The Korea Internet & Security Agency (KISA) identified 'generative artificial intelligence (AI)' as a key issue in cybersecurity for next year. With the advancement and distribution of AI, related security incidents are expected to increase. KISA also noted that it will establish criteria and support measures to preemptively block data crimes targeting the private sector, corporations, and government.
KISA held the 'KISA Cybersecurity Achievement Presentation' on the afternoon of the 11th at the Lee Byeong-hyung Hall of the War Memorial of Korea in Yongsan, Seoul. Director Lee Sang-joong said in his opening remarks, 'While life is becoming more convenient due to artificial intelligence and quantum technology, at the same time, cyber threats are becoming more intelligent and sophisticated, threatening daily safety and security.' He continued, 'As a digital security institution completing a safe digital nation, KISA will focus on advancing social security and online policy research projects in accordance with the changing environment.'
During the presentation, a total of seven presentations were made focusing on five keywords: ▲ security policy ▲ incident response ▲ personal information ▲ security industry ▲ digital safety.
◇ 'We need to establish AI security standards... Guidelines are being prepared'
On that day, Deputy Minister Hwang Bo-seong explained the cybersecurity issues for next year. He highlighted 'generative AI' as a major keyword. He indicated that with the launch of a 'Trump 2.0' administration, the autonomy of AI would increase, leading to heightened security threats. He reported, 'By 2025, it is urgent to establish AI security standards, build a framework for sharing vulnerability information, and develop measures such as Information Security Management System (ISMS)-AI.'
Deputy Minister Hwang also stated that the security paradigm would shift from post-response to preemptive prevention. However, he noted, 'Legal grounds are also needed to directly take action on products and services where actual vulnerabilities are discovered.'
Kim Seong-hoon, Head of Team for Policy Research, announced plans to establish AI security guidelines. He explained that attacks on vulnerabilities in AI models and systems are leading to disruptions of services or manipulation of outcomes. Kim said he would form an AI security forum next year to strengthen collaboration between private and public experts and support the preparation of guidelines for private sector utilization.
◇ 'Corporate awareness is still low… Zero trust maturity guideline released'
The demand for zero trust solutions is also expected to increase. Ha Byeong-wook, Head of Team for New Technology Response, defined the concept of zero trust as 'a security law aimed at preventing lateral movement by separating the interior.' He reported that, with the exception of the United States, South Korea is the country with the most active research and implementation of zero trust in the world.
However, he stated that the level of awareness among corporations regarding zero trust solutions is still low. He remarked, 'On the 3rd, we released the zero trust guideline 2.0,' adding that 'the guideline will serve as a resource for companies adopting zero trust to evaluate their maturity.'
◇ Data crimes such as phishing and hacking are serious… 'Support for preventing personal information damage'
The number of reported cases of phishing and hacking targeting corporations and individuals has been on the rise. Lim Jin-soo, Director General of the Threat Response Division, said, 'This year, we are responding to digital livelihood crimes through the organizational restructuring of the Digital Threat Response Headquarters.' He explained that the previous method of analyzing the causes after receiving reports has been improved to a method of tracking hacker activities and blocking incidents in advance.
Director General Lim stated, 'We will work to ensure that illegal spam or malicious code is not delivered to users, including sanctions against text intermediaries.' He also noted plans to establish an 'AI Security Red Team' to prevent threats to AI services.
Shim Dong-wook, Director General of the Personal Information Safety Utilization Headquarters, stated that KISA supports comprehensive evaluation and capacity building of the personal information protection level of public institutions such as central government agencies, local governments, and public enterprises.
KISA further noted that it would support the export of security companies by streamlining the gateway for domestic corporations to enter global markets. Lim Chae-tae, Director General of the Security Business Division, said, 'We recently established a global consultation forum' and emphasized that 'the goal is for domestic quality technology products to be recognized in the global market.'