[CON]Leadership must be multifacetedAfter the March 20 cyberattacks, many people have become seriously concerned about the cybersecurity of the country. Broadcasters and banks that were attacked are also suffering from lost trust and high expenses to restore their systems. But the latest incident, if compared to the attacks that will come in the future, are probably nothing.
If cyberterrorist attacks take place against infrastructure such as nuclear power plants, airports, the transportation system, financial networks, dams or ports, we will face astronomical damage to the country’s security and economy. Such a future is possible so long as North Korea exists.
The March 20 crisis was the result of a bureaucracy that lacked proper strategy and cost-effective policies. Although Korean companies have already developed technology that can pre-emptively detect a crisis and inform the public, the government has ignored these developments. Given this situation, another crisis is bound to happen.
We must learn a lesson from the U.S. example. American authorities beefed up cybersecurity measures after the September 11th attacks. The U.S. government created the Department of Homeland Security in 2002 by integrating counterterrorism functions that were spread out among 22 offices and allowed the new department to be in charge of cybersecurity. Furthermore, U.S. President Barack Obama made policies and research in cybersecurity top priorities. All relevant activities were managed by the White House Cybersecurity Policy Office.
Under the coordination of the White House, the entire government moved quickly toward the one same goal and cybersecurity managed to perform its role properly.
In Korea, bureaucracy was the main reason behind the recent cyberattacks. To change the situation, we must first redefine leadership like in the United States. All government offices must participate in cybersecurity.
If one single office is in charge, cyberterrorism will continue to be a problem. How can we just let one office take care of this important matter?
The government must conduct an overall security assessment and find loopholes to be fixed. The Ministry of Strategy and Finance needs to allocate money continuously to improve our cybersecurity preparedness. The Board of Audit and Inspection must oversee the process.
Second, cooperation with the private sector is crucial. As we have witnessed from the March 20 crisis, many civilian companies have excellent technology that must be utilized.
Third, the government must invest in mid- and long-term research and development projects while educating professionals. Relevant laws and policies must be updated.
To this end, the government and ruling party’s plan to create a law governing the management of a cybercrisis could be problematic.
It is aimed at giving the National Intelligence Service, which has been in charge of cybersecurity until now, a bigger role. We must break away from the bureaucracy from the past.
Once again, all government offices must perform their own roles to achieve one goal of cybersecurity.
A centralized office can then be created to regularly check on the offices’ performances and react promptly to a change in the situation. The Blue House should have a cybersecurity adviser, given the sensitive nature of the issue in international affairs and diplomacy as well as national security and the economy. When cybersecurity leaders perform properly, we can become a strong exporter of security technology as well.
Translation by the Korea JoongAng Daily staff.
*The author is a professor of graduate school of information security at Kaist.
by Lim Chae-ho