The document addresses the increasing difficulty of training the cybersecurity workforce in South Korea amid daily hacking attempts, primarily from North Korea and other countries. It highlights the importance of strong foundational education in cybersecurity, as well as the need for public-private partnerships to provide practical domain knowledge and experiences for students. The evolving security environment due to the 4th industrial revolution demands more specialized expertise in cybersecurity across various industries and presents challenges for smaller enterprises in recruiting talent.

1. Why is it getting harder to train
the cybersecurity workforce?
(Extended Version)
Prof. Seungjoo (Gabriel) Kim / Korea University

2. Seungjoo Kim
Professor of the School of Cybersecurity of
Korea University, Head of the Department
of Cyber Defense of Korea University, and
a Member of the Presidential Committee
on the 4th Industrial Revolution.
From 2018 to 2019, he was a visiting
professor of Korea Military Academy.
He served as a Black Hat Asia review board
member from 2019, a team leader of
Korea Internet & Security Agency (KISA)
from 1998 to 2004, and an associate
professor of Sungkyunkwan University,
Korea.

3. (As of November 2020)

4. Cyber Threats in South Korea
South Korean government groups and agencies experience
more than 1.62 million hacking attempts a day according to
South Korean National Intelligence Service (NIS, Korean
CIA).
⇒ From North Korea 》 China 〉 Russia 〉 Iran & Pakistan ↑

5. Cyber Threats in South Korea
Also, in recent years, there have been more attacks mainly
targeting private companies rather than public institutions.
The hacking damage is estimated at 86% and 14% for the
private and public, respectively.

6. North Korean Hacking Workforce
Korean government believes that North Korean General
Bureau of Reconnaissance (偵察總局), specifically Unit 121,
dedicates 6,000+ (exactly 6,800) full-time hackers who
create malicious computer codes.
⇒ 1,700 are experts and 5,100 are supportive members.

8. NK's hacking skills are really that good?
⇒ Evidence ⑴) Foreign IT expert evaluated that NK has a
potential to replace Indian S/W outsourcing market.

9. NK's hacking skills are really that good?
⇒ Evidence ⑵) North Korean students have a good
foundation for computer science itself.

13. North Korean Hacking Workforce
As seen before, North Korean hackers have good hacking
skills and good base in computer science.
But above all, they have very strong motivation such as Kim
Jung-un’s encouragements.
Furthermore, North Korean hackers are state-sponsored
soldiers. Thus they have the solid knowledge of (military)
operation. As we can see in SWIFT hacking, they can carry
out very well organized operation.

14. Dept. of Cyber Defense @ Korea Univ.
Established in 2012 to prepare for North Korea's hacking
attack (Inspired by Israel's Talpiot program)
⇒ We produced 30 first graduates in 2016.
Joint educational programs with Korea Army (Cyber
Command)
Full Scholarship over Guaranteed Employment

15. Dept. of Cyber Defense @ Korea Univ.
Upon graduation, they are to be commissioned as second
lieutenants and must serve in the military for seven years.
Accept top 0.4%~0.6% of students in the national college
entrance exam.

16. The team led by graduates of our dept. got 2nd place in the CYBERNET 2021 CTF (Netherland,
Nov. 15~19)! (1st : Netherland, 2nd : Korea, 3rd : EU combined team, 4th : Norway, 5th : Japan)

17. Other Education Programs
NSR’s CSTEC(Cyber Security Training and Exercise Center)
KISA’s K-Shield
KITRI’s BoB(Best of the Best) Program : Running strong
peer-to-peer mentoring style of education. And so far, it
has made so may pretty good results.

18. Changes in the Security Environment Ⅰ
Entering the era of the 4th Industrial Revolution, cyber
security began to be demanded in all areas connected to
the Internet.
As the importance of cybersecurity spreads across all areas,
security experts are forced to have more in-depth domain
knowledge than ever before.

19. Changes in the Security Environment Ⅰ
For example, in the European Union, the regulations on
automotive cybersecurity will be mandatory for all new
vehicles produced from July 2024.
⇒ UNECE WP.29 & ISO/SAE 21434

20. Changes in the Security Environment Ⅰ
UNECE regulations consist of ⑴ R155 for cyber security and
⑵ R156 for software update.
UNECE regulation 155 (Cyber Security) introduce a
Cybersecurity Management System (CSMS) in automotive
on organization level. :
√ Risk management across the entire company and the entire life cycle of
each individual vehicle
√ Analysis of weak points during the entire development and production
process
√ Cyber ​​security monitoring and incident response to existing vehicle types

21. Changes in the Security Environment Ⅰ
UNECE regulations consist of ⑴ R155 for cyber security and
⑵ R156 for software update.
UNECE regulation 156 (SW Updates) introduce a framework
for remote updates (over-the-air) with a Software Update
Management System (SUMS). :
√ Systematic control and compliance with government guidelines
√ Establish Software identification management
√ Assessment whether a software update (SU) affects type approval and
security of vehicle

23. MS-SDL
Similar!

25. Changes in the Security Environment Ⅰ
Also, on April 11th~12th, 2019 International Air Transport
Association (IATA) held for the first time, at its Regional
Office in Singapore, an Aviation Cyber Security Roundtable
(ACSR).
Through this, they concluded that it was necessary to
cultivate a new generation of individuals and organizations
that are able to support in answering the aviation cyber
security challenge.

26. Changes in the Security Environment Ⅰ
As another example, the U.S. DoD has been developing
various policies aimed at hardening the cybersecurity for its
weapon systems.
⇒ RMF A&A

27. Changes in the Security Environment Ⅰ
(e.g.) Lockheed Martin's CRL Framework for Weapon,
Mission, and Training Systems

28. Changes in the Security Environment Ⅱ
As cybersecurity is highlighted in all fields, the recruitment
of cyber security experts by large companies (such as
Samsung, LG, Hyundai/KIA, etc.) is increasing rapidly.
As a result, SMEs(Small and Medium-sized Enterprises) are
having difficulty in hiring security experts.

29. How to Educate Them?
In order to train security experts specialized in each
industrial sector, real data in the field is required to grow
in-depth domain-knowledge.
However, it is difficult for universities to obtain the data
generated in the real world.
This is particularly serious in the fields of automobiles,
aircraft, and weapon systems, etc.

30. How to Educate Them?
Need very strong public-private partnership!
Universities should teach students to have solid basic
knowledge, so that they can quickly acquire practical
domain-knowledge taught in the company(or government)
after joining that company(or government).
In addition, as in Cyber Grand Challenge of DARPA in the
United States, efforts should be made to provide a high-
quality research platform to academia.

31. Meet Real Patients!
(Practical Domain-Knowledge)

32. How to Educate Them?
In fact, in the case of our Department of Cyber Defense, we
are focusing on preventing students from studying only
specific security skills, such as vulnerability analysis.
Our curriculum includes the basic and essential major
subjects required by the Department of Computer Science.
Moreover, cyber security-related subjects are not only
focused on hacking, but also cover all subjects necessary
for cyber security experts such as cryptography, digital
forensics, data security and privacy law, etc.

33. How to Educate Them?
However, due to the nature of the department that should
not expose students' identities as much as possible, there
are limitations in running various internship programs.
Moreover, in this pandemic situation, it is more difficult to
promote internship programs.

34. How to Motivate Them?
Good salary. (-:
Even if the current salary is small, it needs to have a clear
future vision.
In the case of military or government institutions, it is
necessary to assign them tasks that are difficult to
experience in private companies or tasks that can make
them feel patriotic.

35. Thank you for giving me the opportunity to talk at a really fun conference! Let's meet offline at HITCON next year!!

36. Seungjoo Kim
Head of Department of Cyber Defense
skim71@korea.ac.kr
www.KimLab.net
www.HackProof.systems
Twitter : @skim71