SEOUL, KOREA - On May 27th, the Future Information Forum 2013, hosted by Saenuri party, was held at the National Assembly Library. This year’s theme was “Crisis management of the national cyber terror and promotion of information security industry”. Nearly 100 participants, including politicians, government officials, professors and industry experts, gathered to discuss the need for enhancement in Korea’s cyber security industry.
Lee Ki-Joo, President of Korea Internet & Security Agency (KISA) said, “Korea’s cyber crime rate rose by 67.4%, from 11,690 in 2011 to a total of 19,570 crimes in 2012. The biggest challenges are simultaneous attacks from different areas such as media and finance, and also the increasingly elaborate and organized attacks. We need to establish effective countermeasures and the government’s action is insufficient to do so. As a result, the anti cyber crime industry must be fostered.”
Korea should adopt institutions to intensively manage companies that have security incidents, and institutionalize the strengthening of cyber security and investment promotion. It is necessary to designate a Chief Information Security Officer (CISO), and to establish sound guidelines that require companies to allocate information security personnel or budget, he said.
Lim Jong-in, dean of the graduate school of information security at Korea University said, “It is necessary to foster talented cyber security personnel. Today, merely 200 members from the NIS, KISA, and police are forced to deal with over 30,000 cyber attacks every year. While it is estimated that South Korea’s white hackers amount to 200 ~ 300 individuals, the North has roughly 12,000 hackers.”
“Systematic training programs to foster white hackers and professional analysts are necessary. Setting up security-specialized universities can provide a firm solution to this need.”
Chung Kyung-won, CEO of Symantec discussed the need for “Big Intelligence” based on cloud and big data. First of all, he talked about the need for information collecting ability to battle outside attacks. “To prevent attacks, we first must understand what factors are dangerous and threatening. One with more information will be able to countermeasure more effectively. If Korea’s Intelligence has no knowledge of outside information, the country will remain highly vulnerable. Government’s ability to collect data globally is imperative for security measures to function properly.”
“Second is the protection of the core information of a company. Key information of an organization usually accounts for 5% of total data. However, most companies do not know what to protect and spend a substantial amount of effort protecting the remaining 95% of information. This highlights the importance of recognizing core information. Third is the recognition of normal and abnormal behavior of employees. For instance, if an employee accesses a server at 3am that they normally would not, this should raise a potential white flag. As such, it is important to understand the behavior of employees and recognize abnormal behavior”
Jung Yeon-tae, a chairman of information & science committee of Saenuri Party emphasized the need for legislation of revised bills in order to foster the cyber security industry.
“Despite countermeasures, seminars, and publications, national cyber terrors have been repeatedly occurring and the cyber security industry has been stagnant in recent years. The number and quality of personnel is not on the rise. The government doesn’t seem to be aware of the fundamental problems,” Jung said in an interview with Korea IT Times.
“Fostering technology and creative ideas is important. However, what the industry needs most is finances to back it. Instead of doling out R&D funds, the government should create a platform where finances are available to flow into the industry. In order to do that, the implementation of relevant laws is important.”
To date, the industry has had only established punishment regulations which have only lined the pocket books of law firms. In order for money to flow back into the business, the industry needs to establish obligation regulations and punishment regulations simultaneously, he said.
“For instance, Korea’s three major telecom operators, portals, home shopping and financial institutions are the most vulnerable to private information leakage. As such, obligation regulations should be placed on the companies. The laws should mandate a certain number of cyber security personnel and departments as a ration in terms of the total employees, and also assure that a preordained amount of the company’s budget is allocated on cyber security technology development,” he said.
If the company violates these rules, and subsequently private information leakage occurs, they should be held accountable with a severe penalty. Currently, companies do not invest enough money in cyber-security, as the penalty is only a slap on the wrist, Jung said.
“At first glance, companies may be opposed to this idea, but upon closer examination, the benefits of adhering to the rules outweigh the negative drawbacks. These rules can be used as a viable tool to persuade companies’ CEOs who prefer to pay a fine rather than investing in security. If the law is implemented and followed up with, security personnel are expected to increase from 2,000 today to nearly 15,000 to 20,000 in the next 5 years, and also sales in security products and service will increase from 200 billion to 2 trillion,” Jung said.
“This legislation would lay the groundwork to create a platform that the government can use to boost the cyber security industry, to protect information of the public, and ultimately to prevent national cyber terror.”
