Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Separation Policy in Korea

757 views

Published on

This is a summary of my talk at Microsoft Digital Crimes Consortium 2017 Panel: "Going Offline - The Role of Network Separation in Government Civilian Networks" (March 14, 2017)

(Moderator: Kaja Ciglic, Microsoft, Panelists: Seungjoo Kim, Korea University; Ron Winward, Radware; and Erick Stephens, Microsoft)

Published in: Engineering
  • Searching sex for a single night? Welcome to http://goo.gl/1MPRGf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Network Separation Policy in Korea

  1. 1. 고려대학교정보보호대학원 마스터 제목 스타일 편집 고려대학교정보보호대학원MicrosoftDigitalCrimesConsortium2017 Network Separation in Korea
  2. 2. 고려대학교정보보호대학원 마스터 제목 스타일 편집 2 Who am I?
  3. 3. 고려대학교정보보호대학원 마스터 제목 스타일 편집 3  Leading institution in research and education in cybersecurity of Korea  2000. 03. : Founded Graduate School of Information Security domestically for the first time  2009. 12. & 2010. 08. : Successively won DC3 Digital Forensic Challenge 2009 & 2010  2012. 03 : Established Undergraduate Dept. of Cyber Defense  2015. 08. : Won the TOP prize at the DEFCON CTF 23! Korea University
  4. 4. 고려대학교정보보호대학원 마스터 제목 스타일 편집 4  Established in 2012 (Inspired by Israel's Talpiot program)  In 2016, we graduated 30 students for the first time.  Joint educational programs with Korea Army (Cyber Command)  Full Scholarship over Guaranteed Employment  Upon graduation, they are to be commissioned as second lieutenants and must serve in the military for seven years  Accept top 0.4%~0.6% of students in the national college entrance exam Dept. of CYDF @ Korea Univ.
  5. 5. 고려대학교정보보호대학원 마스터 제목 스타일 편집 5 Network Separation Policy @ KR
  6. 6. 고려대학교정보보호대학원 마스터 제목 스타일 편집 6  From 2007, South Korean government (National Intelligence Service & Ministry of the Interior) adopted the network separation policy.  All the state agencies  Government ministries & their affiliated agencies  Local governments & their affiliated agencies  Public enterprises  Public institutions Public Sector
  7. 7. 고려대학교정보보호대학원 마스터 제목 스타일 편집 7  In the beginning our government stuck to the “physical” separation.  Because of the high cost, from 2010, allowed “both” methods.  Logical solution should receive ≥EAL2 CC certification. Public Sector
  8. 8. 고려대학교정보보호대학원 마스터 제목 스타일 편집 8  From August 2012, our government (Korea Communications Commission) adopted network separation policy also for the private sector.  ISP (Internet Service Providers)  Big web portals with an average of more than 1 million visitors a day  Naver, Daum, etc.  Recently, also for defense companies Private Sector
  9. 9. 고려대학교정보보호대학원 마스터 제목 스타일 편집 9  On 20 March 2013, the computer networks of major television stations and 6 financial institutions went down by cyberattack. ATMs and mobile payments were also affected.  After this attack, on July 2013, our government (Financial Services Commission & Financial Supervisory Service) extended their coverage to the financial sector. Financial Sector
  10. 10. 고려대학교정보보호대학원 마스터 제목 스타일 편집 10  Our government believes that the network separation policy is so effective!  Main adversary of Korea and main drivers of network separation policy in Korea is the state- sponsored hacking groups, especially North Korea.  1,700 hacking workforces + 5,000 support staffs  They detects more than 1.4 million hacking attempts against critical infrastructure every day.  According to them, the attack success ratio has decreased after adopting the network separation policy in the public sector. Effectiveness
  11. 11. 고려대학교정보보호대학원 마스터 제목 스타일 편집 11  Network separation conflicts with other policies such as smart work(president’s election pledge), cloud service(president’s election pledge), cross- border private data transfers, etc.  Our government permits cross-border data transfers, provided that the data subject gives prior consent. This makes conflicts with network separation policy.  Thus recently our government amended the network separation policy to allow exceptions except for sensitive information such as financial transactions  In the coming industry 4.0 era, it will be worse and worse. Controversial Points (I)
  12. 12. 고려대학교정보보호대학원 마스터 제목 스타일 편집 12  Even though using air-gapping, good hackers can still circumvent an air gap :  Removable Media (e.g. USB Sticks)  Malware in Hardware (e.g. graphics card)  Compiler & Build chain  Malicious Updates  Social Engineering  Use of subcontractors, … Controversial Points (II)
  13. 13. 고려대학교정보보호대학원 마스터 제목 스타일 편집 13  However, wrong belief on network separation usually weakens the security mind or security awareness of people.  Usually (non-expert) people think that network separation is maximum condition for security.  (e.g.) In December 2014, a hacker who claimed to be against nuclear power development posted some of KHNP(Korea Hydro & Nuclear Power)’s confidential data on his internet blog. KHNP’s intranet was isolated, but… Controversial Points (II)
  14. 14. 고려대학교정보보호대학원 마스터 제목 스타일 편집 14  In order to regain efficiency lost in some forms of network separation, unintended vulnerabilities are subsequently created.  Even though adopting network separation policy, we should update S/W located in Intranet continuously. And in some cases, we should transfer email attached documents into the Intranet.  What is even worse is that nowadays people can use tethering service! Controversial Points (III)
  15. 15. 고려대학교정보보호대학원 마스터 제목 스타일 편집 15  Network separation isolates users from services that are at the core of emerging architectures such as smart work service, cloud service, and so on.  But we can reduce this conflict. Usually people think that network separation or air- gapping means the isolation of local intranet from the public unsecure internet. But I think that at least government and military networks should be physically (or logically) separated according to the more detailed classification of data. Controversial Points (IV)
  16. 16. 고려대학교정보보호대학원 마스터 제목 스타일 편집 16  This, of course, increases the cost. But once you define different separated zones based on where the sensitive information resides, non-sensitive or non-confidential data zone can be linked with smart work or cloud service. Controversial Points (IV)
  17. 17. 고려대학교정보보호대학원 마스터 제목 스타일 편집 17  Adopting the air-gapping policy increases the cost, and it makes people inconvenient.  Furthermore, without proper security education, people tend to use USB or tethering service in wrong way.  But I think that, to some extent, the network separation policy is effective for security.  Furthermore, if we use network separation together with the detailed data classification policy, we will be able to reduce the conflicts between the network separation policy and the emerging technologies such as Cloud and Smart Work service. Conclusion
  18. 18. 고려대학교정보보호대학원 마스터 제목 스타일 편집 고려대학교정보보호대학원MicrosoftDigitalCrimesConsortium2017 Network Separation in Korea

×