Cyber security and data protection challenges in korea
This presentation is the property of its rightful owner.
Sponsored Links
1 / 12

Cyber Security and Data Protection Challenges in Korea PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on
  • Presentation posted in: General

Cyber Security and Data Protection Challenges in Korea. Jinhyun CHO Senior Researcher Korea Internet and Security Agency. Short Intro. To KISA. Information Security. Internet Promotion. Security Incident Prevention and Response : 24/7 Situation Room to Respond Security Incidents

Download Presentation

Cyber Security and Data Protection Challenges in Korea

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cyber security and data protection challenges in korea

Cyber Security and Data Protection Challenges in Korea

Jinhyun CHO

Senior Researcher

Korea Internet and Security Agency


Short intro to kisa

Short Intro. To KISA

Information Security

Internet Promotion

  • Security Incident Prevention and Response

    : 24/7 Situation Room to Respond Security Incidents

    : Incident Handling including Mobile/e-mail SPAM

  • Privacy Protection

    : PI Breach Reporting and Consultation

    : Removal of PI exposed on Websites

  • Creating a Healthy Internet Culture

    : Customized Internet Ethics Education

  • Promoting Internet Business

    : Finding and Supporting New Quality Ventures

  • Managing Internet Address Resources

    : Managing .kr domains(.kr registry)

Int’l Cooperation

Policy Research

  • Supporting Foreign Expansion of ICT Businesses

    : Export Counselling, SME Consulting

  • Cooperation with International Organizations

    : OECD, World Bank

    : Cyberspace Conference(2013), ITU PP(2014)

  • Policy Research and Survey Analysis

    : Internet Issue Research and National ICT Statistics

  • Supporting Improvement of ICT Legal Frameworks

    : Supporting the Enactment of New Act like Cloud Act

    : Analyzing and Researching Emerging Legal Issues


I major security incidents in 2013

I. Major Security Incidents in 2013

March 20 Cyber Terror

  • Cyber Terror on Broadcasting Stations and Banks

    • Coordinated Attack with H-Hour : 14:00(GMT+9)

    • Service Disruption : 3 BS and 2 Banks Affected

  • More than 40,000 computers Destroyed (HDD Erased)

    Clients, Servers, and even ATMs Infected with Malware

  • Malware Distribution Path : Vaccine Update Server

    • Improper Security Management : Serious Security Holes


I major security incidents in 20131

I. Major Security Incidents in 2013

March 20 Cyber Terror


I major security incidents in 20132

I. Major Security Incidents in 2013

June 25 Cyber Attack

  • Multiple Cyber Attacks : 69 Organizations Affected

    • Web Defacement : Blue House and 43 Private Web

    • DDoS on Integrated Government Infrastructure

    • Destruction of Computers in Mass Media Companies

  • Coordinated and Sophisticated Attack

    • Attack Scale & Methods ( Web Hard Client Program )

  • Attribution : Who is Behind the Attack?


Ii major pi breaches in 2014

II. Major PI Breaches in 2014

From Credit Card Vendors

  • More than 100 Mil. Card holders’ PI Leaked

    • K CCV : 53 Mil., L CCV : 26 Mil., N CCV : 25 Mil.

    • Including RRN, Address, Financial Status, and etc.

  • Internal Employee of Credit Rating Company Involved

    • Counterfeit Prevention System Development Program

    • PI Leaked with USB Thumb Drive (No Policy or Encryption)

  • Leaked to Loan Advertisers and Loan Brokers

    • Serious Financial and Legal Threats to Credit Card Vendors?


Ii major pi breaches in 20141

II. Major PI Breaches in 2014

From Mobile Service Provider

  • 12Mil PI Leaked through Homepage Hacking

  • Brutal Force Attack with Billing Information

    • Sophisticated Hacking Vs. Trial and Error (?)

    • Security Policy for Multiple Attempts from One IP(?)

  • Leaked PI used to Advertise and Sell Mobile Phones

    • Customized Information for Those Who Need a New Phone

    • 3 or 4 Phones Sold to Over 150 Phones Sold After Breach

  • Similar Incident Occurred 2 years ago


Iii response from government

III. Response from Government

Nat’l Cybersecurity Comprehensive Countermeasures

  • BH takes the Lead in Major Cybersecurity Incidents

    • NIS : Working-level Coordinator

    • MND for Military Sector and MSIP for Private Sector

  • PCRC Strategy

    • P(Prompt) : Concurrent Situation Notification Framework

    • C(Cooperative) : Cyberthreat Information Sharing System

    • R(Robust) : CII Designation Increased (Around 400 in 2017)

    • C(Creative) : Supporting 10 Key Security Technology


Iii response from government1

III. Response from Government

Financial PI Breach Prevention Countermeasures

  • Protection of Financial Consumer Right

    • Minimum PI Collection and Self Determination

  • Clear and Strong Responsibility

    • Annual Reporting on IS & Penalty ( Up to 3% of Sale)

  • Strong Response to Security Incidents

    • Network Separation and RRN Encryption

  • Prevention of Potential Breaches

    • Destruction of Collected PI


Iv key r d area for information security

IV. Key R&D Area for Information Security

Gov (MSIP) R&D Plan for Information Security until 2017

  • Vision

    • Establish Secure & Trustworthy Creative Society Safety Network

  • Objectives

    • Global Market Share : 2.4%(2012) to 3.0%(2017)

    • 1st Class Tech. : 79.9(2013) to 90%(2017)

    • Competitiveness : Supporting 10 best IS Products

  • R&D Focus in 2014 : Incident Response & Wireless IDS


V research cooperation model

V. Research Cooperation Model

Cybersecurity Research Center

  • University and KISA Cooperation

    • Joint Project to Educate and Train Cybersecurity Experts

    • KISA : Provide the state-of-art information and technology

  • Area : Vulnerability and Malware Analysis

    • Providing Working Experiences in the Real Envirnoment

  • 2 Centers to Be Selected

  • Open to Graduate School of Information Security


Cyber security and data protection challenges in korea

Thank You


  • Login