S-Platform < Digital seoul

S-Security(Smart Seoul Security)

Operation

Various cyber security threats are increasing following the acceleration of digital transformation, such as the expansion of online services.
The need for continuous response for security risks such as preemptively responding to cyber security risks and strengthening privacy protection.
A continuous response system for security risks is created to achieve a world leading cyber-safe city through strengthening control tower functions and privacy protection activities.

Status

S-Security status

Status
Personnel and equipment	Control targets (72 institutions)	Major functions
Personnel: 24 persons Control equipment: 8 types / 455 units (trespassing prevention and shut-off, DDoS response, etc.)	Seoul Metropolitan Council: 1 Seoul City Hall/Office: 17 District: 25 Metropolitan Hospital: 10 Financial Institution: 19	Cyber risk detection and response, analysis, and status display Violation accident investigation and analysis (digital forensic) Simulation training for responding to cyber attacks and privacy protection Information Security Management System (ISMS) operation

Expansion of AI-based Security Control System

An AI-based security control system appropriate for Seoul's cyber security environment was established to preemptively respond to cyber attacks which are becoming increasingly intelligent and large-scale.

Execution of pilot project in 2021

Connected establishment between 4 systems and development of a violation accident prediction model (applied to 18 institutions including city hall and offices)

Execution of pilot project in 2021

cyber attack(Seoul city hall, offices) → Attack detection log transmission(SYSLOG) → e-SeoulNet
Threat collection & analysis
operation console l collection/analysis
Collecting and storing raw logs/ Filtering and normalization
→ Target system Vulnerability removal
Security control officer Violation accident response → Violation accident prediction machine learning
Machine learning APP
Data preprocessing/Violation accident prediction/Model performance assessment and optimization
→ Feature delivery
Violation accident response
Violation accident response APPㅣDB
Dashboards/Violation accident response
Cloud-based Threat Intelligence System (CTIS) → Receiving threat information → Threat intelligence
Threat intelligence APPㅣDB
Receiving threat information from STIS/Feature delivery to the Violation accident response syste → Threat information delivery

platform flow - System, Content
System	Content
Risk collection & analysis system	Risk data (raw data) detected from security equipment in 72 security control institutions are collected for filtering and normalization
Violation accident prediction machine learning system	Attack classification detected through supervised learning and violation accident probability prediction A risk index based violation accident prediction model through time series analysis of attacks and correlation
Violation accident response system	A security control officer monitors and responds to detected attack types and violation accident possibilities in real-time
Risk intelligence system	Provides various risk information from Korean security companies and research institutes (harmful IP addresses, methods of attack for each entity, response method, etc.) through the cloud

Results from the 2021 pilot project will be analyzed and reflected in 2022 to expand on AI-based security control
(Expanded to 54 institutions incl. 25 districts)

Timeline

Seoul Cyber Safety Center (Jan. 2022-Dec.2022)
AI-based security control platform (2022-2022)
Cyber attack response simulation training (May 2022-Aug. 2022)
Website security vulnerability inspection, etc. (Jan. 2022-Jun. 2022)

List