By Linda Butcher
Named as the most wired place on earth, it is no surprise that South Korea has faced many cybersecurity challenges with 2013 being one of its worst years. Unfortunately, at this time all that South Korea can do when dealing with cyberwarfare is play defense.
Earlier this year, numerous South Korean websites and servers ranging from banks to Cheong Wa Dae suffered from cyber attacks. In the week of June 25 alone, the anniversary of the Korean War, almost 70 agencies and news outlets were targeted. The attacks were believed to be motivated by a desire to undermine the country’s image, to steal personal information and for monetary gains. In July, Director General Park of the Ministry of Science, ICT and Future Planning made the announcement that Seoul suspected North Korea was behind the attacks, which North Korea has denied.
Perhaps two of the most frustrating aspects of cyber attacks are that (1) it is very difficult to determine the source and (2) when the source is determined, it is even more difficult to prevent it from happening again. As James Lewis of CSIS points out, while cyber attacks are a threat to stability, they do not “rise to the level of the use of force that would justify a military response.” And, while countries are increasing their cyber capabilities, there is no international framework on how to deal with cyber attacks. Therefore, in the case of South Korea, regardless of who is behind the attacks, one sign is apparent: Korea needs to beef up its security system.
It should therefore be no surprise that following the June attacks, Korea met with its U.S. counterparts to discuss strategy, collective defense and the common cyber threats that both countries face. While the U.S. has flaws in its own security system, there are lessons to be learned with the most effective being the SANS 20 Critical Security Controls (CSCs). This framework is not only effective in mitigating security risk, as high as 94%, but also shows how the public and private sectors are working together to enhance security. While South Korea is looking to possibly create a cyber security secretary, it should follow the SANS institute example and also look to enhance communication with the private sector, which is also just as vulnerable to attacks as the government.
With this week’s SeoulCyber 2013, Korea and the 1,500 plus representatives from more than 80 countries will be able to address a variety of issues ranging from cybercrime to the benefits of the internet. The third annual forum will attempt to conclude with an international guideline on how countries can work together in dealing with cyber security challenges. Although a guideline may not come out of this conference, it will be helpful for countries to converse with one another on best practices used and hopefully close the gap on cybersecurity challenges. This will also provide the perfect opportunity for Korea to consult with Germany, Japan, Canada and other leaders who have suffered from attacks but have continued to fight against cyberwarfare.
While Korea has definitely improved its security measures, it still has much to learn and implement. As one colleague raised, “when will the defense equal the offense?” That is, when will security measures be set in place that will make it impossible for hackers to attack? This is obviously a difficult question to answer, but Korea is making strides by working with its allies on finding solutions.
Linda Butcher is the Director of Media Relations and Public Affairs at the Korea Economic Institute of America. The view expressed here are the author’s alone.
Photo from Free Press Pics’ Photostream on flickr Creative Commons.