How South Korea Invests in Human Capital for Cyber-Security by Seungjoo Gabriel Kim - CODE BLUE 2015
Post on 15-Apr-2017
330 Views
Preview:
Transcript
How South Korea Invests in Human Capital for Cyber-Security
2
Who am I?
Cyber Security Situation
Government
Non-Profit Private Organization
Universities & Colleges
Other Education Programs
University Security Clubs
Hacking Contests/Conferences
Conclusions & Future Works
Contents
3
Who am I?
4
2000. 03. : Founded Graduate School of Information Security () domestically for the first time
2009. 12. & 2010. 08. : Successively won DC3 Digital Forensic Challenge 2009 & 2010
2012. 03 : Established Undergraduate Dept. of Cyber Defense (Cyber)
2015. 05 : Came in 3rd at the ACM International Collegiate Programming Contest, one of the largest international programming contests
2015. 08. : Won DEFCON CTF 2015
Korea University
5
Leading institution in research and education in cybersecurity of Korea
17 full-time professors + 2 adjunct professors + 8 visiting professors
Having turned out 1,000+ Ms.D/Ph.D security experts
Having published 520+ papers on SCI(E) journals over the last 15 years
Former president of Graduate School of Information Security, Jong In Lim, was appointed as Special Advisor to the President for National Security
Korea University (Cont.)
6
(Nick : Pr0xy5kim), 1971
1999. 02 : Ph.D on Cryptography @ Sungkyunkwan Univ.
1997.6~1997.8 : Visiting Researcher @ Prof. Shigeo Tsujii's Lab. of the Chuo University, Tokyo, Japan
1998.12~2004.02 : Director @ KISA (Korea Internet & Security Agency)
2004.03~2011.02 : Assistant Professor & Associate Professor @ Sungkyunkwan Univ.
2011.03~Now : Associate Professor & Full Professor @ Graduate School of Information Security, Korea Univ.
Prof. Dr. Seungjoo (Gabriel) Kim
7
From 2011, Co-Founder/Advisory Director of a hacker group, HARU and an international security & hacking conference, SECUINSIDE.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
8
Founded in 2011
Acronym of HAckers Re-Union or HAckers aRe Us
President :
Members :
BLACK.PERL (www.bpsec.co.kr), CNSECURITY (www.cnsec.co.kr), FlyHigh, GRAYHASH (BEISTLAB, www.grayhash.com), Hackerschool (www.hackerschool.org), iNET COP (www.inetcop.net), NSHC (www.nshc.net), SEWORKS (Wowhacker, www.seworks.co), etc.
[Note] HARU
9
Also, a head of SANE(Security Analysis aNd Evaluation, ) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
10
Also, a head of SANE(Security Analysis aNd Evaluation, ) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
11
Cyber Security Situation
12
In Korea, cyber warfare has become real, not a virtual one. North Korea continues to expand its cyber warfare capabilities.
South Korean National Intelligence Service (NIS, Korean CIA) officially reported 75,472 cyber-attacks launched against the government and public agencies from 2010 until October 2014.
North Korea attempts millions of indiscriminate cyber-attack attempts on government agencies and private corporations in South Korea.
Cyber Security Situation in KR
13
Especially, five years ago, South Korea was hit by a computer virus that took over 20,000 computers and had them attack banks, television stations and its ministry of defense.
Korean government believes that North Korean General Bureau of Reconnaissance (), specifically Unit 121, dedicates more than 6,000 full-time hackers who create malicious computer codes.
Cyber Security Situation in KR (Cont.)
14
To narrow the gap with the North, recently South Korean government has been devoting itself to raise more cyber security experts.
Cyber Security Situation in KR (Cont.)
15
Government
16
National Security Office (, Control Tower)
NIS (National Intelligence Service (Korean CIA), ])
NSR (National Security Research Institute)
MSIP (Ministry of Science, ICT & Future Planning, )
KISA (Korea Internet & Security Agency) Cyber Security Research Division of ETRI (Electronics
and Telecommunications Research Institute)
KCC (Korea Communications Commission, )
Cyber Security Related Government
17
MOI (Ministry of the Interior, )
FSC (Financial Services Commission, ) & FSS (Financial Supervisory Service, )
FSI (Financial Security Institute)
MOD (Ministry of Defense, ) & Cyber Command
ADD (Agency for Defense Development)
SPO (Supreme Prosecutors' Office, ) & NPA (National Police Agency, )
Cyber Security Related Government
18
Non-Profit Private Organizations
19
NISA (National Information Security Agency, 2002)
KIISC (Korea Institute of Information Security & Cryptology, 1990) www.kiisc.or.kr
KCSA (Korea Convergence Security Association, 2001) www.kocosa.org
KISIA (Korea Information Security Industry Association, 1997) www.kisia.or.kr
CONCERT (CONsortium of CERTs, 1996) www.concert.or.kr
Non-Profit Private Organizations
20
Korea Council of Chief Information Security Officers (2009) www.cisokorea.org
OPA (Korea Online Privacy Association, 2011) www.opa.or.kr
KCPPI (The Korean Council on the Protection of Personal Information, 2010) www.kcppi.or.kr
Korea Chief Privacy Officers' FORUM (2007) www.cpoforum.or.kr
HARU (HAckers Re-Union, 2011) www.h4ru.com
Non-Profit Private Organizations
21
Universities & Colleges
22
# of Departments of Undergraduate schools to offer cyber security programs of study : 36 (increased 28.6% from year-ago)
# of Undergraduate Students on the register : 5,701 (increased 15.8% from year-ago)
# of Departments of Graduate schools to
offer cyber security programs of study : 32
# of Graduate Students on the register : 1,241 (increased 24.6% from year-ago)
Universities (in 2014)
23
Since Joongbu Univ. established the first cyber security undergraduate program in 1996, it has been growing quickly every year.
Recently, joint educational programs with security companies are on the increase.
Full Scholarship over Guaranteed Employment
Universities (in 2014) (Cont.)
24
# of Departments of Colleges to offer cyber security programs of study : 8
# of students on the register : 568
(increased 34.6% from year-ago)
Colleges (in 2014)
25
Established in 2012 In 2016, we will graduate 30 students for
the first time.
Joint educational programs with Korea Army (Cyber Command)
Full Scholarship over Guaranteed Employment
Upon graduation, they are to be commissioned as second lieutenants and must serve in the military for seven years
Accept top 1% of students in the national college entrance exam
Dept. of CYDF @ Korea Univ.
26
Inspired by Israel's Talpiot program
Talpiot means best of the best in Hebrew
Israel set up the Talpiot program in 1979 to train the nation's most promising high-school graduates to become technological innovators for the military
Members of program, called Talpions, spend 3 years in study, followed by 6 years of military service focused on improving the Israeli military's technological edge rather than serving in combat units
Giving financial support for start-ups
Dept. of CYDF @ Korea Univ. (Cont.)
27
Curriculum :
Cryptology & Steganography Cyberlaw Cyberpsychology Hacking Digital forensics Information assurance Basic military studies, etc Also embedded some programs in the
curriculum to inculcate students with patriotism and a strong work ethic
Dept. of CYDF @ Korea Univ. (Cont.)
28
In 2015, "DEFKOR," the team comprised of 8 students from Dept. of CYDF at Korea University and 3 from Korea-based IT security solution provider Raonsecure, and 2 Korean students studying in the U.S. won the TOP prize at the DEFCON CTF 23!
In this year, 4,000+ teams qualified, 15 teams made finalists!
Dept. of CYDF @ Korea Univ. (Cont.)
29
Other Education Programs
30
Public Sector & Government Cyber Security Education Programs
Education and Training for Public Officers NSRs CSTEC, KIA Academy
Education and Training for Non-Officers KISAs K-Shield, KITRIs BoB, KISAs Online
Information Security Training Lab., ITRC
Private Sector Cyber Security Education Programs In 2014, 25 private cyber security training
institutes
Other Education Programs
31
CSTEC (Cyber Security Training and Exercise Center)
Opened at Daejeon, Oct. 2014.
Organized by NSR (National Security Research Institute)
KISA Academy
Opened at Seoul, May 2009.
Organized by KISA (Korea Internet & Security Agency)
Public Programs for Public Officers
32
K-Shield
Since 2013.
Organized by KISA
Aimed at : Raising very highly skilled cyber security experts
Until 2017, plan to produce 5,000 certified experts
Applicants requirement : Security staffs in public or private sector
Public Programs for Non-Officers
33
BoB (Best of the Best)
Since 2012.
Organized by KITRI (Korea Information Technology Research Institute)
Aimed at : Raising very highly skilled cyber security experts
Running strong peer-to-peer mentoring program for professional development.
Mentors : Almost all members of HARU, Other well-known security experts, etc.
Applicants requirement : Students (high school, undergraduate and graduate)
Public Programs for Non-Officers
34
BoB (Best of the Best)
Courses :
About 8 month course
Survival program
The final 6 students will get around $17,000 each
1st Semester : Learning about information security (crypto, network, OS, ethics and so on) from professionals
2nd Semester : Projects with mentors
3rd Semester : Advanced researches
Public Programs for Non-Officers
35
BoB (Best of the Best)
Among 13 DEFKOR members, 10 is BoB students(8) or mentors(2)!
Public Programs for Non-Officers
36
Online Information Security Training Lab.
Since 2001.
Organized by KISA
www.sis.or.kr
Public Programs for Non-Officers
37
ITRC (University Information Technology Research Center)
Since 2000.
Supported by the MSIP (Ministry of Science, ICT & Future Planning)
During 2000~2014, KRW 415.72 billion (= USD 363,709,536.31 = JPY 43,699,740,358.03) was funded (121 centers of 45 universities) by MSIP
Including ITRC for cyber security field
Public Programs for Non-Officers
38
University Security Clubs
39
At school, lots of information security clubs in Korea
Since 2006, KISA & MSIP have been encouraging and supporting security clubs at universities
In 2014, 45 clubs are selected & supported
Awards and Money
Some clubs are famous at the world class CTFs
CyKor (Korea Univ.), GoN (KAIST), PLUS (Postech)
University Clubs of Information Security
40
Hacking Contests/Conferences
41
10+ hacking contests/conferences per year
International
SECUINSIDE by HARU, Korea Univ., KISA(MSIP), NSR(NIS), and KOSCOM
CODEGATE by SOFTFORUM and KISA(MSIP) POC (Power Of Community) by HNS company
Domestic
HDCON (Hacking Defence CONtest) by KISA(MSIP)
White-Hat Hacker Contest by Ministry of Defense and the NIS
FISCON (Financial Information Security CONference) by FSI(FSS)
INC0GNITO by 10 University Security Clubs
Hacking Contests/Conferences
42
Since 2011.
Hosted by HARU, Korea Univ., KISA(MSIP), NSR(NIS), and KOSCOM
SECUINSIDE CTF winners are pre-qualified for DEFCON CTF
From 2015, they began Pwn2Own contest (named as 'Capture The Bug') for the first time in Korea
www.secuinside.com
SECUINSIDE
43
Since 2008.
Hosted by SOFTFORUM and KISA(MSIP)
The first international hacking contests/conferences in Korea
CODEGATE CTF winners are pre-qualified for DEFCON CTF
www.codegate.org
CODEGATE
44
Since 2004.
Hosted by KISA(MSIP)
The oldest hacking contests/conferences in Korea
HDCON
45
Korea is probably most activated infosec country in East Asia! However, we should move
From quantitative growth to qualitative growth
Can get a good job after graduation
From information security oriented education to information assurance oriented education (e.g.) U.S.s NIAETP (National Information
Assurance. Education and Training Program)
Conclusions & Future Works
46
[Note] Information Assurance
47
Computer Security Era (the early 1960s ~)
Information Security Era (the 1980s ~)
Information Assurance Era (1998 ~)
[Note] Information Assurance
48
Originated in the U.S. DoD in the late 1990's.
IA is more than just IS!
[Note] Information Assurance
(Source : Algirdas Aviz ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)
How South Korea Invests in Human Capital for Cyber-Security
Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24Slide Number 25Slide Number 26Slide Number 27Slide Number 28Slide Number 29Slide Number 30Slide Number 31Slide Number 32Slide Number 33Slide Number 34Slide Number 35Slide Number 36Slide Number 37Slide Number 38Slide Number 39Slide Number 40Slide Number 41Slide Number 42Slide Number 43Slide Number 44Slide Number 45Slide Number 46Slide Number 47Slide Number 48Slide Number 49
top related