[Viewpoint] The need for a cybersecurity program

The latest series of security-related incidents in the financial sector clearly illustrates that a cyberattack can create serious social confusion and monetary loss in today’s “information economy.” Most financial transactions are completed online and even the slightest glitch may lead to a catastrophe at the national level.

The financial sector is not the only field that is so vulnerable to cyber attacks.

Technologies like smart grids and mobile and cloud computing are evolving rapidly, and without the guarantee of security, we may be faced with political, economic and social chaos.

Now, a hacker penetrating a key government network and paralyzing the country is no longer an idea confined to the realm of fiction, like in the movies.

A study by Symantec supports the risk. Symantec surveyed 1,580 companies in key industries in 15 countries around the world, including Korea. According to the “2010 Key Industry Infrastructure Security Protection Condition Report,” more than half of them, or 53 percent of the companies, rsaid they had been the target of cyberattacks with political purposes.

The damage from cyberattacks carried out with political intent in the last five years is estimated to be $850,000 per company.

In fact, the world was shocked when a worm virus targeting global energy companies was discovered in July 2010.

A Windows computer worm named Stuxnet was a “cybermissile,” which can penetrate control systems in key industrial sites like nuclear plants, power stations and steel facilities. The worm is capable of causing a lot of damage by causing confusion in the control system.

Advanced Persistent Threats, including targeted attacks, are becoming more advanced and specialized, and countries around the world are defending themselves in the “quiet war” by installing a government agency in charge of cybersecurity and employing the most talented information technology specialists.

In the United States, the White House named a cybersecurity czar to protect its computer networks from hackers’ attacks and oversee cyberprotection operations for government organizations.

In case of a cyberterror attack or large-scale infringement, the cyber czar will serve as the chief commander in a collaborated operation with the Department of Defense, the National Security Council and the Department of Homeland Security.

In Japan, IT Strategy headquarters is under the Office of the Chief Cabinet Secretary. The United Kingdom’s government established the National Cybersecurity Center, and France has an integrated cyberagency under the Office of the Prime Minister.

In Canada, the Security Intelligence Service is in charge of cybersecurity, and in Norway, the National Security Authority is leading cyberwarfare.

But what about Korea? It has been addressed a number of times; investment on cyber security is surprisingly insignificant compared to Korea’s expansive IT infrastructure. In most companies, the chief information officer serves as the chief information security officer, and many companies do not have departments exclusively working on cybersecurity.

According to the National Intelligence Service, there are millions of attack attempts against the government network every day. And the number of hacking incidents grows rapidly every year, both domestically and internationally. However, investment on cybersecurity in Korea is shamefully petty. Because cyberattacks cross borders freely, responses and defenses focusing on domestic attacks have very limited affects.

In order to establish a more formidable and systematic information security environment, we need to fundamentally change our perspective on information security and approaches for protection.

Moreover, the government has to make a bigger effort to create a joint cybersecurity response system with the private sector.

A comprehensive and permanent cybersecurity program at the national level calls for constant investment, and government policies should organically back up overall efforts to promote effective and systematic cyberdefense.

*The writer is the CEO of Symantec Korea.

By Jeong Gyeong-won