[New Wave] The Blind Spot of Technology Leakage, Universities and Public Research Institutes

There was an incident where an overseas branch of a large corporation was infected with ransomware and received a monetary demand. However, the ransom amount was unusually small for a demand made to a large corporation. Finding this suspicious, the security officer thoroughly reviewed CCTV footage and work logs over several days and discovered that the attack was an inside job. The security officer reported this achievement to the headquarters and subtly expected a reward.

However, the response was an audit and disciplinary action, accusing the officer of negligence in security that allowed the internal network to be breached. Afterward, the security officer stopped reporting any suspicious signs to headquarters. No matter how thorough security is, it is impossible to block attacks 100%. Therefore, companies should focus on minimizing the leakage of core assets, and among various factors, the awareness of the company’s leadership is crucial.

There is an old saying, "An ant hole can collapse a great dike." Here is another example. A security officer who detected signs of core technology leakage by technical personnel planning to move to a competitor reported this to management but was also audited and warned. Subsequently, many technical personnel from this company left for competitors, and a significant amount of technical data was leaked during this process.

Korean companies ranked 10th in economic scale have now become companies with much to protect. However, awareness of the importance of security remains at the level of developing countries. Among 143 companies holding national core technologies, 94% have no dedicated security teams, and 86% lack dedicated security executives. Even large corporations leading globally operate HR, legal, security, and research and development (R&D) departments without interconnection, exposing security vulnerabilities.

The situation is even worse for small and medium-sized enterprises (SMEs), whose technology protection capabilities are only about 70% of those of large corporations. Although the government’s continuous efforts have improved technology protection levels, technology leakage has not decreased.

As seen in recent cases such as the large-scale technology data leak at the Agency for Defense Development (ADD) and the KAIST professor arrested for transferring national core autonomous vehicle technology to China while participating in China’s overseas talent recruitment program, the “Thousand Talents Plan,” research outcomes leakage from public research institutes and universities is a highly concerning issue. Researchers at universities and public research institutes often treat security as an obstacle to research, resulting in a lack of actual security systems or dedicated personnel. This can be considered a blind spot in technology protection.

Recently, the U.S. government implemented measures to regulate some Chinese international students who were stealing advanced technologies. Similar incidents have occurred in Korea recently, but no effective measures have been introduced. While the government’s technology protection policies mainly focus on companies, research and university education are managed separately by the Ministry of Science and ICT and the Ministry of Education, respectively, resulting in a lack of proper technology security policies.

It is now time for Korea to strengthen the so-called “research security” system. Among various measures, the priority should be to establish research security systems at universities and public research institutes and dispatch experts to cultivate security capabilities. In the past, the Korean Intellectual Property Office was able to protect and manage university research outcomes as intellectual property through the “Patent Management Expert Dispatch Project” and further generate revenue through technology transfer and commercialization such as startups. Similarly, by supporting the dispatch of “security experts” to universities and public research institutes, excellent research outcomes can be well protected, thereby enhancing the nation’s technological competitiveness.

Seungwoo Son, Professor, Department of Industrial Security, Chung-Ang University