The document discusses South Korea's efforts to invest in human capital for cyber security. It outlines the cyber security situation in South Korea and the various government, non-profit, educational, and other programs that have been established to raise cyber security experts in response to threats. These include graduate programs, university departments, vocational colleges, hacker groups, competitions, and training run by government agencies. The goal is to narrow the gap with North Korea's cyber capabilities.
How South Korea Invests in Human Capital for Cyber-Security
1. 고려대학교정보보호대학원
마스터 제목 스타일 편집
고려대학교정보보호대학원CODEBLUE2015@Tokyo,Japan
How South Korea Invests in
Human Capital for Cyber-Security
This research was supported by the MSIP(Ministry of Science, ICT and Future Planning), Korea,
under the ITRC(Information Technology Research Center) support program (IITP-2015-R0992-15-1006)
supervised by the IITP(Institute for Information & communications Technology Promotion)
2. 고려대학교정보보호대학원
마스터 제목 스타일 편집
2
Who am I?
Cyber Security Situation
Government
Non-Profit Private Organization
Regular School Education (Univ. & Colleges)
Other (Non-Regular) Education Programs
University Security Clubs
Hacking Contests/Conferences
Conclusions & Future Works
Contents
4. 고려대학교정보보호대학원
마스터 제목 스타일 편집
4
2000. 03. : Founded Graduate School of
Information Security (情報保護大學院)
domestically for the first time
2009. 12. & 2010. 08. : Successively won
DC3 Digital Forensic Challenge 2009 &
2010
2012. 03 : Established Undergraduate
Dept. of Cyber Defense (Cyber國防學科)
2015. 05 : Came in 3rd at the ACM
International Collegiate Programming
Contest, one of the largest international
programming contests
2015. 08. : Won DEFCON CTF 2015
Korea University
5. 고려대학교정보보호대학원
마스터 제목 스타일 편집
5
Leading institution in research and education in
cybersecurity of Korea
17 full-time professors + 2 adjunct professors +
8 visiting professors
Having turned out 1,000+ Ms.D/Ph.D security
experts
Having published 520+ papers on SCI(E) journals
over the last 15 years
Former president of Graduate School of
Information Security, Jong In Lim, was
appointed as ’President’s Special Adviser for
the National Security (靑瓦臺 安保特別補佐官)’
Korea University (Cont.)
6. 고려대학교정보보호대학원
마스터 제목 스타일 편집
6
金 昇 柱 (Nick : Pr0xy5kim), 1971
1999. 02 : Ph.D on Cryptography @
Sungkyunkwan Univ.
1997.6~1997.8 : Visiting Researcher @ Prof.
Shigeo Tsujii's Lab. of the Chuo University,
Tokyo, Japan
1998.12~2004.02 : Director @ KISA (Korea
Internet & Security Agency)
2004.03~2011.02 : Assistant Professor &
Associate Professor @ Sungkyunkwan Univ.
2011.03~Now : Associate Professor & Full
Professor @ Graduate School of
Information Security, Korea Univ.
Prof. Dr. Seungjoo (Gabriel) Kim
7. 고려대학교정보보호대학원
마스터 제목 스타일 편집
7
From 2011, Co-Founder/Advisory
Director of a hacker group, HARU
and an international security &
hacking conference, SECUINSIDE.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
8. 고려대학교정보보호대학원
마스터 제목 스타일 편집
8
Founded in 2011
Acronym of ”HAckers’ Re-Union” or ”HAckers aRe
Us”
One of the biggest association of underground hacking
groups and communities in Korea
President :
8+ Honorable Members :
BLACK.PERL (www.bpsec.co.kr), CNSECURITY
(www.cnsec.co.kr), FlyHigh, GRAYHASH (BEISTLAB,
www.grayhash.com), Hackerschool
(www.hackerschool.org), iNET COP (www.inetcop.net),
NSHC (www.nshc.net), SEWORKS (Wowhacker,
www.seworks.co), etc.
[Note] HARU
9. 고려대학교정보보호대학원
마스터 제목 스타일 편집
9
Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
10. 고려대학교정보보호대학원
마스터 제목 스타일 편집
10
Also, a head of SANE(Security Analysis
aNd Evaluation, 保安性分析評價) Lab.
Prof. Dr. Seungjoo (Gabriel) Kim (Cont.)
Ryan Beist Silverdel
Jack2
12. 고려대학교정보보호대학원
마스터 제목 스타일 편집
12
In Korea, cyber warfare has become real,
not a virtual one. North Korea continues to
expand its cyber warfare capabilities.
South Korean National Intelligence Service
(NIS, Korean CIA) officially reported 75,472
cyber-attacks launched against the
government and public agencies from 2010
until October 2014.
North Korea attempts millions of indiscriminate
cyber-attack attempts on government agencies
and private corporations in South Korea.
Cyber Security Situation in KR
13. 고려대학교정보보호대학원
마스터 제목 스타일 편집
13
Especially, five years ago, South Korea was
hit by a computer virus that took over
20,000 computers and had them attack
banks, television stations and its ministry of
defense.
Korean government believes that North
Korean General Bureau of Reconnaissance
(偵察總局), specifically Unit 121, dedicates
6,000+ full-time hackers who create
malicious computer codes.
1,700 experts and 5,100 supportive members
Cyber Security Situation in KR (Cont.)
14. 고려대학교정보보호대학원
마스터 제목 스타일 편집
14
To narrow the gap with the North,
recently South Korean government has
been devoting itself to raise more
cyber security experts.
Cyber Security Situation in KR (Cont.)
16. 고려대학교정보보호대학원
마스터 제목 스타일 편집
16
Blue House National Security Office (國家安保室)
as Control Tower
NIS (National Intelligence Service (Korean CIA),
國家情報院) for Public Sector
NSR (National Security Research Institute) for Technical
Support
MSIP (Ministry of Science, ICT & Future Planning,
未來創造科學部) for Private Sector
KISA (Korea Internet & Security Agency) for Technical
Support
Cyber Security Research Division of ETRI (Electronics and
Telecommunications Research Institute) for Development
of Fundamental Security Technologies
KCC (Korea Communications Commission, 放送通信
委員會) for the Citizens’ Personal Information
Protection
Cyber Security Related Government
17. 고려대학교정보보호대학원
마스터 제목 스타일 편집
17
MOI (Ministry of the Interior, 行政自治部) for E-
Gov.
FSC (Financial Services Commission, 金融委員會)
& FSS (Financial Supervisory Service, 金融監督院)
for Financial Sector
FSI (Financial Security Institute) for Technical
Support
MOD (Ministry of Defense, 國防部) & Cyber
Command for Military Sector
ADD (Agency for Defense Development) for
Technical Support
SPO (Supreme Prosecutors' Office, 大檢察廳) &
NPA (National Police Agency, 警察廳) for Cyber
Crime
Cyber Security Related Government
19. 고려대학교정보보호대학원
마스터 제목 스타일 편집
19
NISA (National Information Security Alliance,
2002)
KIISC (Korea Institute of Information Security &
Cryptology, 1990.12.) for Promoting Academic
Research (e.g., ICISC, WISA, etc.)
www.kiisc.or.kr
KCSA (Korea Convergence Security Association,
2001)
www.kocosa.org
KISIA (Korea Information Security Industry
Association, 1997.7.) as Representative Body for
157+ Information Security Companies
www.kisia.or.kr
CONCERT (CONsortium of Computer Emergency
Response Teams, 1996)
www.concert.or.kr
Non-Profit Private Organizations
20. 고려대학교정보보호대학원
마스터 제목 스타일 편집
20
Korea Council of Chief Information Security
Officers (2009)
www.cisokorea.org
OPA (Korea Online Privacy Association, 2011)
www.opa.or.kr
KCPPI (The Korean Council on the
Protection of Personal Information, 2010)
www.kcppi.or.kr
Korea Chief Privacy Officers' FORUM (2007)
www.cpoforum.or.kr
HARU (HAckers’ Re-Union, 2011)
www.h4ru.com
Non-Profit Private Organizations
22. 고려대학교정보보호대학원
마스터 제목 스타일 편집
22
# of Departments of Undergraduate
schools to offer cyber security programs of
study : 36 (increased 28.6% from year-ago)
# of Undergraduate Students on the register :
5,701 (increased 15.8% from year-ago)
# of Departments of Graduate schools to
offer cyber security programs of study : 32
# of Graduate Students on the register : 1,241
(increased 24.6% from year-ago)
Universities (in 2014)
23. 고려대학교정보보호대학원
마스터 제목 스타일 편집
23
Since Joongbu Univ. established the first
cyber security undergraduate program in
1996, it has been growing quickly every
year.
Recently, joint educational programs
with security companies are on the
increase.
Full Scholarship over Guaranteed
Employment
Universities (in 2014) (Cont.)
24. 고려대학교정보보호대학원
마스터 제목 스타일 편집
24
# of Departments of Colleges to offer
cyber security programs of study : 8
# of students on the register : 568
(increased 34.6% from year-ago)
Colleges (in 2014)
25. 고려대학교정보보호대학원
마스터 제목 스타일 편집
25
Established in 2012
In 2016, we will graduate 30 students for
the first time.
Joint educational programs with Korea
Army (Cyber Command)
Full Scholarship over Guaranteed
Employment
Upon graduation, they are to be commissioned
as second lieutenants and must serve in the
military for seven years
Accept top 1% of students in the
national college entrance exam
Dept. of CYDF @ Korea Univ.
26. 고려대학교정보보호대학원
마스터 제목 스타일 편집
26
Inspired by Israel's Talpiot program
“Talpiot” means “best of the best” in Hebrew
Israel set up the Talpiot program in 1979 to
train the nation's most promising high-
school graduates to become technological
innovators for the military
Members of program, called “Talpions”,
spend 3 years in study, followed by 6 years
of military service focused on improving the
Israeli military's technological edge rather
than serving in combat units
Giving financial support for start-ups
Dept. of CYDF @ Korea Univ. (Cont.)
27. 고려대학교정보보호대학원
마스터 제목 스타일 편집
27
Curriculum deals with :
Cryptology & Steganography
Cyberlaw
Cyberpsychology
Hacking
Digital forensics
Information assurance
Basic military studies, etc
Also embedded some programs in the
curriculum to inculcate students with
patriotism and a strong work ethic
Dept. of CYDF @ Korea Univ. (Cont.)
28. 고려대학교정보보호대학원
마스터 제목 스타일 편집
28
In 2015, "DEFKOR," the team comprised
of 8 students from Dept. of CYDF at
Korea University and 3 from Korea-based
IT security solution provider Raonsecure,
and 2 Korean students studying in the
U.S. won the TOP prize at the DEFCON
CTF 23!
In this year, 4,000+ teams
qualified, 15 teams made
finalists!
Dept. of CYDF @ Korea Univ. (Cont.)
30. 고려대학교정보보호대학원
마스터 제목 스타일 편집
30
Public Sector & Government-Run Cyber
Security Education Programs
Education and Training for Public Officers
NSR’s CSTEC, KIA Academy
Education and Training for Non-Officers
KISA’s K-Shield, KITRI’s BoB, KISA’s Online
Information Security Training Lab., ITRC
Private Sector-Run Cyber Security
Education Programs
In 2014, 25 private cyber security training
institutes
Other Education Programs
31. 고려대학교정보보호대학원
마스터 제목 스타일 편집
31
CSTEC (Cyber Security Training and
Exercise Center)
Opened at Daejeon, Oct. 2014.
Organized by NSR (National Security
Research Institute)
KISA Academy
Opened at Seoul, May 2009.
Organized by KISA (Korea Internet &
Security Agency)
Public Programs for Public Officers
32. 고려대학교정보보호대학원
마스터 제목 스타일 편집
32
K-Shield
Since 2013.
Organized by KISA
Aimed at : Raising very highly skilled cyber
security experts
Until 2017, plan to produce 5,000 certified
experts
Applicant’s requirement : Security staffs in
public or private sector
Public Programs for Non-Officers
33. 고려대학교정보보호대학원
마스터 제목 스타일 편집
33
BoB (Best of the Best)
Since 2012.
Organized by KITRI (Korea Information
Technology Research Institute)
Aimed at : Raising very highly skilled cyber
security experts
Running strong peer-to-peer mentoring
program for professional development.
Mentors : Almost all members of HARU, Other well-
known security experts, etc.
Applicant’s requirement : Students (high
school, undergraduate and graduate)
Public Programs for Non-Officers
34. 고려대학교정보보호대학원
마스터 제목 스타일 편집
34
BoB (Best of the Best)
Courses :
About 8 month course
Survival program
The final 6 students will get around $17,000 each
1st Semester : Learning about information
security (crypto, network, OS, ethics and so on)
from professionals
2nd Semester : Projects with mentors
3rd Semester : Advanced researches
Public Programs for Non-Officers
35. 고려대학교정보보호대학원
마스터 제목 스타일 편집
35
BoB (Best of the Best)
Among 13 DEFKOR members, 10 are from
BoB students(8) or mentors(2)!
Public Programs for Non-Officers
36. 고려대학교정보보호대학원
마스터 제목 스타일 편집
36
Online Information Security Training
Lab.
Since 2001.
Organized by KISA
www.sis.or.kr
Public Programs for Non-Officers
37. 고려대학교정보보호대학원
마스터 제목 스타일 편집
37
ITRC (University Information
Technology Research Center)
Since 2000.
Supported by the MSIP (Ministry of Science,
ICT & Future Planning)
During 2000~2014, KRW 415.72 billion (= USD
363,709,536.31 = JPY 43,699,740,358.03) was
funded (121 centers of 45 universities) for the
enhancement of IT research capabilities of
universities
Including ITRC for cyber security field
Public Programs for Non-Officers
39. 고려대학교정보보호대학원
마스터 제목 스타일 편집
39
At school, lots of information security clubs
in Korea
Since 2006, KISA & MSIP have been
encouraging and supporting security clubs
at universities
In 2014, 45 clubs are selected & supported
Awards and Money
Some clubs are famous at the world class
CTFs
CyKor (Korea Univ.), GoN (KAIST), PLUS
(Postech)
University Clubs of Information Security
41. 고려대학교정보보호대학원
마스터 제목 스타일 편집
41
10+ hacking contests/conferences per year
International
SECUINSIDE by HARU, Korea Univ., KISA(MSIP),
NSR(NIS), and KOSCOM
CODEGATE by SOFTFORUM and KISA(MSIP)
POC (Power Of Community) by HNS company
Domestic
HDCON (Hacking Defence CONtest) by
KISA(MSIP)
White-Hat Hacker Contest by Ministry of
Defense and the NIS
FISCON (Financial Information Security
CONference) by FSI(FSS)
INC0GNITO by 10 University Security Clubs
Hacking Contests/Conferences
42. 고려대학교정보보호대학원
마스터 제목 스타일 편집
42
Since 2011.
Hosted by HARU, Korea Univ.,
KISA(MSIP), NSR(NIS), and KOSCOM
SECUINSIDE CTF winners are pre-
qualified for DEFCON CTF
From 2015, they began Pwn2Own
contest (named as 'Capture The Bug')
for the first time in Korea
www.secuinside.com
SECUINSIDE
43. 고려대학교정보보호대학원
마스터 제목 스타일 편집
43
Since 2008.
Hosted by SOFTFORUM and KISA(MSIP)
The first international hacking
contests/conferences in Korea
CODEGATE CTF winners are pre-qualified
for DEFCON CTF
www.codegate.org
CODEGATE
44. 고려대학교정보보호대학원
마스터 제목 스타일 편집
44
Since 2004.
Hosted by KISA(MSIP)
The oldest hacking contests/conferences
in Korea
HDCON
45. 고려대학교정보보호대학원
마스터 제목 스타일 편집
45
Korea is probably most activated infosec
country in East Asia! However, we should
move …
From quantitative growth to qualitative
growth
Can get a good job after graduation
From information security-oriented
education to information assurance-
oriented education
(e.g.) U.S.’s NIAETP (National Information
Assurance Education and Training Program)
Conclusions & Future Works
47. 고려대학교정보보호대학원
마스터 제목 스타일 편집
47
Computer Security Era (the early 1960s
~)
Information Security Era (the 1980s ~)
Information Assurance Era (1998 ~)
[Note] Information Assurance
48. 고려대학교정보보호대학원
마스터 제목 스타일 편집
48
Originated in the U.S. DoD in the late
1990's.
IA is more than just IS!
[Note] Information Assurance
(Source : Algirdas Avizÿ ienis et al., "Fundamental Concepts of Dependability", UCLA CSD Report no. 010028)
49. 고려대학교정보보호대학원
마스터 제목 스타일 편집
고려대학교정보보호대학원CODEBLUE2015@Tokyo,Japan
How South Korea Invests in
Human Capital for Cyber-Security
This research was supported by the MSIP(Ministry of Science, ICT and Future Planning), Korea,
under the ITRC(Information Technology Research Center) support program (IITP-2015-R0992-15-1006)
supervised by the IITP(Institute for Information & communications Technology Promotion)