[INTERVIEW] Playing it safe in era of cyberwarfare
As one of only a handful of security experts and educators in Korea, he said there is an urgent need to foster an IT security workforce to ward off the growing threat posed by international hackers and those engaged in cyberwarfare. The Korea JoongAng Daily held an in-depth interview with Lim to learn more about the country’s current status as an IT powerhouse and how it is working to shore up its related security systems.
Q. How hard do Korean companies work to protect their customers’ personal information? Has the situation improved since the three hacking scandals involving Nonghyup, Hyundai Card and SK Communications this year?
A. These companies’ databases [of customers’ personal information] are not well protected, making them vulnerable to attacks by malicious viruses, which are being newly created at a rate of around 10,000 a day, or up to three million a year. Korean companies do not have a big enough security workforce to guard their information systems, nor do they want to spend money on them. Companies need to adopt a fresh concept dubbed “security by design.” This means they need to redesign their security systems by taking into consideration the ubiquitous nature of the Internet .?.?. especially given the widespread use of smartphones. They also need to be put under restrictive regulations by authorities.
Are smartphones easy targets for hackers?
Smartphone users are exposed to more hacking risks, as their handsets are always switched on with 24-hour access to the mobile network. Moreover, smartphone applications are free to download, and this is one way in which malicious codes can be planted in individuals’ devices. So far, there are not enough “vaccines” for smartphones. Experts are still busy dealing with viruses on PCs.
Cloud computing has started to pop up on the radar here more frequently these days. Why are companies and the government so eager to introduce this? Is it safe?
In terms of economics, cloud computing is a welcome development. Individuals can save their data in servers provided by companies or government agencies, so they don’t need to buy separate software. They only need mobile devices that have access to the servers anytime and anywhere. The problem is that they surrender control of their own data to the servers. And there is nothing they can do when the servers are hacked. For example, when Korean users’ personal location information was leaked by Google - a cloud computing service provider - the Korean authority that investigated the case had difficulty finding the cause, because Google’s main server is based in the United States. This means the country has effectively lost its power of jurisdiction when it comes to IT security. Korea is not yet ready to embrace cloud computing, but companies and some government agencies are in a hurry to introduce it.
The nation’s first personal information protection law came into effect on Sept. 30. As the chairman of the committee, could you explain a little about it?
[It] stipulates that all kinds of personal information must be safely encrypted, that companies bear the burden of proof when information leaks occur, and that security impact assessments be conducted regularly. The enactment of the law has raised the overall security level of the country as a whole, and the committee has considerable authority as it governs security-related issues in all parts of society.
Last year, you warned of the threat of cyberwarfare, or the so-called “Fourth-Generation War,” after the sinking of South Korea’s Cheonan warship. How dangerous is this threat?
Cyberwarfare means executing attacks against the security systems of one’s enemies, while also carrying out physical attacks at the same time. If successful, this can render one’s enemies completely powerless. About 100 countries are engaged in cyberwarfare based on the idea that offense is the best form of defense. For example, when Iran tried to activate its nuclear power plants last year, Israel conducted stealth attacks on Iran’s nuclear weapons to stop them from being operational. This can be considered a kind of cyberwarfare. U.S. stealth technology also paralyzed Iraq’s air defenses during the [latest] Iraq war.
What is Korea doing to prepare for this new era? How will the new cyberdefense department be structured?
From next year, Korea will have the world’s first cyberdefense department for undergraduate students in a bid to foster talented students in the IT security field who can fight for the country on this new front. Korea has employed a few talented hackers, but their numbers are too small. As the threat we face is outpacing the current security environment here, we need to train more hackers under a well-established system. .?.?. The first 30 students at the new department will also have to study law, psychology and international politics, in addition to computer security-related courses, for a total of four years. Then they will be dispatched to the military as cyber military officers for seven years. Twelve years from now, we will have the first generation of cyber military officers able to properly defend the nation against cyber attacks.
By Song Su-hyun [firstname.lastname@example.org]