Korean National Security Includes Cybersecurity

related

3 minute read

Opinion originally posted by Korea Times as Letters to President Moon

During your campaign, it was a relief to hear you speak of Korea’s use of ActiveX, Internet Explorer and the national certificate system. Many Koreans (and immigrants) hate the old, difficult systems that government websites have created. From a technology perspective, these systems keep Korea behind the rest of the world. From a business perspective, Korea misses huge foreign commerce opportunities. The problem, of course, is the cost to government and businesses to move away from these technologies. The Government will need to spend trillions of won on systems and training; the new systems will take a long time to develop; and their creation will bring a whole new set of challenges to both usability and security.

Cybersecurity in Korea is almost nonexistent. All cybersecurity knowledge is owned by a few companies or government organizations. These experts often cannot actually help to secure Korea because their bosses don’t understand (or care about) the problem.

For example, for the past several years there has been a security vulnerability in Korean Internet Service Providers that could potentially disable Internet in almost every Korean home and business. Foreign security researchers know about it. KISA knows about it. Intelligence and Military agencies must know about it. But the vulnerability in Korean national critical infrastructure still exists.

From a national security perspective, I worry that North Korea – or anyone else – might use such vulnerabilities to disable communications on a national scale in coordination with a physical assault. Despite Korea’s backup systems and yearly waste-of-time mock invasion, most government agencies and all citizens would be disoriented and vulnerable.

My point here is that national security concerns seem to completely overlook cybersecurity. Various cybersecurity laws in Korea appear to have been created purely for political power, and do little to secure Korean citizens. These laws need to be reevaluated.

Cyberlaw, especially related to personal privacy rights and requirements for businesses, need to be strengthened. Laws (and services) targeting social issues like cyberbullying and 왕따-ism need to be strengthened (cyber etiquette) while removing easily-abused libel law. This will lead to better, more productive online culture where ideas can be shared.

All websites must stop requiring users to download random software to “secure” their systems. This teaches people to click yes on everything, which contributes to cyber attacks later. Government websites are currently the worst offenders for requiring the installation of random, unknown software.

Korea needs to be more accepting of hackers and security professionals. Legislation restricts how security researchers can report security incidents or vulnerabilities to vulnerable Korean companies. Very often a hacker has to decide whether to work with the Korean government – and possibly be arrested for hacking a Korean business – or not work with the Korean government, and make money off of found vulnerabilities. The Government should help make a culture of openness about security issues, where businesses will accept, and even promote vulnerability assessments of their products.

Another social issue that Koreans need to consider is Internet censorship. Censors often claim that they are protecting Korean morality, but such a subjective definition means that censorship practices can change – and be abused – by each new administration. It is time that Korea re-examined the censorship issue, and determine if such high levels of censorship impede Articles 22 and 31 of the Korean constitution.

So Mr. President, it was great to hear you discussing Internet usability issues. And solving that problem is a step in the right direction. But in terms of cyber security, national security and social issues online, Korea is failing. To solve these problems, government culture first needs to change. Then law needs to change. Then education needs to change. It’s not easy, but if you want the best future for Korea, it’s worth it.

Leave a Comment