In Korea, cyber warfare has become real, not a virtual one. North Korea continues to expand its cyber warfare capabilities.
South Korean National Intelligence Service (NIS, Korean CIA) officially reported 75,472 cyberattacks launched against the government and public agencies from 2010 until October 2014. Additionally, the NIS's National Cyber Security Center reported that North Korea attempts millions of indiscriminate cyber-attack attempts on government agencies and private corporations in South Korea.
The NIS believes that North Korean General Bureau of Reconnaissance, specifically Unit 121, dedicates more than 6,000 full-time hackers who create malicious computer codes. This estimate, which was echoed by the South Korean Ministry of Defense in a white paper released in January 2015, is double the estimated figure previously released by the NIS in 2013. According to claims by North Korean defectors, the North Korean government began to focus on its cyber capabilities as an attempt to develop its asymmetric warfare in the 1990s, when economic hardships put strains on its conventional military assets. At that time, Mirim University - since renamed Pyongyang Automation University - was opened to train hackers in electronic warfare tactics.
To narrow the gap with the North, recently South Korean government has been devoting itself to raise more cyber security experts. In this talk I will talk how our government invests in human capital for cyber-security. Especially, I will focus on the training programs of , , and , all of which play the central role for bring up security experts. Aside from state-run programs, I will give a talk about private sector’s effort to train white-hat hackers (for example, SECUINSIDE of , CODEGATE of , POC of , , , etc).
Given that a variety of training programs are underway to secure more security and hacking experts, we seems to be making progress. For example, , the team comprised of students from Korea University and the Korea-based IT security solution provider RAONSECURE, won the TOP prize at the ‘DEFCON CTF 23’! However, we have problems that still needs to be solved. I will also point out these.
4. 고려대학교정보보호대학원
마스터 제목 스타일 편집
4
2000. 03. : Founded Graduate School of
Information Security (情報保護大學院)
domestically for the first time
2009. 12. & 2010. 08. : Successively won
DC3 Digital Forensic Challenge 2009 &
2010
2012. 03 : Established Undergraduate
Dept. of Cyber Defense (Cyber國防學科)
2015. 05 : Came in 3rd at the ACM
International Collegiate Programming
Contest, one of the largest international
programming contests
2015. 08. : Won DEFCON CTF 2015
Korea University
5. 고려대학교정보보호대학원
마스터 제목 스타일 편집
5
Leading institution in research and
education in cybersecurity of Korea
17 full-time professors + 2 adjunct
professors + 8 visiting professors
Having turned out 1,000+ Ms.D/Ph.D
security experts
Having published 520+ papers on SCI(E)
journals over the last 15 years
Former president of Graduate School of
Information Security, Jong In Lim, was
appointed as ’Special Advisor to the
President for National Security’
Korea University (Cont.)
6. 고려대학교정보보호대학원
마스터 제목 스타일 편집
6
金 昇 柱 (Nick : Pr0xy5kim), 1971
1999. 02 : Ph.D on Cryptography @
Sungkyunkwan Univ.
1997.6~1997.8 : Visiting Researcher @ Prof.
Shigeo Tsujii's Lab. of the Chuo University,
Tokyo, Japan
1998.12~2004.02 : Director @ KISA (Korea
Internet & Security Agency)
2004.03~2011.02 : Assistant Professor &
Associate Professor @ Sungkyunkwan Univ.
2011.03~Now : Associate Professor & Full
Professor @ Graduate School of
Information Security, Korea Univ.
Prof. Dr. Seungjoo (Gabriel) Kim
7. 고려대학교정보보호대학원
마스터 제목 스타일 편집
7
From 2011, Co-Founder/Advisory
Director of a hacker group, HARU
and an international security &
hacking conference, SECUINSIDE.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
8. 고려대학교정보보호대학원
마스터 제목 스타일 편집
8
Founded in 2011
Acronym of ”HAckers’ Re-Union”
or ”HAckers aRe Us”
President :
Members :
BLACK.PERL (www.bpsec.co.kr), CNSECURITY
(www.cnsec.co.kr), FlyHigh, GRAYHASH
(BEISTLAB, www.grayhash.com), Hackerschool
(www.hackerschool.org), iNET COP
(www.inetcop.net), NSHC (www.nshc.net),
SEWORKS (Wowhacker, www.seworks.co), etc.
[Note] HARU
9. 고려대학교정보보호대학원
마스터 제목 스타일 편집
9
Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
10. 고려대학교정보보호대학원
마스터 제목 스타일 편집
10
Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
12. 고려대학교정보보호대학원
마스터 제목 스타일 편집
12
In Korea, cyber warfare has become real,
not a virtual one. North Korea continues to
expand its cyber warfare capabilities.
South Korean National Intelligence Service
(NIS, Korean CIA) officially reported 75,472
cyber-attacks launched against the
government and public agencies from 2010
until October 2014.
North Korea attempts millions of indiscriminate
cyber-attack attempts on government agencies
and private corporations in South Korea.
Cyber Security Situation in KR
13. 고려대학교정보보호대학원
마스터 제목 스타일 편집
13
Especially, five years ago, South Korea
was hit by a computer virus that took
over 20,000 computers and had them
attack banks, television stations and its
ministry of defense.
Korean government believes that North
Korean General Bureau of
Reconnaissance (偵察總局), specifically
Unit 121, dedicates more than 6,000 full-
time hackers who create malicious
computer codes.
Cyber Security Situation in KR (Cont.)
14. 고려대학교정보보호대학원
마스터 제목 스타일 편집
14
To narrow the gap with the North,
recently South Korean government has
been devoting itself to raise more
cyber security experts.
Cyber Security Situation in KR (Cont.)
16. 고려대학교정보보호대학원
마스터 제목 스타일 편집
16
National Security Office (國家安保室, Control
Tower)
NIS (National Intelligence Service (Korean CIA),
國家情報院])
NSR (National Security Research Institute)
MSIP (Ministry of Science, ICT & Future
Planning, 未來創造科學部)
KISA (Korea Internet & Security Agency)
Cyber Security Research Division of ETRI (Electronics
and Telecommunications Research Institute)
KCC (Korea Communications Commission, 放送通
信委員會)
Cyber Security Related Government
17. 고려대학교정보보호대학원
마스터 제목 스타일 편집
17
MOI (Ministry of the Interior, 行政自治部)
FSC (Financial Services Commission,
金融委員會) & FSS (Financial Supervisory
Service, 金融監督院)
FSI (Financial Security Institute)
MOD (Ministry of Defense, 國防部) & Cyber
Command
ADD (Agency for Defense Development)
SPO (Supreme Prosecutors' Office, 大檢察廳)
& NPA (National Police Agency, 警察廳)
Cyber Security Related Government
19. 고려대학교정보보호대학원
마스터 제목 스타일 편집
19
NISA (National Information Security Agency,
2002)
KIISC (Korea Institute of Information Security &
Cryptology, 1990)
www.kiisc.or.kr
KCSA (Korea Convergence Security Association,
2001)
www.kocosa.org
KISIA (Korea Information Security Industry
Association, 1997)
www.kisia.or.kr
CONCERT (CONsortium of CERTs, 1996)
www.concert.or.kr
Non-Profit Private Organizations
20. 고려대학교정보보호대학원
마스터 제목 스타일 편집
20
Korea Council of Chief Information Security
Officers (2009)
www.cisokorea.org
OPA (Korea Online Privacy Association, 2011)
www.opa.or.kr
KCPPI (The Korean Council on the
Protection of Personal Information, 2010)
www.kcppi.or.kr
Korea Chief Privacy Officers' FORUM (2007)
www.cpoforum.or.kr
HARU (HAckers’ Re-Union, 2011)
www.h4ru.com
Non-Profit Private Organizations
22. 고려대학교정보보호대학원
마스터 제목 스타일 편집
22
# of Departments of Undergraduate
schools to offer cyber security programs of
study : 36 (increased 28.6% from year-ago)
# of Undergraduate Students on the register :
5,701 (increased 15.8% from year-ago)
# of Departments of Graduate schools to
offer cyber security programs of study : 32
# of Graduate Students on the register : 1,241
(increased 24.6% from year-ago)
Universities (in 2014)
23. 고려대학교정보보호대학원
마스터 제목 스타일 편집
23
Since Joongbu Univ. established the first
cyber security undergraduate program in
1996, it has been growing quickly every
year.
Recently, joint educational programs
with security companies are on the
increase.
Full Scholarship over Guaranteed
Employment
Universities (in 2014) (Cont.)
24. 고려대학교정보보호대학원
마스터 제목 스타일 편집
24
# of Departments of Colleges to offer
cyber security programs of study : 8
# of students on the register : 568
(increased 34.6% from year-ago)
Colleges (in 2014)
25. 고려대학교정보보호대학원
마스터 제목 스타일 편집
25
Established in 2012
In 2016, we will graduate 30 students for
the first time.
Joint educational programs with Korea
Army (Cyber Command)
Full Scholarship over Guaranteed
Employment
Upon graduation, they are to be commissioned
as second lieutenants and must serve in the
military for seven years
Accept top 1% of students in the
national college entrance exam
Dept. of CYDF @ Korea Univ.
26. 고려대학교정보보호대학원
마스터 제목 스타일 편집
26
Inspired by Israel's Talpiot program
“Talpiot” means “best of the best” in Hebrew
Israel set up the Talpiot program in 1979 to
train the nation's most promising high-
school graduates to become technological
innovators for the military
Members of program, called “Talpions”,
spend 3 years in study, followed by 6 years
of military service focused on improving the
Israeli military's technological edge rather
than serving in combat units
Giving financial support for start-ups
Dept. of CYDF @ Korea Univ. (Cont.)
27. 고려대학교정보보호대학원
마스터 제목 스타일 편집
27
Curriculum :
Cryptology & Steganography
Cyberlaw
Cyberpsychology
Hacking
Digital forensics
Information assurance
Basic military studies, etc
Also embedded some programs in the
curriculum to inculcate students with
patriotism and a strong work ethic
Dept. of CYDF @ Korea Univ. (Cont.)
28. 고려대학교정보보호대학원
마스터 제목 스타일 편집
28
In 2015, "DEFKOR," the team comprised
of 8 students from Dept. of CYDF at
Korea University and 3 from Korea-based
IT security solution provider Raonsecure,
and 2 Korean students studying in the
U.S. won the TOP prize at the DEFCON
CTF 23!
In this year, 4,000+ teams
qualified, 15 teams made
finalists!
Dept. of CYDF @ Korea Univ. (Cont.)
30. 고려대학교정보보호대학원
마스터 제목 스타일 편집
30
Public Sector & Government Cyber
Security Education Programs
Education and Training for Public Officers
NSR’s CSTEC, KIA Academy
Education and Training for Non-Officers
KISA’s K-Shield, KITRI’s BoB, KISA’s Online
Information Security Training Lab., ITRC
Private Sector Cyber Security Education
Programs
In 2014, 25 private cyber security training
institutes
Other Education Programs
31. 고려대학교정보보호대학원
마스터 제목 스타일 편집
31
CSTEC (Cyber Security Training and
Exercise Center)
Opened at Daejeon, Oct. 2014.
Organized by NSR (National Security
Research Institute)
KISA Academy
Opened at Seoul, May 2009.
Organized by KISA (Korea Internet &
Security Agency)
Public Programs for Public Officers
32. 고려대학교정보보호대학원
마스터 제목 스타일 편집
32
K-Shield
Since 2013.
Organized by KISA
Aimed at : Raising very highly skilled cyber
security experts
Until 2017, plan to produce 5,000 certified
experts
Applicant’s requirement : Security staffs in
public or private sector
Public Programs for Non-Officers
33. 고려대학교정보보호대학원
마스터 제목 스타일 편집
33
BoB (Best of the Best)
Since 2012.
Organized by KITRI (Korea Information
Technology Research Institute)
Aimed at : Raising very highly skilled cyber
security experts
Running strong peer-to-peer mentoring
program for professional development.
Mentors : Almost all members of HARU, Other well-
known security experts, etc.
Applicant’s requirement : Students (high
school, undergraduate and graduate)
Public Programs for Non-Officers
34. 고려대학교정보보호대학원
마스터 제목 스타일 편집
34
BoB (Best of the Best)
Courses :
About 8 month course
Survival program
The final 6 students will get around $17,000 each
1st Semester : Learning about information
security (crypto, network, OS, ethics and so on)
from professionals
2nd Semester : Projects with mentors
3rd Semester : Advanced researches
Public Programs for Non-Officers
35. 고려대학교정보보호대학원
마스터 제목 스타일 편집
35
BoB (Best of the Best)
Among 13 DEFKOR members, 10 is BoB
students(8) or mentors(2)!
Public Programs for Non-Officers
36. 고려대학교정보보호대학원
마스터 제목 스타일 편집
36
Online Information Security Training
Lab.
Since 2001.
Organized by KISA
www.sis.or.kr
Public Programs for Non-Officers
37. 고려대학교정보보호대학원
마스터 제목 스타일 편집
37
ITRC (University Information
Technology Research Center)
Since 2000.
Supported by the MSIP (Ministry of Science,
ICT & Future Planning)
During 2000~2014, KRW 415.72 billion (= USD
363,709,536.31 = JPY 43,699,740,358.03) was
funded (121 centers of 45 universities) by MSIP
Including ITRC for cyber security field
Public Programs for Non-Officers
39. 고려대학교정보보호대학원
마스터 제목 스타일 편집
39
At school, lots of information security clubs
in Korea
Since 2006, KISA & MSIP have been
encouraging and supporting security clubs
at universities
In 2014, 45 clubs are selected & supported
Awards and Money
Some clubs are famous at the world class
CTFs
CyKor (Korea Univ.), GoN (KAIST), PLUS
(Postech)
University Clubs of Information Security
41. 고려대학교정보보호대학원
마스터 제목 스타일 편집
41
10+ hacking contests/conferences per year
International
SECUINSIDE by HARU, Korea Univ., KISA(MSIP),
NSR(NIS), and KOSCOM
CODEGATE by SOFTFORUM and KISA(MSIP)
POC (Power Of Community) by HNS company
Domestic
HDCON (Hacking Defence CONtest) by
KISA(MSIP)
White-Hat Hacker Contest by Ministry of
Defense and the NIS
FISCON (Financial Information Security
CONference) by FSI(FSS)
INC0GNITO by 10 University Security Clubs
Hacking Contests/Conferences
42. 고려대학교정보보호대학원
마스터 제목 스타일 편집
42
Since 2011.
Hosted by HARU, Korea Univ., KISA(MSIP),
NSR(NIS), and KOSCOM
SECUINSIDE CTF winners are pre-
qualified for DEFCON CTF
From 2015, they began Pwn2Own
contest (named as 'Capture The Bug')
for the first time in Korea
www.secuinside.com
SECUINSIDE
43. 고려대학교정보보호대학원
마스터 제목 스타일 편집
43
Since 2008.
Hosted by SOFTFORUM and KISA(MSIP)
The first international hacking
contests/conferences in Korea
CODEGATE CTF winners are pre-qualified
for DEFCON CTF
www.codegate.org
CODEGATE
44. 고려대학교정보보호대학원
마스터 제목 스타일 편집
44
Since 2004.
Hosted by KISA(MSIP)
The oldest hacking contests/conferences
in Korea
HDCON
45. 고려대학교정보보호대학원
마스터 제목 스타일 편집
45
Korea is probably most activated infosec
country in East Asia! However, we should
move …
From quantitative growth to qualitative
growth
Can get a good job after graduation
From information security oriented
education to information assurance
oriented education
(e.g.) U.S.s NIAETP (National Information
Assurance. Education and Training Program)
Conclusions & Future Works
47. 고려대학교정보보호대학원
마스터 제목 스타일 편집
47
Computer Security Era (the early 1960s
~)
Information Security Era (the 1980s ~)
Information Assurance Era (1998 ~)
[Note] Information Assurance
48. 고려대학교정보보호대학원
마스터 제목 스타일 편집
48
Originated in the U.S. DoD in the late
1990's.
IA is more than just IS!
[Note] Information Assurance
(Source : Algirdas Avizÿ ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)
49. 고려대학교정보보호대학원
마스터 제목 스타일 편집
고려대학교정보보호대학원
How South Korea Invests in
Human Capital for Cyber-Security