2014. 10. 14
Wan S. Yi
VP, Ph.D., CISSP
Korea Internet & Security Agency
Human and Institutional Capacity
Building for Information Security
Human and Institutional Capacity
2
2
Current Status
1
1
Need for Information Security
4
4
Strategy for IS Capacity Building
3
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Ⅰ. Need for Info. Sec.
Cyber crisis response cooperation system
Develop Master plan for Korean ICT
1994 Created Ministry of Information and Communication (MIC)
1995 Developed plan for high speed information communication network
Adopted Law
1996 Framework act on information promotion
Acquire Stable Budget
Dedicated Professional Agencies
KISA, KISDI, ETRI, NIPA, NIAPublic Outreach
Han River Miracle
GDP per capita (current US$)
25,000 20,000 15,000 10,000 5,000 0 1960 1963 1966 1969 1972 1975 1978 1981 1984 1987 1990 1993 1996 1999 2002 2005 2008 2011 5
Within 60 years..
Korea’s GDP per capita exceeded $ 23,837 in 2013,
compared to that of $155 in 1960
Korea marks..
33rd in Global GDP ranking (’13)
9th highest world’s trade volume (’13)
7th highest export volume (’13)
1st out of 193 countries in ICT Development Index rankings of ITU (’13)
1st out of 192 countries, in E-Government Development Rankings of UN (’14.6.)
Agr.,Fishing Chemical Metal ICT sector (Mfg.+Serv.) Auto. & Ship ConstrunctionWholesale & Retail
Finance Real estate & Renting Business activity Public admin. & Defence Education Health & Social work 25 20 15 10 5 0 -5.0 -10.0 2.7 0.0 5.1 5.3 5.8 10.5 8.4 20.8 5.3 5.3 5.9 -5.3 8.9 10.5 7.0 10.5 7.0 0.0 5.3 5.3 6.2 10.5 6.0 0.0 4.5 15.8 GDP ratio (2011) GDP Growth contribution (2012) Unit: % 11
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Ⅱ. Current Status
Current landscape of ICT
Rapidly expanding broadband
The ICT sector and the crisis
Business & Household adoption and use
Digital content
Government priorities
Internet of things
50 billion mobile wireless devices connected to Internet by 2020
700 million M2M enabled cars by 2020
Threats to Information Society
Cyber space is becoming increasingly crucial for the creation of broader societal benefits. However these economic and social benefits might at risk by poor security, such as the growth in cyber crime or cyber attack against Critical Information Infrastructures (CIIs)
Military Energy Transportation Banking E-Government Information & Telecommunications Health
Gaps in Information Security Capacity
• Source: Fighting to Close the Gap, Ernst & Young’s 2012 Global
Changes of Cybersecurity Threats
Purpose : show-off financial cyber terrorism (social
unrest)
Technique : manual stealth, automatic organized and intelligent
Target : individual system large-scale, network social infrastructure,
state scanning Invasion trial System infringement DoS Service stop purposed DDoS attack Sophisticated malicious code destruction of industry infrastructure • Hacktivism
• Sophisticated and continuous attack • Cyber terror
Strategic information war
• Pursuit purposed monetary benefit
Purposed cyber attack-professional hacker
• Small monetary purpose • Attack to unspecified objects
for fun • Curiosity
Common cyber attack
• Employed Employed Employed Employed hacker hacker hacker
hacker • National terrorismNational terrorismNational terrorismNational terrorism • Common attackCommon attackCommon attackCommon attack
Large scale Small scale High Low P P P P rrrr o o o o ffff e e e e s s s s s s s s iiii o o o o n n n n a a a a llll IIII tttt y y y y Scale of damage Scale of damageScale of damage Scale of damage As of now Social confusion, political purpose
2014
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2014
No. Date Cyber Attack
1 2003. 1 A computer virus shut down servers at the country's largest Internet service provider, KT Corp, disconnecting five million customers from the web
2 2005. 6 224,400 cases of ID theft were identified by NCSoft (online game company)
3 2008. 2 10.8 million cases of ID theft were identified by Auction Korea (online shopping company)
4 2009. 7 7.7 DDoS attack to portal sites, online bank and government’s homepages in US and South Korea occurred
5 2011. 9 35 million cases of ID theft were identified by SK Communications (portal site)
6 2013. 3 Major television broadcasters and banks were under cyber attack (48,700 PCs, Servers and ATMs were damaged)
7 2013. 6 The websites of S. Korea’s presidential office, government agencies and some media organizations were attacked
8 2014. 1 85 million personal information from KB Card, NH Card, Lotte Card has been disclosed
9 2014. 3 9.8 million personal information from KT has been disclosed
1 2 3 4 5 6 7
2013
Current Status
– Examples of Cyber Attacks
Malicious codes appear : 6,617
source from KISA (2,415,046/Y) ’12 : 1,435, ↑ 361%
Mobile Malicious codes appear : 2.4
source from KISA (analyzed by KISA)
Homepage Defacement : 4.7
source from KISA (17,00/Y) ’12 : 8.7, ↓ 46%
Web-embedded malicious code : 48.6
source from KISA (17,750/Y) ’12 : 35.7, ↑ 36.1%
DDoS Attack : 1.6
source from KISA (users’ report : 53) source from KISA IX detection : 415 source from KISA cyber shelter : 116 ’12 : 1.6, ↑ 6.7%
Phishing Site : 21.9
source from KISA 7,999/Y ’12 : 19, ↑ 15%
Spam : 59,830
source from KISA ’12 : 89,628, ↓ 33%
Zombie PC : 3,340
source from KISA Sinkhole(1,240,906/Y)
’12 : 8,821, ↓ 63% Incidents in One Day [2013]
Attack using highly organized
scenario
22 government, corporate site were attacked 3 times Money was not the objective
Self destructed so that attack path could not be predicted
Management Server Management Server Management Server Management Server (6 Nations 9Servers in US and Germany)
Total of 36 Sites Total of 36 Sites Total of 36 Sites Total of 36 Sites (Korea : 22, Global : 14) (Korea : 22, Global : 14) (Korea : 22, Global : 14) (Korea : 22, Global : 14) Attacked Site Attacked Site Attacked Site Attacked Site
Malicious Code Distributer (6 site) Malicious Code Distributer (6 site)Malicious Code Distributer (6 site) Malicious Code Distributer (6 site)
Pusan PusanPusan Pusan Seoul SeoulSeoul Seoul GuaChon GuaChon GuaChon GuaChon JinJu JinJu JinJu JinJu
Pusan Webhard Site Pusan Webhard SitePusan Webhard Site Pusan Webhard Site
Seoul SeoulSeoul Seoul Webhard Webhard Webhard Webhard Side SideSide Side
Attack command server Attack command server Attack command server Attack command server
(1 in US) (1 in US)(1 in US) (1 in US) Destroy zombie PC Destroy zombie PC Destroy zombie PC Destroy zombie PC (6 Nations 6 Servers in US etc.) Recollection
Recollection Recollection
Recollection ServerServerServerServer
((((333 Nations3NationsNationsNations 3333 ServerServer inServerServerinin Canada/VenezuelainCanada/VenezuelaCanada/Venezuela etcCanada/Venezuelaetcetcetc....))))
PCs PCs PCs PCs Manage zombie Manage zombie Manage zombie Manage zombie PCs PCs PCs PCs
Store info. on zombie Store info. on zombie Store info. on zombie Store info. on zombie
PCs PCs PCs
PCs commandcommandcommandcommand Send DDoS attack Send DDoS attack Send DDoS attack Send DDoS attack
command commandcommand
command Erase HDDErase HDDErase HDDErase HDD
Info. Store Server Info. Store Server Info. Store Server Info. Store Server (59 Nations 416 Server) (59 Nations 416 Server) (59 Nations 416 Server) (59 Nations 416 Server) Attacker Attacker Attacker Attacker
Cyber Incidences
– Global Issue
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
Ⅲ. Main Activities
K-Link Program
Purpose
Invite ICT policy makers and public officials
To share knowledge Korea has gained during development process
Subjects on mobile communication, information security, spectrum management, e-Government, transition to IPv6 and digital broadcasting, etc.
Programs
High-level official course: focused on ICT policy
Intensive course: 2 weeks, focused on one specific subject Youth ICT course: offered to international students in Korea Integrated course: consists of 3 different subjects
APISC Security Training Course
To learn and share experience on computer incidents prevention and response
5 days, mainly focus on the CSIRT establishment and operationIS Experience Sharing Activity
Rwanda
Rwanda
Rwanda
Rwanda
MoU with Rwanda Gov.(RDB) on Information Security(July 2011) Rwandan President Visit to KISA Situation Room(December 2011)
Cybersecurity Workshop
Costa Rica (Jan 2013)
Bangladesh (May 2013)
Indonesia (May 2013)
Uganda (July 2013)
Kenya (July 2013)
Thailand (Sept 2013)
Azerbaijan (Nov 2013)
Oman (Oct. 2013, April 2014)
Croatia (May 2014)
Belarus (May 2014)
Cambodia (Aug. 2014)
Mongolia (Sept. 2014)
Uzbekistan (Sept. 2014)
APCICT ICT Security Training
APCICT & the Union Civil Service Board (UCSB) of Myanmar jointly
organized the National workshop on e-Government and Information
Security & Privacy (May 2013, July 2014, Myanmar)
50 trainees from Myanmar government “Academy of ICT Essentials for
Government Leaders”
Training on Module 6 provides an overview of the need for information security, major issues and trends, and the process of formulating an information security strategy, etc.
Knowledge Sharing Program(KSP)
Modulization of Information Security Activities
Main policies of information security√ Policies and strategies
√ Information security laws & regulations Main information security activities
√ Internet incident response, e-gov security, CIIP, PKI, ISMS, IS product evaluation, Privacy, etc. Basic implementation activities
√ Education and training, R&D, awareness, partnership Evaluation
√ Accomplishment and comparison Implications
Knowledge Sharing Program
Cooperation with UAE ADSIC
ISMS Recommendation for UAE ADSIC Capacity building plan for UAE Abu Dhabi √ Framework for Information Security Workforce
Development and Policy Development
√ Best practices in information security policy: High level workforce development programs Center for strategic & international studies policies
Homeland security policy
Information security education certification programs
Central American ICT Training Center
To increase broadband penetration rate and to support e-Government projects
Inaugurated on 9
thJune 2014 in Nicaragua
Training center for 7 central- ameriacan nations
Global Cybersecurity Center for Development(GCCD)
Bring together the extensive experience of Korea’s cybersecurity Education & training for improvement of capability for IS
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ⅳ. Strategy for IS CB
Ecosystem for training Information Security workforce
Department of Information Security Information security multidisciplinary major Universities Graduate schools Reemploym ent and lifelong education Liberal arts Vocational High schools
(re)employment/supply of Information security workforce
Effective measurement of Information security education programs
Infrastructure for training workforce
Enhanced prediction of domestic supply and demand of Information security workforce
Establishment of Essential Body of Knowledge (EBK) Information security managers/CSO
(planning/audit, etc.) Information security consultants
(risk/assessment, etc.)
Engineers (operation/development, etc.) Expansion of the Information Security
workforce demand structure
Internet Incident Response Technology Research Centers in colleges (40 Centers) Smart Grid Security Center
BcN, Home Network, u-office wireless network, RFID/USN Improvement of security processing speed
Regional Research Centers, which conduct information security research Real-time intrusion prediction and early warning technology
IT system security level evaluation tools USN security research
ITRC (IT Research Center) project(1998 ~)
RRC (Regional Research Center) project(1995 ~)
Objective : To foster 2,000 high-level information security experts customized to the needs of enterprises
Background : Industrial demand for high-level technology, education opportunities are provided to the frontline workforce with focus on practical skills
AKIS
(Academy of Knowledge
Information Security) Digital Forensics
Biometrics
High Demand for education;
however, private educational institutions were
not willing to provide them due to high initial
investment costs
RFID/USN Security
Information security consultants
Objective : To foster 300 high-caliber experts
Background : 2008 knowledge information security industry promotion plan
consortium
Enterprises Jointly Plan and Run the CurriculaJointly Plan and Run the Curricula Universities
Master’s degree
Objective
: To create jobs in the information security area and revitalize
the information security industry
consortium
Enterprises Educational Institutions
Professional
The unemployed The potential employees