The Battle of Cybersecurity: Government Fights Ransomware with Offense and Defense

[Asia Economy Reporter Cha Min-young] As cyber security issues have spread in tandem with COVID-19, so-called a 'cyber pandemic,' government ministries have mobilized their response capabilities. Domestic cases of ransomware attacks, where hackers demand ransom using stolen information as leverage, have reached 100 this year alone, raising social awareness.

On the 5th, the Ministry of Science and ICT announced the ‘Ransomware Response Enhancement Plan’ at the 42nd Emergency Economic Central Countermeasures Headquarters meeting chaired by Deputy Prime Minister Hong Nam-ki, in collaboration with related ministries.

The government is considering adding oil refineries (process control systems), autonomous driving control systems, and others to the list of critical information and communication infrastructure required to establish and implement information security measures. Protection measures for infrastructure will include ‘backup system establishment’ and ‘business continuity plans’ to prevent ransomware, and emergency inspections and simulation drills for infrastructure will be expanded. Institutional improvements will also be pursued to allow the government to demand on-site inspections and vulnerability improvements.

To secure the supply chain of infrastructure, a security inspection system will be established for software and system developers installed in infrastructure, and support for strengthening software and solution security will be provided through the ‘Software Development Security Hub’ (Pangyo). To enhance cybersecurity at research institutions, a self-diagnosis system capable of continuous inspection and analysis of research and development servers will be applied to government-funded research institutes and four major science and technology institutes, and penetration testing will be strengthened.

Small and medium-sized enterprises (SMEs) have become a core target, accounting for 81% of ransomware attacks as of July this year. The Ministry of Science and ICT plans to distribute ‘Data Vaults’ to SMEs to support data backup, which has been highly demanded by the private sector. The Data Vault will provide integrated support for data backup, encryption, and recovery.

Support for security solutions will also be strengthened for micro and small enterprises lacking the capacity to build security systems. The security solutions will be provided in the form of a ‘Ransomware Response 3-Package’ consisting of ▲email security software ▲antivirus ▲detection and blocking software. Eleven private security companies have also agreed to provide free security solutions to about 3,000 micro-enterprises this year. To ensure the safe progress of ‘COVID-19 vaccination’ for those aged 18 to 49, anti-ransomware software will be provided free of charge to vaccination clinics.

The government remotely inspects and supports improvements for PCs and Internet of Things (IoT) devices used by the public through the ‘My PC Care Service’ to check their vulnerability to ransomware. Additionally, the government plans to continuously promote ransomware prevention guidelines such as ‘applying the latest security patches’ and ‘regularly backing up important data’ both online and offline.

To overcome geographical limitations of regional companies, the government will establish a nationwide damage support system using 10 regional information protection centers. In the event of ransomware damage, personnel and equipment will be promptly dispatched to the site.

To minimize ransomware damage, systematic response across the entire incident cycle?including information sharing, damage assistance, and criminal investigation?is necessary when ransomware is detected or hacking damage occurs.

Next year, the government will organically link the private (C-TAS) and public (NCTI) cyber threat information sharing systems and sector-specific Information Sharing and Analysis Centers (ISACs) for healthcare, finance, and other fields. Participation in cyber threat information sharing systems will also be expanded among companies in various sectors such as manufacturing and distribution. Additionally, the government plans to share threat information detected from about 20,000 websites and threats collected overseas with the private sector, and cooperate internationally through major countries’ internet security agencies (CERT) and cybersecurity consultative bodies such as the ‘Korea-US Cyber Working Group.’

Monitoring and investigation of hacking groups will be strengthened to prevent secondary damage to victims. Surveillance of hacking groups will be intensified through dark web monitoring, and victims’ personal information exposed on the dark web will be promptly shared with relevant ministries. The Cyber Terror Investigation Units (teams) of the National Police Agency and metropolitan/provincial police agencies will establish dedicated ransomware investigation systems.

Long-term tasks remain. The government will increase investment in developing technologies to detect and block various ransomware more quickly and recovery technologies (currently only a few recovery tools exist), and will also develop technologies to track the origins of hacking groups and virtual asset flows.

The government will also promote the enactment of the tentative ‘Cybersecurity Basic Act’ (hereafter Basic Act), which systematizes cybersecurity laws and regulations defined separately for public and private sectors. The Basic Act will include plans to systematically manage and operate cybersecurity areas such as establishing basic plans, strengthening public-private cooperation systems including information sharing, and enhancing management of critical information and communication infrastructure.

Expansion of participation in the ‘Ransomware Response Council,’ currently operated mainly by security companies in the metropolitan area, to include research institutions, local governments, and regional SMEs will also be pursued.

Minister of Science and ICT Lim Hye-sook said, “Cybersecurity is a continuous race between offense and defense, and we must never let our guard down even for a moment. Since a single ransomware attack can cause enormous damage across society, we will implement the ransomware response enhancement plan to build a digital environment where citizens and companies can feel safe.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.