SEOUL, KOREA - “This is the age of cyber warfare. People are becoming interested in information security more than ever. It is time to aggressively invest in information security and manpower training which are essential to the nation’s security as well as the related industries,” Professor Ryou Jae-cheol from Chungnam National University remarked in a recent interview.
Despite being acclaimed for its sophisticated technology and proficient IT professionals, South Korea has yet to resolve the most important aspect of this age of information: Information Security.
Over the years, South Korea has worked its way up the top of the ladder of technological ingenuity that at some point, it has overlooked one essential element to preserve its prowess in the world of information technology. Triggered by a series of cyber attacks and malicious intrusion, only recently has the country responded in earnest to address the issues of cyber blitz.
“The CONsortium of Computer Emergency Response Team (CONCERT) was established to prevent the spread of damage caused by incidents on Information and Communications Network in Korea. Currently consisting of 431 registered organizations, information sharing, technical exchange, and business cooperation take place within the circle of Computer Emergency Response Teams,” Prof. Ryou explains, CONCERT’s newly-elected president.
Though regulations and policies on cyber security have been around for a while, recent events caused the government to tighten them up even more. As effective as it seems, companies have found it rather difficult to comply with the said policies considering the scarcity of needed resources. It is of most importance that these concerns are raised and brought to the regulating body to devise unequivocal and realistic policies.
CONCERT plays a big role in narrowing the gap between reality and the law by gathering opinions from its members. One of its major plans is to set up a two-way communication channel between the government and itself in order to establish more efficient and reasonable policies by meeting at a common ground.
A majority of CONCERT members have already built their own security teams. Hence, they are very much aware of these security policies. More importantly, these companies display high sensitivity that even minor modifications on the said policies and regulations can greatly affect their operations and the company as a whole.
In actuality, as the business sector perceives the law as an inevitable right and obligation, difficulties in complying with the current law and rules may arise in the planning and implementation stage. It is then CONCERT’s function to listen to these voices as they represent Korea’s actual business realm. Being the primary link between the government and the people, it holds great responsibility to both parties.
PROPOSAL: A Standard Information Security Model and Definite Workforce Description
Unclear Information Security Tasks Regulations: With the recent chandelling interest towards information security, problems on budget and manpower have emerged creating a perplexity on the interpretation of the law as implemented by the regulating body.
Since the law is yet to present a standard model to define clearly the most appropriate manpower, compensation and other integral elements of information security based on different categories such as company size, industry and so on, businesses have no choice but to make risky investments on information security without definite plans as to how these laws are to be interpreted and eventually complied with. On top of the lack of unclear standards, information security teams are now facing a bigger challenge -- scarcity of manpower and budget that is now limiting their ability to carry out their strategic plans.
A standard model would best respond to these questions and straighten out the ruffled areas of the law. Through the establishment of a benchmark, a significant improvement on the information security level in the country will be on its way. Moreover, workforce on information security would receive utmost attention with regard to compensation and working conditions.
Information security is a rather challenging and at times, stressful job that entails long hours of mental and physical work. With this department shouldering the biggest responsibility of protecting the most confidential information, their job entails extraordinary care and diligence. It is for this reason that the business sector of the country is fighting for the rights of this workforce to be treated and remunerated accordingly.
Strengthening the Workforce
The work does not end in just establishing a standard model for planning and implementation. It certainly does not. Another aspect of the system must be taken into account. This question comes into mind – “Where do we find best and highly-skilled manpower”
The proponents of modifying the law highlight the importance of clear-cut policies on the required working conditions and compensation for deserving information security specialists. However, the country’s current professional manpower training for information security is inclined to expand quantitatively where most of them are short-term specialized educations.
Ideally, these training should be designed to achieve long-term goals on information security. Furthermore, various training projects must not be limited to a few institutions but rather decentralized to the government, educational institutes, and companies. Conducting training all over the country creates a lot of venues for honing untapped skills and finding the most competent information security experts. It is then imperative to raise the standards on the quality of training to improve the whole workforce to affect the law.
To guarantee quality of education from the selected institutes to perform training on information security, the government must formulate a certification system that is of international standard. There must be a progressive system that requires the level of information security training to increase in difficulty and scope as the information security level rises. However, the reality of the situation is that getting proper teaching materials and professional instructors in Korea is no easy task, an issue that makes information security in the country even harder to achieve.
Taking the USA as an example, after a very intensive verification process, they have selected 145 educational institutes from all over the country to provide information security training. It has to ensure high-quality education to be provided by these educational institutes by creating a very efficient certification system.
The Spear and Shield Tactic
In Korea, defense-oriented security techniques are now being engaged in many industries except in some fields like national organizations. This security technique can be compared to a spear and shield. A shield is established within the company by building a spear. It simply means that companies devise offensive techniques to fortify their defense system.
CONCERT believes that training white hats is the spear and shield in this cyber warfare that we are in. Korea abounds in distinctive talents who prefer to stay in the dark because society dictates they aren’t qualified enough. They are made to believe that finishing regular courses in school is the only ticket to a prestigious career. That must be changed now. As a nation that seeks equal opportunity to everyone and works towards bringing out the best in every citizen of the country, we must find these talents and train them as information security specialists to put their expertise to good use.
