How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015

고려대학교정보보호대학원
마스터 제목 스타일 편집
How South Korea Invests in
Human Capital for Cyber-Security

2
 Who am I?
 Cyber Security Situation
 Government
 Non-Profit Private Organization
 Universities & Colleges
 Other Education Programs
 University Security Clubs
 Hacking Contests/Conferences
 Conclusions & Future Works
Contents

3
Who am I?

4
 2000. 03. : Founded Graduate School of
Information Security (情報保護大學院)
domestically for the first time
 2009. 12. & 2010. 08. : Successively won
DC3 Digital Forensic Challenge 2009 &
2010
 2012. 03 : Established Undergraduate
Dept. of Cyber Defense (Cyber國防學科)
 2015. 05 : Came in 3rd at the ACM
International Collegiate Programming
Contest, one of the largest international
programming contests
 2015. 08. : Won DEFCON CTF 2015
Korea University

5
 Leading institution in research and
education in cybersecurity of Korea
 17 full-time professors + 2 adjunct
professors + 8 visiting professors
 Having turned out 1,000+ Ms.D/Ph.D
security experts
 Having published 520+ papers on SCI(E)
journals over the last 15 years
 Former president of Graduate School of
Information Security, Jong In Lim, was
appointed as ’Special Advisor to the
President for National Security’
Korea University (Cont.)

6
 金昇柱 (Nick : Pr0xy5kim), 1971
 1999. 02 : Ph.D on Cryptography @
Sungkyunkwan Univ.
 1997.6~1997.8 : Visiting Researcher @ Prof.
Shigeo Tsujii's Lab. of the Chuo University,
Tokyo, Japan
 1998.12~2004.02 : Director @ KISA (Korea
Internet & Security Agency)
 2004.03~2011.02 : Assistant Professor &
Associate Professor @ Sungkyunkwan Univ.
 2011.03~Now : Associate Professor & Full
Professor @ Graduate School of
Information Security, Korea Univ.
Prof. Dr. Seungjoo (Gabriel) Kim

7
 From 2011, Co-Founder/Advisory
Director of a hacker group, HARU
and an international security &
hacking conference, SECUINSIDE.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)

8
 Founded in 2011
 Acronym of ”HAckers’ Re-Union”
or ”HAckers aRe Us”
 President :
 Members :
 BLACK.PERL (www.bpsec.co.kr), CNSECURITY
(www.cnsec.co.kr), FlyHigh, GRAYHASH
(BEISTLAB, www.grayhash.com), Hackerschool
(www.hackerschool.org), iNET COP
(www.inetcop.net), NSHC (www.nshc.net),
SEWORKS (Wowhacker, www.seworks.co), etc.
[Note] HARU

9
 Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.

10
 Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.

11
Cyber Security Situation

12
 In Korea, cyber warfare has become real,
not a virtual one. North Korea continues to
expand its cyber warfare capabilities.
 South Korean National Intelligence Service
(NIS, Korean CIA) officially reported 75,472
cyber-attacks launched against the
government and public agencies from 2010
until October 2014.
 North Korea attempts millions of indiscriminate
cyber-attack attempts on government agencies
and private corporations in South Korea.
Cyber Security Situation in KR

13
 Especially, five years ago, South Korea
was hit by a computer virus that took
over 20,000 computers and had them
attack banks, television stations and its
ministry of defense.
 Korean government believes that North
Korean General Bureau of
Reconnaissance (偵察總局), specifically
Unit 121, dedicates more than 6,000 full-
time hackers who create malicious
computer codes.
Cyber Security Situation in KR (Cont.)

14
 To narrow the gap with the North,
recently South Korean government has
been devoting itself to raise more
cyber security experts.
Cyber Security Situation in KR (Cont.)

15
Government

16
 National Security Office (國家安保室, Control
Tower)
 NIS (National Intelligence Service (Korean CIA),
國家情報院])
 NSR (National Security Research Institute)
 MSIP (Ministry of Science, ICT & Future
Planning, 未來創造科學部)
 KISA (Korea Internet & Security Agency)
 Cyber Security Research Division of ETRI (Electronics
and Telecommunications Research Institute)
 KCC (Korea Communications Commission, 放送通
信委員會)
Cyber Security Related Government

17
 MOI (Ministry of the Interior, 行政自治部)
 FSC (Financial Services Commission,
金融委員會) & FSS (Financial Supervisory
Service, 金融監督院)
 FSI (Financial Security Institute)
 MOD (Ministry of Defense, 國防部) & Cyber
Command
 ADD (Agency for Defense Development)
 SPO (Supreme Prosecutors' Office, 大檢察廳)
& NPA (National Police Agency, 警察廳)
Cyber Security Related Government

18
Non-Profit Private Organizations

19
 NISA (National Information Security Agency,
2002)
 KIISC (Korea Institute of Information Security &
Cryptology, 1990)
 www.kiisc.or.kr
 KCSA (Korea Convergence Security Association,
2001)
 www.kocosa.org
 KISIA (Korea Information Security Industry
Association, 1997)
 www.kisia.or.kr
 CONCERT (CONsortium of CERTs, 1996)
 www.concert.or.kr

20
 Korea Council of Chief Information Security
Officers (2009)
 www.cisokorea.org
 OPA (Korea Online Privacy Association, 2011)
 www.opa.or.kr
 KCPPI (The Korean Council on the
Protection of Personal Information, 2010)
 www.kcppi.or.kr
 Korea Chief Privacy Officers' FORUM (2007)
 www.cpoforum.or.kr
 HARU (HAckers’ Re-Union, 2011)
 www.h4ru.com

21
Universities & Colleges

22
 # of Departments of Undergraduate
schools to offer cyber security programs of
study : 36 (increased 28.6% from year-ago)
 # of Undergraduate Students on the register :
5,701 (increased 15.8% from year-ago)
 # of Departments of Graduate schools to
offer cyber security programs of study : 32
 # of Graduate Students on the register : 1,241
(increased 24.6% from year-ago)
Universities (in 2014)

23
 Since Joongbu Univ. established the first
cyber security undergraduate program in
1996, it has been growing quickly every
year.
 Recently, joint educational programs
with security companies are on the
increase.
 Full Scholarship over Guaranteed
Employment
Universities (in 2014) (Cont.)

24
 # of Departments of Colleges to offer
cyber security programs of study : 8
 # of students on the register : 568
(increased 34.6% from year-ago)
Colleges (in 2014)

25
 Established in 2012
 In 2016, we will graduate 30 students for
the first time.
 Joint educational programs with Korea
Army (Cyber Command)
 Full Scholarship over Guaranteed
Employment
 Upon graduation, they are to be commissioned
as second lieutenants and must serve in the
military for seven years
 Accept top 1% of students in the
national college entrance exam
Dept. of CYDF @ Korea Univ.

26
 Inspired by Israel's Talpiot program
 “Talpiot” means “best of the best” in Hebrew
 Israel set up the Talpiot program in 1979 to
train the nation's most promising high-
school graduates to become technological
innovators for the military
 Members of program, called “Talpions”,
spend 3 years in study, followed by 6 years
of military service focused on improving the
Israeli military's technological edge rather
than serving in combat units
 Giving financial support for start-ups
Dept. of CYDF @ Korea Univ. (Cont.)

27
 Curriculum :
 Cryptology & Steganography
 Cyberlaw
 Cyberpsychology
 Hacking
 Digital forensics
 Information assurance
 Basic military studies, etc
 Also embedded some programs in the
curriculum to inculcate students with
patriotism and a strong work ethic

28
 In 2015, "DEFKOR," the team comprised
of 8 students from Dept. of CYDF at
Korea University and 3 from Korea-based
IT security solution provider Raonsecure,
and 2 Korean students studying in the
U.S. won the TOP prize at the DEFCON
CTF 23!
 In this year, 4,000+ teams
qualified, 15 teams made
finalists!

29
Other Education Programs

30
 Public Sector & Government Cyber
Security Education Programs
 Education and Training for Public Officers
 NSR’s CSTEC, KIA Academy
 Education and Training for Non-Officers
 KISA’s K-Shield, KITRI’s BoB, KISA’s Online
Information Security Training Lab., ITRC
 Private Sector Cyber Security Education
Programs
 In 2014, 25 private cyber security training
institutes
Other Education Programs

31
 CSTEC (Cyber Security Training and
Exercise Center)
 Opened at Daejeon, Oct. 2014.
 Organized by NSR (National Security
Research Institute)
 KISA Academy
 Opened at Seoul, May 2009.
 Organized by KISA (Korea Internet &
Security Agency)
Public Programs for Public Officers

32
 K-Shield
 Since 2013.
 Organized by KISA
 Aimed at : Raising very highly skilled cyber
security experts
 Until 2017, plan to produce 5,000 certified
experts
 Applicant’s requirement : Security staffs in
public or private sector
Public Programs for Non-Officers

33
 BoB (Best of the Best)
 Since 2012.
 Organized by KITRI (Korea Information
Technology Research Institute)
 Aimed at : Raising very highly skilled cyber
security experts
 Running strong peer-to-peer mentoring
program for professional development.
 Mentors : Almost all members of HARU, Other well-
known security experts, etc.
 Applicant’s requirement : Students (high
school, undergraduate and graduate)

34
 Courses :
 About 8 month course
 Survival program
 The final 6 students will get around $17,000 each
 1st Semester : Learning about information
security (crypto, network, OS, ethics and so on)
from professionals
 2nd Semester : Projects with mentors
 3rd Semester : Advanced researches

35
 Among 13 DEFKOR members, 10 is BoB
students(8) or mentors(2)!

36
 Online Information Security Training
Lab.
 Since 2001.
 Organized by KISA
 www.sis.or.kr

37
 ITRC (University Information
Technology Research Center)
 Since 2000.
 Supported by the MSIP (Ministry of Science,
ICT & Future Planning)
 During 2000~2014, KRW 415.72 billion (= USD
363,709,536.31 = JPY 43,699,740,358.03) was
funded (121 centers of 45 universities) by MSIP
 Including ITRC for cyber security field

38
University Security Clubs

39
 At school, lots of information security clubs
in Korea
 Since 2006, KISA & MSIP have been
encouraging and supporting security clubs
at universities
 In 2014, 45 clubs are selected & supported
 Awards and Money
 Some clubs are famous at the world class
CTFs
 CyKor (Korea Univ.), GoN (KAIST), PLUS
(Postech)
University Clubs of Information Security

40
Hacking Contests/Conferences

41
 10+ hacking contests/conferences per year
 International
 SECUINSIDE by HARU, Korea Univ., KISA(MSIP),
NSR(NIS), and KOSCOM
 CODEGATE by SOFTFORUM and KISA(MSIP)
 POC (Power Of Community) by HNS company
 Domestic
 HDCON (Hacking Defence CONtest) by
KISA(MSIP)
 White-Hat Hacker Contest by Ministry of
Defense and the NIS
 FISCON (Financial Information Security
CONference) by FSI(FSS)
 INC0GNITO by 10 University Security Clubs
Hacking Contests/Conferences

42
 Since 2011.
 Hosted by HARU, Korea Univ., KISA(MSIP),
NSR(NIS), and KOSCOM
 SECUINSIDE CTF winners are pre-
qualified for DEFCON CTF
 From 2015, they began Pwn2Own
contest (named as 'Capture The Bug')
for the first time in Korea
 www.secuinside.com
SECUINSIDE

43
 Since 2008.
 Hosted by SOFTFORUM and KISA(MSIP)
 The first international hacking
contests/conferences in Korea
 CODEGATE CTF winners are pre-qualified
for DEFCON CTF
 www.codegate.org
CODEGATE

44
 Since 2004.
 Hosted by KISA(MSIP)
 The oldest hacking contests/conferences
in Korea
HDCON

45
 Korea is probably most activated infosec
country in East Asia! However, we should
move …
 From quantitative growth to qualitative
growth
 Can get a good job after graduation
 From information security oriented
education to information assurance
oriented education
 (e.g.) U.S.s NIAETP (National Information
Assurance. Education and Training Program)
Conclusions & Future Works

46
[Note] Information Assurance

47
 Computer Security Era (the early 1960s
~)
 Information Security Era (the 1980s ~)
 Information Assurance Era (1998 ~)

48
 Originated in the U.S. DoD in the late
1990's.
 IA is more than just IS!
(Source : Algirdas Avizÿ ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)

How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015

Recommended

Recommended

More Related Content

Similar to How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015

Similar to How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015 (20)

More from CODE BLUE

More from CODE BLUE (20)

Recently uploaded

Recently uploaded (20)

How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015