By Jung Chang-lim

In November 2022, the release of the conversational artificial intelligence tool ChatGPT by the US startup OpenAI caused a significant impact. Unlike existing models, ChatGPT demonstrated the ability to understand the context of language and engage in conversations that resembled interactions with humans. Moreover, it even ventured into the realm of human creativity. Within just two months of its launch, ChatGPT garnered overwhelming popularity, surpassing 100 million monthly users.

However, concerns arose about the potential threats posed by AI technologies like ChatGPT to cybersecurity. Such AI technologies can generate sophisticated phishing emails that mimic natural conversations and create malicious codes that could be exploited for cyberattacks. The barrier to entry into cybercrime, which previously required specialized knowledge, has significantly lowered due to these advancements.

These cybersecurity threats, alongside the development of digital technology, have been causing harm to the daily lives of citizens and the overall economic activities of businesses. Recently, cyberattacks have even posed a serious threat to national security. For instance, in February 2022, Ukraine suffered a massive DDoS attack that paralyzed government and banking websites. In June 2023, various federal agencies, including a radioactive waste storage facility under the US Department of Energy, fell victim to hacking incidents.

In response, the government is striving to maximize the benefits brought by digital technology while minimizing security vulnerabilities. Last October, cybersecurity was designated as one of the 12 critical and emerging technologies to cultivate core interests from a national security perspective. Large-scale R&D projects are being planned jointly by relevant ministries to secure proactive and preemptive technologies to respond to cyber threats, as part of the paradigm shift in cybersecurity.

Furthermore, the adoption of new security systems, such as zero-trust and software supply chain security, is being pursued to address diverse and new security threats that are difficult to combat with the current security framework. Through various pilot projects, the government aims to identify the optimal models that suit the domestic environment. In July of this year, guidelines were released to support the effective implementation of zero-trust.

The government also plans to foster the cybersecurity industry as a strategic sector to enhance indigenous response capabilities based on private-sector capacity and leverage it as a new opportunity for economic growth. By promoting the development of security industries based on emerging technologies such as artificial intelligence and integrated security, the government aims to create new markets in the field of cybersecurity and foster outstanding and promising businesses through the formation of alliances for mutual prosperity and cooperation between companies of both demand and supply sides and promotion of global expansion.

To proactively and comprehensively respond to cyber threats in the private sector, efforts are being made to enhance response systems, such as the introduction of a threat intelligence linkage analysis system, practical mock hacking exercises, and expanded real-time information sharing. A plan is being constructed to detect and respond to cyber threats through AI-based linkage and integrated analysis. Practical mock hacking exercises conducted by white-hat hackers are being strengthened to check for security vulnerabilities in companies. Moreover, there are plans to enhance the Cyber Threat Analysis and Sharing system (C-TAS) to facilitate early response and prevent further damage from cyber incidents for companies and institutions.

The government has designated July as "Information Security Awareness Month" and the second Wednesday of July as "Information Security Awareness Day" since 2012, aiming to prevent cyberattacks and promote information protection awareness among the public. The celebration of this year focused on the theme of "Safe Digital Korea by Combining Cybersecurity Capabilities," emphasizing the collaboration of citizens, businesses, and the government to build a secure digital nation. While government support in cybersecurity is essential, it alone has its limitations. "Digital Korea" where everyone’s information is safe and protected can be realized when private-sector technological innovations and cooperation among citizens come together. I hope this Information Security Awareness Month serves as a reminder of the importance of information protection and becomes an opportunity to disseminate the culture of information protection throughout society through collaboration and solidarity.

Jung Chang-lim is the director-general of the cybersecurity and network policy bureau at the Ministry of Science and ICT. The views expressed in this column are his own. – Ed.