[Asia Economy Reporter Eunmo Koo] As KT's network failure was confirmed to be caused by a mistake during equipment replacement, criticisms have emerged pointing to serious issues in KT's security capabilities and external response.
According to the investigation results released on the 31st by the Ministry of Science and ICT (MSIT), KT first recognized the failure at 11:20 a.m. on the 25th. This was just 4 minutes after the routing accident in the Busan area, which triggered the telecommunications disaster.
Initially, KT suspected a DDoS (Distributed Denial of Service) attack as the cause and reported a cyberattack to MSIT at 11:40 a.m., 20 minutes after recognizing the failure. It was only 4 minutes later, at 11:44 a.m., that KT identified the actual cause as a routing (network path configuration) error and informed MSIT again.
Ultimately, KT missed the "golden time" by responding incorrectly for 24 minutes after recognizing the failure before accurately identifying the cause. This misjudgment intensified confusion, including the police dispatching to KT headquarters in Bundang-gu, Seongnam-si, Gyeonggi Province, to verify whether it was a cyberterrorism incident.
The KT New Union criticized, "KT, which even sells DDoS mitigation products, could not accurately distinguish whether the internet failure was due to a DDoS attack."
Some experts question whether KT truly did not know the cause for 24 minutes due to KT's unreasonable misjudgment and response. Professor Hyochang Bang of the Smart IT Department at Doowon Technical University said, "Engineers have sufficient ability to distinguish and judge whether it is a DDoS attack. They can quickly identify what went wrong. If they really did not know, it might have been due to arrogance, thinking it could not have been their mistake."
The government investigation also revealed suspicious circumstances as the firewall that blocks external attacks was found to have not operated at all during the failure, raising questions about why KT initially suspected a DDoS attack. If it had been a DDoS attack, the firewall operation would have been detected, but in reality, it was not.
Moreover, the investigation confirmed that KT informed MSIT of the routing error at 11:44 a.m., making KT's first announcement at 12:02 p.m. claiming a "large-scale DDoS attack" clearly false.
The announcement does not appear to have been an intentional false statement but rather due to internal communication delays and mistakes. However, the fact that the first announcement, issued 18 minutes after correcting its position to the government, contained incorrect information is a serious blemish.
Hong Jin-bae, Director of Information Security and Network Policy at MSIT, said, "During the investigation, together with the police and experts, we confirmed the situation KT actually misunderstood," and added, "KT also admitted that it did not conduct an accurate initial analysis and focused only on the traffic surge, leading to the misjudgment."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
