1 / 12

Cyber Security and Data Protection Challenges in Korea

Cyber Security and Data Protection Challenges in Korea. Jinhyun CHO Senior Researcher Korea Internet and Security Agency. Short Intro. To KISA. Information Security. Internet Promotion. Security Incident Prevention and Response : 24/7 Situation Room to Respond Security Incidents

perry
Download Presentation

Cyber Security and Data Protection Challenges in Korea

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security and Data Protection Challenges in Korea Jinhyun CHO Senior Researcher Korea Internet and Security Agency

  2. Short Intro. To KISA Information Security Internet Promotion • Security Incident Prevention and Response : 24/7 Situation Room to Respond Security Incidents : Incident Handling including Mobile/e-mail SPAM • Privacy Protection : PI Breach Reporting and Consultation : Removal of PI exposed on Websites • Creating a Healthy Internet Culture : Customized Internet Ethics Education • Promoting Internet Business : Finding and Supporting New Quality Ventures • Managing Internet Address Resources : Managing .kr domains(.kr registry) Int’l Cooperation Policy Research • Supporting Foreign Expansion of ICT Businesses : Export Counselling, SME Consulting • Cooperation with International Organizations : OECD, World Bank : Cyberspace Conference(2013), ITU PP(2014) • Policy Research and Survey Analysis : Internet Issue Research and National ICT Statistics • Supporting Improvement of ICT Legal Frameworks : Supporting the Enactment of New Act like Cloud Act : Analyzing and Researching Emerging Legal Issues

  3. I. Major Security Incidents in 2013 March 20 Cyber Terror • Cyber Terror on Broadcasting Stations and Banks • Coordinated Attack with H-Hour : 14:00(GMT+9) • Service Disruption : 3 BS and 2 Banks Affected • More than 40,000 computers Destroyed (HDD Erased) Clients, Servers, and even ATMs Infected with Malware • Malware Distribution Path : Vaccine Update Server • Improper Security Management : Serious Security Holes

  4. I. Major Security Incidents in 2013 March 20 Cyber Terror

  5. I. Major Security Incidents in 2013 June 25 Cyber Attack • Multiple Cyber Attacks : 69 Organizations Affected • Web Defacement : Blue House and 43 Private Web • DDoS on Integrated Government Infrastructure • Destruction of Computers in Mass Media Companies • Coordinated and Sophisticated Attack • Attack Scale & Methods ( Web Hard Client Program ) • Attribution : Who is Behind the Attack?

  6. II. Major PI Breaches in 2014 From Credit Card Vendors • More than 100 Mil. Card holders’ PI Leaked • K CCV : 53 Mil., L CCV : 26 Mil., N CCV : 25 Mil. • Including RRN, Address, Financial Status, and etc. • Internal Employee of Credit Rating Company Involved • Counterfeit Prevention System Development Program • PI Leaked with USB Thumb Drive (No Policy or Encryption) • Leaked to Loan Advertisers and Loan Brokers • Serious Financial and Legal Threats to Credit Card Vendors?

  7. II. Major PI Breaches in 2014 From Mobile Service Provider • 12Mil PI Leaked through Homepage Hacking • Brutal Force Attack with Billing Information • Sophisticated Hacking Vs. Trial and Error (?) • Security Policy for Multiple Attempts from One IP(?) • Leaked PI used to Advertise and Sell Mobile Phones • Customized Information for Those Who Need a New Phone • 3 or 4 Phones Sold to Over 150 Phones Sold After Breach • Similar Incident Occurred 2 years ago

  8. III. Response from Government Nat’l Cybersecurity Comprehensive Countermeasures • BH takes the Lead in Major Cybersecurity Incidents • NIS : Working-level Coordinator • MND for Military Sector and MSIP for Private Sector • PCRC Strategy • P(Prompt) : Concurrent Situation Notification Framework • C(Cooperative) : Cyberthreat Information Sharing System • R(Robust) : CII Designation Increased (Around 400 in 2017) • C(Creative) : Supporting 10 Key Security Technology

  9. III. Response from Government Financial PI Breach Prevention Countermeasures • Protection of Financial Consumer Right • Minimum PI Collection and Self Determination • Clear and Strong Responsibility • Annual Reporting on IS & Penalty ( Up to 3% of Sale) • Strong Response to Security Incidents • Network Separation and RRN Encryption • Prevention of Potential Breaches • Destruction of Collected PI

  10. IV. Key R&D Area for Information Security Gov (MSIP) R&D Plan for Information Security until 2017 • Vision • Establish Secure & Trustworthy Creative Society Safety Network • Objectives • Global Market Share : 2.4%(2012) to 3.0%(2017) • 1st Class Tech. : 79.9(2013) to 90%(2017) • Competitiveness : Supporting 10 best IS Products • R&D Focus in 2014 : Incident Response & Wireless IDS

  11. V. Research Cooperation Model Cybersecurity Research Center • University and KISA Cooperation • Joint Project to Educate and Train Cybersecurity Experts • KISA : Provide the state-of-art information and technology • Area : Vulnerability and Malware Analysis • Providing Working Experiences in the Real Envirnoment • 2 Centers to Be Selected • Open to Graduate School of Information Security

  12. Thank You

More Related