**Without securing national security competitiveness, it is difficult to achieve being one of the top three in AI or Sovereign AI. The control tower must be integrated and unified, and a national-level long-term strategy must be prepared.**
A recent roundtable discussion on cybersecurity was held at Maeil Business Newspaper headquarters, attended by experts who took a commemorative photo before their discussions. From the left are Lee Won-tae, a special professor at Kookmin University (former KISA President), Kim Chang-oh, information security PM at the Institute of Information & Communications Technology Planning & Evaluation (IITP), Jo Young-chul, President of the Korea Information Security Industry Association (KISIA), Kim Jeong-nyeo, director of Cybersecurity Research Division at the Electronics and Telecommunications Research Institute (ETRI), and Kim Dong-jo, CTO of Hancom With. The discussion highlighted the weaknesses in Korea’s security awareness and response system exposed by large-scale cyberattacks targeting SK Telecom and Yes24. Experts agree that Korea needs to quickly establish an integrated national security strategy.
**― What are the recent hacking trends?**
**Jo Young-chul, President**: The trends can be summarized as “organized crime” and “widespread random attacks.” SK Telecom faced systematic attacks on its infrastructure for several years, likely involving a specific country. Yes24’s incident was a random ransomware attack, with the possibility that SK Telecom was also unintentionally caught in a random attack. Advancements in AI have made cyberattacks more sophisticated and indiscriminate, easily breaching security networks.
**Kim Jeong-nyeo, Director**: The nature of attackers has changed. Previously, attacks were isolated efforts by small hacking groups; now, they are industrialized and organized, involving multinational crime organizations. Cyberattacks are becoming a business model. At the same time, cybersecurity investment is deprioritized by companies, despite aggressive investments in AI semiconductors and quantum technologies. The tendency to respond with short-term solutions to immediate needs is concerning.
**― How should we respond on a national level?**
**Kim Chang-oh, PM**: With the new government’s inception, we are at a “golden time” to strengthen cybersecurity. Focused investments in AI security are crucial. AI is a game-changer in cybersecurity, enhancing attack precision and automation. Without AI-based detection and response technologies, effective defenses are challenging. Delaying AI security initiatives will lead to a loss of national competitiveness. Security should lead in establishing global AI competitiveness.
**Jo Young-chul, President**: An AI superpower can’t exist without cybersecurity. Of the Isae government’s 100 trillion won AI investment, 10%, or 10 trillion won, should go into security. Countries like the US invest huge amounts to grow cyber security as an industry. South Korea should regard cybersecurity as a strategic industry and provide long-term support, akin to the transformation of domestic defense into a major export industry. Expanding information protection disclosure systems and providing guidance on security investment amounts are necessary. The current IT budget’s security investment share, around 6%, should be elevated to 10% to match the US level.
**― Examples of foreign benchmarks?**
**Lee Won-tae, Professor**: In 2021, the US legislated an investment tax credit system to strengthen power grid cybersecurity. When building new ultra-high voltage transmission lines and incorporating advanced cybersecurity technologies, a portion of the investment costs is tax-deductible. This policy elevates basic security obligations through legislation and incentivizes private voluntary efforts with tax benefits. Ohio’s “Data Protection Act” relieves some liability for hacking incidents if cybersecurity compliance is diligently followed, recognizing that despite best efforts, it’s impossible to fully prevent attacks and encouraging proactive security investments.
**Kim Dong-jo, CTO**: Unlike major cyber security nations, coordination entities like Israel’s INCD or the US’s CISA, which oversee comprehensive cybersecurity, are absent in Korea. Here, responsibilities are distributed among various agencies like the National Intelligence Service, Ministry of Science and ICT, Financial Services Commission, Ministry of National Defense, and Police Agency, complicating integrated cooperation and establishing a unified command structure.