South Korea is taking belated-yet-necessary-steps to train more cyber security experts following a series of disruptive hacking attacks that paralyzed broadcasters, banks and government agencies. Ominously, many of the attacks reportedly originate in North Korea, which is technically still at war with the South.

“Generally, the defense military force needs to be about three or four times bigger than the attacking army. North Korea produces about 300 cyber attackers annually, but we are only at the starting point with 30 to 40 human resources,” said Lim Jong-in, dean of the Graduate School of Information Security at Korea University, in an interview with The Korea Herald.

To narrow the gap with the North, South Korea’s Ministry of Science, ICT and Future Planning has drawn up a plan to foster 5,000 “white-hat hackers” or, in a more broad term, “cyber security professionals,” by 2017. 

Of the planned 5,000 specialists announced by the ministry, 1,260 of them will be raised under government-affiliated agencies linked to the Department of Cyber Defense at Korea University, Korea Information Technology Research Institute and Korea Internet & Security Agency.

Korea University’s Cyber Defense Department, started in 2011, is at the forefront of the training campaign. It selects only 30 students a year and does not reveal its specific curriculum or even information about its students.

“Students are taught to incorporate not only IT techniques like decoding, analyzing and investigating, but also to learn ethics and leadership to prepare for international cooperation,” said Lim.

Similarly, KITRI runs a special program called “Best of Best,” targeting talented students who could become security experts in the future. About 120 students from high schools to graduate schools are selected based on prior experience to be trained for six months. Programs include simulated cyber war with classmates.

The top 10 finalists of KITRI’s program get substantial advantages in employment and further education. According to a member of the advisory panel for BoB, the program offers an intensive course so that trainees can be dispatched quickly.

KISA is another agency in charge of training cyber security professionals. Its “Cyber Security Elite Training” program kicked off in July this year. In the first stage of the two-tier training courses, 120 participants with experience in the IT industry go through 60 hours of training at IT academies. In the second stage, those who finish the first curriculum successfully are admitted to the KISA academy, where they have 90 hours of intensive education programs.

“The program aims to screen the elite cyber security professionals who can immediately react to unexpected cyber attacks,” said Lee Yun-soo, head of the KISA academy. “While the BoB program wants to raise awareness and interest in the field of cyber security for younger students, we focus on strengthening the already competent students’ expertise further,” he said.

Aside from state-run programs, the private sector is also keen to train white-hat hackers. For instance, HARU is a well-known white-hat hacker group in South Korea, which holds seminars and conferences, notably “SecuInside,” to expand benign hackers’ domain in South Korea and enhance their expertise.

“SecuInside 2013,” held on July 3 in Yeouido, Seoul, hosted an anti-hacking contest, which attracted 1,083 white-hat hacker teams from 77 countries.

“Our members include those who are office workers in different industries, but want to contribute to our group out of pure interest in hacking,” said Lee Ki-taek, president of HARU.

Given that a variety of training programs are underway to secure more security and hacking experts, Korea seems to be making progress. But experts warn that there is still a long way to go, especially concerning the sheer lack of cyber attack experts.

By Jin Eun-soo and Choi Jung-min
(janna924@heraldcorp.com) (jungmin.cjm@heraldcorp.com)