양식 1 - PDF 무료 다운로드

연구보고서 2015. 6. 15

1. 2.,,, 3.

. 2015. 6. : :

1 1 1 2 : 3 2 1 6 2 8 3 : 11 4 : 12 3 1 20 2 : 22 3 28 4 31 4 : 1 33 2 : 34 3 37 4 38 5 1 41 2 44 3 62 4 68 6 1 71 2 72 7 74

< 1-1> 3 < 2-1> 9 < 2-2> 10 < 2-3> 10 < 2-4> 14 < 3-1> 22 < 3-2> 23 < 3-3> 26 < 3-4> 27 < 3-5> 29 < 3-6> 29 < 4-1> : 35 < 4-2> 39 < 5-1> 42 < 5-2> 44 < 5-3> 46 < 5-4> 50 < 5-5> 51 < 5-6> 52 < 5-7> 52 < 5-8> 53

< 5-9> 54 < 5-10> ( ) 54 < 5-11> 55 < 5-12> 56 < 5-13> 57 < 5-14> 58 < 5-15> 59 < 5-16> 60 < 5-17> 64 < 5-18> 66 < 5-19> 67 < 5-20> ( ) 67 < 6-1> 73

< 1-1> 4 < 2-1> 11 < 2-2> 12 < 3-1> 21 < 5-1> 43 < 5-2> 46 < 5-3> 58 < 5-4> 59 < 5-5> 61 < 5-6> (JCOC) 64 < 5-7> 65

1 1,, 3..,. 1), (DDoS)..,.,. IT, (- -).. 2009 2011 7 7DDoS, 3 4DDoS, 2013 3 20 6 25. 2014 12 ( ) 2015 3 17. 1) 2009 3. (IISS) 2010 (Military Balance),,,, 1950. - 1 -

. (kimsuky)' (IP). 2)....,,..,. 7. 2.,..,.... 2), 2015 3 18-2 -

. 3 1... 1-1 : ( ) 2015 2 16.. 7.,..,,. - 3 -

... 2...,,,.,, (KISA),. ()... 1-1, / 1 2 /,, - 4 -

3. 1,,.. 2 2. 3. 3.. 2020..,,. - 5 -

2 1 1..,,... (NCOE, Net-Centric Operational Environment),,, (C4ISR + PGMs).......,.,,.... 3) - 6 -

(Use of Cyberspace) (Quantum Leap in the Battlespace Awareness Capability).,. 2.. ( 合同作戰, Joint Operation),, 2,. 4)...,,,,,,.. 5. ( 合同性, Jointness),,, (Synergy) 5). (, ) ( ) 4) 0,,, 2014. p. 2~15. 5), p. -13. - 7 -

.. 6),.,..,,.. 5. 2 1.,. (Cyberspace),,.... (cyber warfare) (Cyberspace),. 7) 6) (System),..,,, (). 7),,, 2010. p.10. - 8 -

,..,,,.. 3.......,,,.. 2-1 8) - - -, - S/W - s/w, - / - / -s/w,, - -/ -,, 2.,,,,.,, 8), p. 14. - 9 -

.. < 2-2>.,.,,. 2-2 (),,,, 9),,,,... 2-3 10) (, ) (), ( SYN Flooding, ICMP Flooding DoS, DDoS, IP Spoofing, Sniffing, ),, (,, ) SQL injection, PHP include, CGI,,,,,,, (Phishing),,,, (SMS Phishing), 10),, 2013. p. 171. - 10 -

3,.. 2-1 2-2... (JMS), (JSOP), (JSCP)..,,. (JOPES).. - 11 -

... < 2-2> 4 1...... - 12 -

., ICT. 2013... : 11) 1), 2007 5. NATO (CCDCOE) 12) IT,, 2013....,. 95,.. 11) N.,, Tallin Manual, 2014. 12) CCD COE: Cooperative Cyber Defense Centre Excellence - 13 -

2),,,,,.. 2-4 (1994 ) (2013 ) - - -,, - - - - * - 1 : *, * :, * 1-19 - 2 : *,,, * * * * 20-95 95 -, -, ICRC *, -,,, *, NATO - - - - -1913 - - 14 -

,.,,. < 2-4>. 2. :...,.,..,, ( ),,.,.. 2,,..,,...,., - 15 -

,,.. 2,... 13). (Attribution).??,?..,. 14),. 15)...,,,.. - 16 -

... (Proportionality).........,..,... (Necessity).. - 17 -

.. ()...,.... (Malware).... 8.,,,,,,,..,....... - 18 -

.,,....,.,,,... - 19 -

3 1 1. :,. 1991.,.. C4ISR...,,,.,. 16) 121-20 -

(121 ). 2007 2 35,. (121 ),. 17). 3-1 18) (121 ) 3,000. 121, 2013 3 20-21 -

6 25 7 7DDoS 2011 3 4 11 GPS. 2.,.,,.. 3-1 -, -,,, -,, - - :, - :, GPS -:, -, *,, 2013 3 20, 6 25 2 : 1.,. 2009 2011 7 7DDoS 3 4DDoS, 2013 3 20 6 25., 1-22 -

2007. 3 20 6 25. 19). 11 PC. 20) 2014 5 4 2.,,. 2. 21),.,. < 3-2>. 3.4 (2011 ) 3-2 (2011 ) (2012 ) 3.20, 6.25 (2013 ) APT APT APT 40, - 23 -

PC (116,299 ) PC PC PC, PC(48,832 ) PC 2014 12. 22).. 2..,,,,.... (Electro- Magnetic Pulse).. 1998 22) 2015 3 17-24 -

NATO.. NATO, 24., CIA... 23) 2003.,. ( ) C4I.. 2007 4 3.,, (DDoS) 3.. 2008 8. 3,.. 2010 6 (SCADA). 24) - 25 -

(busshehr) (Natantz) (Stuxnet) 25). < 3-3>. (1991 ) < 3-3> - (Electro-magnetic pulse) - * (1999 ) (2003 ) (2007 ) (2008 ) (2010 ) - - : NATO,, 24 - CIA, -, - -, - :,,, - 3 -, - 1000,, * 4 * 2014. 12 :. 2014 11 < >, 1 < > - 26 -

12 15. 2014 12 17,. (FBI) 2014 12 19, (IP).,, (respond proportionally),. 2015 4 1 26). 26) 2014 12 19 2015 4 3 3-4 1981 6 7 2007 9 2010. 6 Ops Babylon Ops Ochard () Osiraq Al Kibar * F-16(8 ) F-16 * : 1700 F-15I, F-16I * *Suter: : *, (Jamming) *Stuxnet ( ) *APT ; * - 27 -

*, + *, * : Suter ( ) + + + *, USB,,,, AP * + 1981 F-16, 2007 F-15,,, 2010.. 3 1.. 2008 3 6, 2009 F-35. 2007 10 (AF CYBER) 2010 5 (US CYBER COM). (NSA), ///. Cyber Storm' 2009,. 2011 5.. - 28 -

3-5 27) 1 2 3 4 5 - *, - * - *, -, * - *, 2012 8 Plan X'. 2017 180 (2013 34).. 3-6 28) / 0 1 2 3 4 - * Shape - * Deter - * Seize Initiative - * Dominate - * Stabilize - -, - - - - - - 27) Department of Defense, Defense Strategy for Operating in Cyberspace, US DoD, 2011. 28), 52, 2012. p. 28. - 29 -

5 - * Enable Civil Authority - - (JCC: Joint Cyber Center). JCC,, (INFOCON). (), (), /,,, 14. 29) 2. 1991.. 1997 6, 2000, (Net Force). 2009 4.,, 4., 2000. 2010 4 8 China Telecom" 17,, 500. 30) 1992,,,. 1998. 29), 59, 2014. p. 75. - 30 -

,. 4,.,...,,.. 2009 3. (,,, )...,.,...,., (NSA). - 31 -

///, (JCC) /,, JCC, (INFOCON). 31) 31),, p. 75. - 32 -

4 : 1 1..,,,... 2013. 3. 20 6 25 / ( ). (121 )....... 3.,.. 2013,,. ICT,. IT. - 33 -

.. 2014 12?. 32) 2.,. CERT 33).,,, - -... CERT. 2 : 1.., 2015., 2015 2 32), 2014 12 22 33) CERT: Computer Emergency Response Team, - 34 -

.. 2014.. CERT... 34),,. 4-1 : () - - * * * : * CERT : * CERT : * CERT, CERT,,, PC,, 34). - 35 -

2. (, ).,,..... ( ) CERT.,.. 3..., CERT... - 36 -

.. 2014. 2013........ (), ( ), ( ), (, ). 3..,, ( ).,.. - 37 -

.,,...,,. ( ). 4 1...,.. 3.., (, ).. (, ), 2007 F-16 F-15K,, ( ). (, ),. - 38 -

2...,,.. (JCOC). JCOC,. (CSC).. 3. # 1 :,, (, 2015. 2. 16), # 2 : (:,, ) # 3 :,, (, #2 ) 4-2 # 1 # 2 # 3 - - - - : - - ( 35) * : ) *: *: - -, - - - - - - - 3 2 1 () - 39 -

5 # 3. 3.. 3.,,,,,..,.. 4. DOTMLPF (D), (O), (T), (M), (L), (P) (F).... 35) (, 2002. 2. 1 ), 4. - 40 -

5 5. 2, 3 4.,.. (DOTMLPF),. 1 : 1.. (),,..,..,,..... - 41 -

2. METT+TC.,,,,. 5-1 () M() - - *(, ) - *, - E( ) T( ) T() T() C() - * + - *, - : - *, - *,, - * * - *, *-- -,, *, / - * - *: (, ) 3 *:, - : * * - *,, - - *, - * - * + - *,, *, *,, - *: S/W - 42 -

3.,.,.. 36).,...... 5-1 我, 敵 + +,..,,,... 36) ( 17494, 2002.1.26), ( 24413, 2013.3.23.) 1 (), 4 ( ). - 43 -

.. 5-2 - - : - : S/W, -/ : - : - : * - - :,,, - : -/ : - : - : *.,..,..,,.,... 2 1. :. (System) ( 定義, Definition). - 44 -

.. ( 體系, System)). 37)..,. 38),...... (Rule) (Process).. (Feedback)....... 37), 2015 5 28 38),,. Input, Throughput, Output. - 45 -

5-2 < 5-3>. 5-3 1 (Purpose) -. -. -, -. 2 (Organ) 3 (Rule, Process) 4 (Feedback) - (). -. -. -. -. -. -. -. - *,. -. *. -,. -.,,,. - 46 -

2......,, 2,.,......,,..,,,,..,,,. 1990,,.,. - 47 -

. 1) (, ),..,....,,.. 2) (,, JCOC),..,.,,,,,.,,,., - 48 -

,.... (JCOC).. 3. 3) (, ),,,..,,,,,,.,.,.,... CERT... 4) ( /, ),,,,. - 49 -

,,.,..... 6,,, 3. 5-4 () * - * * -,, * () () * (JCOC) 39) * (CSC) 40) (CSC) (CSC) (6 ) * (3 ) * * *, * * * *,,,, 39)JCOC; Joint Cyber Operation Center 40) CSC: Cyber Support Center - 50 -

.,,,.. 1),... < 5-5>. 5-5 41) : -, - - - * WMD,,. *. - * GPS.,... < 5-6>. 41),, 2014 7-51 -

5-6 #1 #2 #3 #4 #5 -. *,,, + -,,. -. -. - -. -. - -. -,. -. -. - : :,, * ; *,.. 5-7 - - * * - * ; -, - * * * - - - - - - - 52 -

(JMS) (JSOP) (JSCP) - - - - - - - - - - - - - * * - -, - * - - -, ( ). (JSPS) (JOPES).... 5-8. -. -. -,,,. -,,. - -,.,,,. - 53 -

2)... 5-9 -,, -,,,, -,,, - -, -, - - -,,, - -,, * -, *. 42). *,,,,,,.. 5-10 ( ) - *, *, 42). - 54 -

- * *, -, -, -, -, - * * *, - : - :,,.,,,,,. 5-11 0 : 1 : 2 : 3 : - - - -, -, - -, - - - - - - *,, - 55 -

4: 5: -MDL - *, - -,,,,,,. 5-12 1 2 3 4 5 6 7 / - * * *,, - * * * - * * * - W/G, * * *, - * * -, *, * -, *; *; - * * - * * - * * - W/G * * * - *, * -, * - * * - 56 -

...... 5-13 1. 2. 3. 4. 5. -CERT, - -, - * * -, * : -, * CERT -,, (, ) - -100% * - * (IDS) * (IPS) - * :, ;, * - - - *,,,, (CNO).. - 57 -

5-3 - - - *, -CERT */ - - - *, - - - - *...,., (),.. 5-14 () - -, - *, GP/GOP -, - - - - - -, - - *, - : - - *, - *,, -: - 58 -

,, (),.... 5-4, INFOCON DEFCON OPLAN,.,. 5-15 #1 () - *,, - *,, - :, CIH DDoS APT 3 20, 6 25 //, - - - -, - * - CERT - *, * - CERT - 59 -

#2 ( ) #3 () - * ( ) - *, * * *GPS - * ( ) - * - *KISA, # 3.,.,,,..,. 43). 5-16 - - - * * * - - -, * - * -METT+TC - +, -, -,,, feedback 43).. - 60 -

. (Feedback) 1).. ().. 44)..,.. 2),,...,.. METT+TC.. 5-5 44) NAVER,, 2015 6 1-61 -

.,,.. METT+TC. (M),. (E),. (T). (T). (T).. (C),,,,. 3 1. (D)..,, ()..,,. 45) - 62 -

. ()....,..., ( 交戰規則, Rules of Engagement). 46), 47),,, ( ),,,.,, < 5-17>. - 63 -

< 5-17 - - * *. *, - *,, 2~3 - -. - (). * *, 2. (O),.. 5-6 (JCOC) ( ) / /,,,. JCOC. - 64 -

,.,...,. 13,,,,.. 5-7 () (3 ) (2 ) (5 ) (2 ) 13, 7 3 3 1. 3. (M).. < 5-18>. - 65 -

5-18 - (IDS) - (IPS) * * *, *DDoS * *UTM - *DDoS, IP Soofing - *, - *,, - *,,, - :, 4. (L) (P)....,,....,.,....,..... - 66 -

5-19 (17C0) (17D) (3D0, 3D1) (1B) (3D) (1B4) 33S (17D) (255S) (17DXA) (255Z) (17DXB) (35Q) (1600), (1610) (0605) (0650) (0651) (0689),,,.,,,... Gold Master () Master () Star () Basic () Symbol Mark () 5-20 ( ) Master 5 3 / / 10 Star 10 7 / / Basic 5 5 / ( 2 ) ( /) 1 / / 2 / 3(, ) / 4 2 5 (, ),, / - 67 -

5. (F).,....... 48) 4 : 1. 49)...,..,. 48) 2016-2020 1000. 49) ( 316, 2013. 9. 2) - 68 -

. 50).,.,.,... KR UFG.. 2..., 3. 51), (Interpol) 50) 15.. 51) (UNGGE), 1, (ITU), 2009 3 ( 戰 ).. - 69 -

, NATO (CCD COE), ( ), ( ), ( ),. (Middle Power).,. 2013.. NATO,.. - 70 -

6 1.. ㆍ ㆍ.,,,,..,.,.. 52)...,..... 52) 0,, (, 2014), pp. 2-16~17. - 71 -

2.,,,..,,.,...,,,,.,,........,,. 2.,.. - 72 -

.,.,,.,,...,,.. 6-1 -, -,, - -, -,, -, - - - C4I -, C4I * - - : - - -, - -,,, *, - -,, - -, -2 - -,, -, - ( ) -, - - * - 73 -

7,.,. IT, (- -).. 2009 2011 7 7DDoS, 3 4DDoS, 2013 3 20 6 25. 2014 12 ( ) 2015 3 17.. (kimsuky)' (IP). 53)..,. 2015 2 16., 1 53), 2015 3 18-74 -

.,......,,..,. 7. 5.,. 2015 2.. - 75 -

.,.,..,,,. ( ),,,.,.,.. UN 3.. Plan X.. (ADD). (D), (O), (M),.,..,,... - 76 -

.,.,...,..,...,. 1907 1949....,. - 77 -

, 21, KIDA, 2003., 2012 SW, /,, 2008.., KIDA, 2011.,,, 2010.,,, 2011., 2011(2011 5 )., i War,, 2010.,, KIDA, 2009.,,, 1995., 21-28 ( ),, 2015., NCW,, 2011., : Tallin Manual, 2013. 0,,, 2014.,,, 1993. 48., 2011.,,, 2009.,, 48, 2,,,, 2011.,,, 2008.,, 3-78 -

5, 2002.,, 2010,, 56,, 2013.,, 32. 2010,, 新亞細亞,18 4 (2011, ),,,, 2005, 55, 2012.,, 48, 2005. KISA. 2010,,. 2013,,, 2014.,, =, 2014. 11. 24, 軍 11, 2010. 1,, 2010. 10. 21,, 2000. 11. 28. http://search.naver.com http://search.naver.com http://:search.naver.com www.donga.com - 79 -

() 2007 ( ), 1993 ( ) 1979 () * ) * ) * 3 C4I * ) KIDA 2007 ( ), 1988 ( ) 1979 ( ) * ) * * KIDA 2000 1992 1989 (),, (), () * * - 80 -