Jinhyun CHO Senior Researcher Korea Internet and Security Agency
Security Incident Prevention and Response : 24/7 Situation Room to Respond Security Incidents : Incident Handling including Mobile/ SPAM Privacy Protection : PI Breach Reporting and Consultation : Removal of PI exposed on Websites Information Security Internet Promotion Creating a Healthy Internet Culture : Customized Internet Ethics Education Promoting Internet Business : Finding and Supporting New Quality Ventures Managing Internet Address Resources : Managing.kr domains(.kr registry) Supporting Foreign Expansion of ICT Businesses : Export Counselling, SME Consulting Cooperation with International Organizations : OECD, World Bank : Cyberspace Conference(2013), ITU PP(2014) Int’l Cooperation Policy Research and Survey Analysis : Internet Issue Research and National ICT Statistics Supporting Improvement of ICT Legal Frameworks : Supporting the Enactment of New Act like Cloud Act : Analyzing and Researching Emerging Legal Issues Policy Research
Cyber Terror on Broadcasting Stations and Banks Coordinated Attack with H-Hour : 14:00(GMT+9) Service Disruption : 3 BS and 2 Banks Affected More than 40,000 computers Destroyed (HDD Erased) Clients, Servers, and even ATMs Infected with Malware Malware Distribution Path : Vaccine Update Server Improper Security Management : Serious Security Holes March 20 Cyber Terror
Multiple Cyber Attacks : 69 Organizations Affected Web Defacement : Blue House and 43 Private Web DDoS on Integrated Government Infrastructure Destruction of Computers in Mass Media Companies Coordinated and Sophisticated Attack Attack Scale & Methods ( Web Hard Client Program ) Attribution : Who is Behind the Attack? June 25 Cyber Attack
More than 100 Mil. Card holders’ PI Leaked K CCV : 53 Mil., L CCV : 26 Mil., N CCV : 25 Mil. Including RRN, Address, Financial Status, and etc. Internal Employee of Credit Rating Company Involved Counterfeit Prevention System Development Program PI Leaked with USB Thumb Drive (No Policy or Encryption) Leaked to Loan Advertisers and Loan Brokers Serious Financial and Legal Threats to Credit Card Vendors? From Credit Card Vendors
12Mil PI Leaked through Homepage Hacking Brutal Force Attack with Billing Information Sophisticated Hacking Vs. Trial and Error (?) Security Policy for Multiple Attempts from One IP(?) Leaked PI used to Advertise and Sell Mobile Phones Customized Information for Those Who Need a New Phone 3 or 4 Phones Sold to Over 150 Phones Sold After Breach Similar Incident Occurred 2 years ago From Mobile Service Provider
Nat’l Cybersecurity Comprehensive Countermeasures BH takes the Lead in Major Cybersecurity Incidents NIS : Working-level Coordinator MND for Military Sector and MSIP for Private Sector PCRC Strategy P(Prompt) : Concurrent Situation Notification Framework C(Cooperative) : Cyberthreat Information Sharing System R(Robust) : CII Designation Increased (Around 400 in 2017) C(Creative) : Supporting 10 Key Security Technology
Financial PI Breach Prevention Countermeasures Protection of Financial Consumer Right Minimum PI Collection and Self Determination Clear and Strong Responsibility Annual Reporting on IS & Penalty ( Up to 3% of Sale) Strong Response to Security Incidents Network Separation and RRN Encryption Prevention of Potential Breaches Destruction of Collected PI
Gov (MSIP) R&D Plan for Information Security until 2017 Vision Establish Secure & Trustworthy Creative Society Safety Network Objectives Global Market Share : 2.4%(2012) to 3.0%(2017) 1 st Class Tech. : 79.9(2013) to 90%(2017) Competitiveness : Supporting 10 best IS Products R&D Focus in 2014 : Incident Response & Wireless IDS
Cybersecurity Research Center University and KISA Cooperation Joint Project to Educate and Train Cybersecurity Experts KISA : Provide the state-of-art information and technology Area : Vulnerability and Malware Analysis Providing Working Experiences in the Real Envirnoment 2 Centers to Be Selected Open to Graduate School of Information Security