Clik here to view.
<The first installment of “Leadership on a Safe and Secure Cyberspace” series >
The Korea IT Times will run the series “ Leadership on a Safe and Secure Cyberspace” from April to December. The first installment sets forth shortcuts to arming the SouthKorean cyber security industry with international competitiveness,and explores ways towards intentional cooperation.
The installment revolves around an interview with Kang Seong-ju,director-general of the IT Strategy Bureau at the Ministry of Science, ICT and Future Planning, to shed light on the Korean government’s policy directions following the passing of amendments of the Personal Information Protection Act.
Recently, red flags have been raised about South Korea’s handling of cyber security. Korean banks, credit card companies,and telecommunications operators have had stolen customer personal information in the recent massive data leaks, caused by either web hacking or managerial negligence or both. New cyber security solutions have been initiated following such large-scale cyber security breaches, but shown to be ineffective by another round of data breaches. Fears of data leaks damaging national defense, in addition to individuals, have intensified. Yet, there is an upside: they served as a wake-up call to the government and the private sector. This very expensive lesson has prompted the nation to come to grips with cyber “security”before a potentially much worse cyber attack occurs.
Kang Seong-ju, director-general of the IT Strategy Bureau at the Ministry of Science, ICT and Future Planning, takes a three-pronged approach towards information protection. First: nurture talent. “Experts on data protection technology are in high demand. Universities need to set up departments related to data protection to ensure a steady supply of cyber security experts to the market. And the nation’s cyber defense command needs to recruit more experts on protecting military data,” said Kang.
The private sector also offers programs designed to train experts on data protection. For example, the Korea Information Technology Research Institute (KITRI)’s BOB (Best of best) program aims to produce cyber security leaders. BOB graduated 120 counter white hackers this year. BOB, the nation’s leading cyber security expert training program, was launched last year to produce quality cyber security experts with a sense of duty and a positive view about national security. Under the guidance of renowned cyber security experts, both domestic and international, those admitted to BOB are taught key technologies in each information protection area and go through cyber security awareness training.
Second: develop technology. With studies on ubiquitous cyber threats like wiretapping, spamming,and smithing ,endeavors to develop new solutions to foil the latest evolving cyber threats should be urgently made. Governmentlevel efforts are underway in the country. The government is thrashing out ways to scale up budgetary support for the Electronics and Telecommunications Research Institute (ETRI),a government-backed agency, and for KAIST, and to assist universities and companies in nurturing talent and developing data protection technologies.
Third: reform legal bodies and institutions. Moves to revise the Personal Information Protection Act are again afoot at the National Assembly in order to impose tougher penalties on companies and organizations guilty of negligent data protection. Above all, Director-General Kang underlined the importance of adopting an “information protection rating system,” whereby companies are rated based on their data protection level. The information protection rating system, based on voluntary self-regulation, is devised to encourage private companies,prone to cyber attack,to enhance their cyber security systems.
Once this rating system is put in place, protected companies can use their high cyber security scores as a consumer marketing tool, thereby boosting sales and market share. On the whole, this rating system is expected to significantly improve Korean companies’ data protection levels.
Taking on the global market by narrowing the gap with cyber security powerhouses and collaborating with developing nations.
Varied missteps, such as technical limitations and personnel mismanagement, can be blamed for the previous data leaks. Despite continued monitoring, the leakage of specific traffic went undetected for a year. Furthermore, employees at cyber security contractors, hired to manage the customer databases for large companies, were poorly supervised.
In response to continued public outcry about shoddy management of customer databases, affected companies’ top management bowed low in apologized to their angry customers. From a long-term perspective, South Korea must learn something from such bitter experiences in order to take the domestic data protection industry and technologies to the next level and to nurture the industry into one of the nation’s key export industries.
To that end, domestic companies that specialize in data protection technology and home-grown technologies related to data protection must stay competitive. As global cyber security companies become notable names around the world after the investiture of time and energy to underscore their competitiveness, domestic cyber security companies have to strengthen their competitiveness;and the Korean government has to aid them in entering overseas markets through the provision of government assistance and global cooperation projects.
Preparations for global cooperation projects have occurred. A number of projects are occurring to help Korean cyber security companies make forays into overseas markets - for instance, a Korean-Kazak joint project for data protection and support for domestic companies’ participation in global data protection exhibitions. Such efforts will help reduce the gap between South Korea and advanced nations well prepared for cyber attacks,expediting the growth of domestic cyber security companies.
At the Declaration Ceremony for Mutually-beneficial Cooperation on National Informatization, held in March, Director-General Kang mentioned, “Today’s declaration ceremony is designed to offer all participants in national informatization an opportunity to focus their minds before setting about the building of an ICT industry ecosystem and the advancement of national informatization.” In other words,the government, clients, suppliers and the public should communicate with one another for close cooperation at a critical juncture when the nation’s data protection industry is in bad need to make a stride forward.
Hopes are pinned on the possibility that the South Korean data protection industry morphs into one of the nation’s key economic growth engines, which can lead the global market and enhance national competitiveness.