102239769B1 (ko) * 2019-11-29 2021-04-13 호원대학교산학협력단 선박 정비 지원 네트워크 시스템을 이용한 네트워크 보안 방법
KR102433928B1 (ko) * 2022-02-15 2022-08-19 주식회사 오렌지씨큐리티 자율 운항 선박의 사이버 보안 관리 시스템

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050120875A (ko) * 2004-06-21 2005-12-26 엘지엔시스(주) 서버 보안 솔루션과 네트워크 보안 솔루션을 이용한시스템 보안 방법 및 이를 구현하는 보안시스템
KR101327477B1 (ko) * 2013-07-16 2013-11-08 서원기 통합 관제 및 제어 관리 시스템
KR20200029266A (ko) * 2018-09-10 2020-03-18 대우조선해양 주식회사 선박 통신네트워크 해킹방지 보안시스템
KR20200141774A (ko) * 2019-06-11 2020-12-21 대우조선해양 주식회사 사이버 보안이 강화된 스마트쉽의 통합 선내 보안 네트워크 시스템
KR102239769B1 (ko) * 2019-11-29 2021-04-13 호원대학교산학협력단 선박 정비 지원 네트워크 시스템을 이용한 네트워크 보안 방법
KR102433928B1 (ko) * 2022-02-15 2022-08-19 주식회사 오렌지씨큐리티 자율 운항 선박의 사이버 보안 관리 시스템

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024162927A3 (fr) * 2023-12-29 2024-09-19 Bts Kurumsal Bi̇li̇şi̇m Teknoloji̇leri̇ Anoni̇m Şi̇rketi̇ Honeypot pris en charge par des jumeaux numériques pour des ports maritimes intelligents à cybersécurité

Also Published As

Publication number Publication date
KR102433928B1 (ko) 2022-08-19

Similar Documents

Publication Publication Date Title
WO2023158111A1 (fr) Système de gestion de cybersécurité pour navire de surface autonome maritime
WO2021060857A1 (fr) Système de gestion de flux de commande de nœud à base de code d'exécution à distance et procédé associé
WO2018082482A1 (fr) Procédé de partage de réseau et procédé et système d'accès à un réseau
WO2016089009A1 (fr) Procédé et serveur cloud pour dispositif de gestion
WO2022114689A1 (fr) Procédé et dispositif de détection de logiciel malveillant basée sur une image, et système de détection de point d'extrémité basé sur une intelligence artificielle et système de réponse l'utilisant
WO2015142002A1 (fr) Procédé et dispositif pour partager des fonctions d'une clé intelligente
WO2017096604A1 (fr) Procédé et système d'échange, de transmission et de réception de données de vol, dispositif de stockage et aéronef
WO2020032604A1 (fr) Système de gestion d'accès et procédé de gestion d'accès l'utilisant
WO2017096601A1 (fr) Véhicule aérien sans pilote, et procédé de supervision d'état de vol et système de surveillance associé
WO2020101108A1 (fr) Plateforme de modèle d'intelligence artificielle et procédé de fonctionnement de plateforme de modèle d'intelligence artificielle
WO2019050244A1 (fr) Système de commande d'accès et procédé de commande d'accès l'utilisant
WO2019216739A1 (fr) Procédé et appareil de protection de sécurité dans un système de communication sans fil
WO2017084337A1 (fr) Procédé, appareil et système de vérification d'identité
WO2017035695A1 (fr) Procédé de transmission d'informations et dispositif mobile
WO2012077993A2 (fr) Système de serrure de porte
WO2019146812A1 (fr) Système de mise à jour de véhicule et procédé de commande
WO2020105892A1 (fr) Procédé par lequel un dispositif partage une clé numérique
WO2020060231A1 (fr) Procédé de surveillance de la sécurité d'un réseau, dispositif de surveillance de la sécurité d'un réseau et système
WO2021215787A1 (fr) Système et procédé de détection de caméra à ip sans fil
WO2017188497A1 (fr) Procédé d'authentification d'utilisateur à intégrité et sécurité renforcées
WO2017107158A1 (fr) Système et procédé de guidage de vol pour véhicule aérien sans pilote, terminal de commande, et système de vol
WO2020009418A1 (fr) Modèle de données yang d'interface côté fonctions de sécurité de réseau d'i2nsf
WO2020153660A1 (fr) Dispositif et procédé de mise à jour d'un jeton d'immobilisateur dans un système de partage de clé numérique
WO2019194428A1 (fr) Dispositif électronique partageant une clé avec un dispositif électronique externe, et procédé de fonctionnement du dispositif électronique
CN100458701C (zh) 输入输出控制装置、输入输出控制系统以及输入输出控制方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23756524

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 23756524

Country of ref document: EP

Kind code of ref document: A1