July 13, 2009 12:19
While the websites of Korea's major government agencies, banks and news media were being attacked between last Tuesday and Friday, the government was helpless. It failed to prepare for the attack even though it was aware that the White House, U.S. State Department and other American government agencies had been hit on Sunday, two days before the cyber terror attacks moved to Korea. The Korea Communications Commission did not issue an alert until 1:30 a.m. on Wednesday, even though major websites in the country became paralyzed starting at 6 p.m. on Tuesday.
Once the attacks were fully underway, government agencies were unable to assess the situation and incapable of analyzing the route of the attack. Meanwhile, private computer security companies solved the mystery and warned against a fresh wave of attacks and the destruction of infected computers. When those warnings became a reality, government agencies came out with "measures" that were merely photocopies of the predictions made by the IT security firms, effectively handing the Internet security of Korea over to the private sector.
Following the Blaster worm attacks on PCs in Korea back in 2003, the National Cyber Security Center was established within the National Intelligence Service. Yet even though it was equipped with various tools to deal with a cyber attack, the NCSC’s own website was immobilized for three days, the longest period out of all homepages that had been attacked. The only thing the NCSC did was to ask a private IT security firm on Wednesday to create and distribute the vaccine patch. The reason is that the NCSC does not have the manpower to deal with an attack on this scale. The Korea Information Security Agency, which oversees the Internet infrastructure of the private sector, also has only 10 people who can analyze hacking attempts.
The Ministry of Public Administration and Security conducted a survey of the government and 695 state-run institutions early this year and found that there were just 0.7 employees per institution in charge of computer and Internet security. Out of those institutions, 67.5 percent did not have even a single expert for the job. In contrast, computer security companies have close to 1,000 staff, because the cream of the crop choose to work for private firms that offer better salaries and benefits.
Advanced countries including the United States have been investing around 10 percent of their IT budgets into Internet security over the last 10 years, but in Korea, which has gained a reputation as being the world's top IT powerhouse, such investments account for just 1 percent of the country's total IT budget.
We need to use the latest attacks as an opportunity to improve our ability to deal with cyber terror. We need to find out whether we have the proper equipment, whether it is being put to use effectively and whether the problem lies in the lack of human resources. The National Assembly must convene a hearing and the government should form investigative committees. We also need to look into the idea of creating a "cyber command" that will oversee both governmental and private sector computer security capabilities, as is the case in other countries.
- Copyright © Chosunilbo & Chosun.com