Cybersecurity Requirements for Critical Infrastructures

Abstract

A cyber-intrusion incident on critical infrastructure has a very serious national and social impact, which will result in paralysis and confusion of national functions. In order to strengthen cyber safety and prevent cyber-intrusion accidents on critical infrastructure, systematic information protection risks in the direction of strengthening the level of blockade by inflow path of cyber threats and strengthening the capability level of security equipment to appropriately respond to incoming cyber threats management is absolutely necessary. To strengthen the cyber safety of critical infrastructure, first, it is necessary to establish a new BDLA (Blockade and Defense Level Analysis)-based information protection risk assessment standard. Second, it should be mandatory to restrict access of overseas IPs to web-based information systems operated by critical infrastructure. Third, it should be mandatory to strengthen the level of information protection of private participants who access the information system of critical infrastructure. Fourth, cyber threat response efficiency should be improved by standardizing the operation sequence of security equipment in critical infrastructure.