Cradle of Cyber Security
Korea Information Technology Research Institute (KITRI) is a special public institute that was established in 1985 for the research and development of cyber-security technology and training of IT-security human resources under the Ministry of Trade, Industry and Energy (MOTIE).
When Dr. Yoo Joon-sang was appointed as the ninth president of KITRI in 2010, he first noticed that South Korea was very vulnerable to cyber threats, and needed to take immediate actions to defend the nation. So, he declared the need to train cyber-security specialists as the first project to execute. He called it the Best of the Best (BOB), a cyber-security leader training course which offers basic knowledge on information security, simulated cyber-terror defense mechanisms, cyber-forensic cases, and virtual consultant internships. This project has now expanded to training young high school and college students and even chief information security officers (CISOs) who will be given the authority to make decisions on security issues that require immediate attention. The course is designed as a survival game and awards 20 million won (US$18,500) to winners. BOB has already received spotlights not only domestically, but also globally via CNN, SC Magazine, AFP, and Sky News.
In March this year, KITRI held the second authentication ceremony to award ten winners in the survival game conducted as the second BOB training program. A total of 480 white hat hackers applied for this program, and 120 were selected as contestants. They went through an eight-month training program in two phases, learning core technology and knowledge and testing what they have learned through simulations. The winners received a chance to work or study at their desired places. They had a choice between going to school, starting a business, getting a job, or serving in the military with advanced benefits. Also, they get to meet periodically to exchange information and widen their network. In the first BOB training, KITRI had released 60 trainees. This year, the number of trainees doubled.
On March 20, 2013, 32,000 PCs were infected with a Trojan horse virus. Not knowing where the virus came from, information security companies that analyzed the situation came up with different theories about the attack. As if proving that the solution given at the times was insufficient, the nation was again cyber-attacked three months later in a similar way on June 25. The Ministry of Science, ICT and Future Planning (MSIP) then ordered KITRI to expand its information security training. That is how KITRI doubled the number of students for the second BOB training class.
Due to the high-speed Internet environment, South Korea’s IT industry has grown, and is still growing at an incredible speed. Just a few months ago, Vice President Mitchell Bell from Marvel Studio said it chose South Korea to shoot some of the scenes for its film “Avengers 2” because it is well aware how influential South Korea can be when it comes to online promotion. Marvel Studios was looking to use over 10 billion won (US$9.8 million) to shoot the scenes in South Korea and earn back 25.1 billion won (US$24.6 million) in return. It was also considering the intangible financial benefit of over 2 trillion won (US$1.96 billion) in online promotion by choosing South Korea.
But, like all things that grow up too fast, there is always a side effect. For overlooking the significance of information security in exchange for speed, South Korea became a fat target for cyber attacks. When broadcasting companies and banks like KBS and Shinhan Bank fell under attack on March 20, 2013, the Korea Communications Commission (KCC), National Cyber Security Center (NCSC), Korean National Police Agency (KNPA), and Korea Internet & Security Agency (KISA) quickly gathered and made up a cyber threat cooperative response team. However, they were not able to find out how the attack was made, and ended up concluding that they “assume” that the virus spread while updating servers. A week before the incident, many specialists already predicted the attack and warned that the virus was spreading, and even North Korea brought up the possibility of cyber terror. But the government, broadcasting companies, and banks all ignored the alarm.
The only way Yoo thinks that they can prevent cyber attacks from repeating is to train the next generation of cyber security leaders the right way. KITRI has formed MOUs with many IT-related companies and institutions to teach students better. It has signed a contract with Symantec Korea, Blue Coat Korea, and Hancom to train the next generation of information security leaders, and SK Infosec, Wins, and Korea University Protection Information Department (KUPID) to train CISOs. To utilize the graduates, it made a cooperative alliance with the Ministry of National Defense (MND) and MSIP.
The people who are already in the IT industry have already lost faith in their jobs. The working condition is terrible due to overtime, low pay, and disorganized information. Many have already left the job, gone abroad to study or get a job, or changed their careers. To end this vicious pattern, the entire IT environment needs to be overhauled, and the only way to do this is to prevent the next generation from going through the same thing the previous generation went through.
Dr. Yoo stressed, “The fundamental solution is to make a control tower exclusively for cyber security under the National Security Council (NSC).” As of now, institutions like KCC, NCSC, and KISA are in charge of their own information security, so currently there is no integrated body that takes charge of all information security issues that happen in the nation. He continued, “This will slow down the response when cyber attacks actually occur, and the consequences can be critical. Also, the head of the control tower should not only be given responsibility, but authority as well, so that he or she may take actions quickly before the problem spreads further.”
This is not the first time Yoo had expressed his opinion about the importance of cyber security. When he became the chairman of the Economic Science Committee at the National Assembly in the late 1980s, he requested an increase in budget for science technology and even an organization directly under the President’s command exclusively. He had already known the importance of information security even before IT technology started to be utilized in full swing. In 1994, the National Assembly’s Intelligence Committee was established as he requested.
KITRI’s current goal is to train 10,000 IT security specialists. According to the latest research Korea Statistical Information Service (KOSIS) compiled in 2012, there are approximately 360,000 companies in South Korea, but only about 40,000 companies pay attention to information security. President Yoo said, “There should be at least 10,000 information security specialists to make cyberspace safe from cyber break-ins,” and, “Some people even assert that there should be one information security specialist for every company, which means we need to train 36,000 people, more than triple what we intended. That’s a lot.”
To demonstrate the importance of information security, KITRI held the K-BOB forum in February this year. Yoo had been appointed as the forum chairman. He said, “If cyberspace is in danger, the whole country is in danger,” adding, “We should do everything we can to protect our cyber territory. We need to prevent accidents before they happen.”
Dr. Yoo, who served four terms as a member of the National Assembly, is this time in charge of country affairs once again as a reassuring prop to nurture the nation’s next-gen cyberspace security specialists.