[Paek Jongmin's Shockwave] The Evolution of Security: "Even Public Officials Can Use ChatGPT"

The "network separation policy," which has been the foundation of public and financial security in South Korea, is undergoing a major transformation. The National Intelligence Service has dismantled existing regulations that hindered the adoption of new technologies such as artificial intelligence (AI) and cloud computing, and has officially launched the National Network Security Framework (N2SF), which applies differentiated security measures based on the importance of data.

According to the information technology industry on November 14, the N2SF guidelines announced by the National Intelligence Service on September 30 signal a fundamental shift in the security paradigm. Instead of the conventional method of uniformly separating business networks from the internet-a practice known as "network separation"-the new approach classifies data into three categories: Confidential (C), Sensitive (S), and Open (O), and applies tiered security controls according to each classification.

The most notable change is the introduction of the "Access CDS (Cross Domain Solution)." Previously, access to external AI services such as ChatGPT from the internal business network (S grade) was completely blocked. However, under the N2SF framework, this is now permitted through "Access CDS" technology, provided that security guidelines are followed.

The guidelines define Access CDS as "a technology that allows internal network users to access external internet resources via an isolated virtual environment, transmitting only screen information." In other words, while the possibility of external malware infiltrating the internal network is fundamentally blocked, users are now free to utilize AI services via the screen.

To see how these guidelines are being implemented, we visited Softcamp, a company specializing in document security.

Baekhankuk, CEO of Softcamp, is demonstrating an RBI technology-based network separation browser operating according to the N2SF guidelines recently announced by the National Intelligence Service. Photo by Paek Jongmin, Tech Specialist

Softcamp has been preparing for the N2SF era through continuous investment in recent years. Despite declining sales, CEO Bae Hwanguk expressed confidence that the time has come for these proactive investments to pay off. This confidence stems from the fact that the National Network Security Framework (N2SF) guidelines are directly aligned with Softcamp’s flagship new technology, ShieldGate. Softcamp has developed Remote Browser Isolation (RBI) technology, which allows internal network users to access external internet resources in an isolated virtual environment, transmitting only screen information.

According to CEO Bae, the core of RBI technology is "isolation" and "zero trust." When a user accesses an external site such as ChatGPT from the internal network, the actual web browser runs not on the user's PC but inside a virtual container on the server. Only the resulting screen (image) is streamed to the user.

CEO Bae demonstrated the technology in person. In the web browser opened using RBI technology, even when having a conversation with ChatGPT, there were no changes in the HTML code. He explained that the unchanged HTML code proves that the screen being displayed is processed externally for security and not by the computer itself.

Since only the web browser needs to be launched, it is much more convenient compared to virtualization methods. CEO Bae emphasized, "The traditional desktop virtualization (VDI) method is not suitable for the web access environment of the AI era due to Windows OS license costs and slow performance. RBI technology is cost-effective because only the browser is virtualized and the screen is transmitted. Even if malware is introduced, simply deleting the server container provides fundamental security."

Softcamp is already conducting N2SF demonstration projects based on RBI technology at major public institutions such as the Korean Intellectual Property Office and the National Research Council of Science & Technology (NST). The company is being evaluated on whether this can be used as a secure means for internal networks to safely use external generative AI or, conversely, for external access to internal systems. Expansion into the financial sector is also underway.

CEO Bae predicted, "As the advancement of AI technology makes SaaS (Software as a Service) usage essential, the demand for RBI technology, which supports secure connections even in network-separated environments, will increase explosively."

Bae Hwanguk, CEO of Softcamp, is posing in front of various plaques symbolizing recognition of technological expertise. Photo by Paek Jongmin, Tech Specialist

He also stated, "We have been collaborating with local partners in Japan for the past two years to comply with Japan’s 'web sanitization' security guidelines, and we expect to see tangible business results starting around April or May next year."

In addition to RBI, Softcamp is proactively targeting the software supply chain security (SBOM) market through its subsidiary RedpenSoft. With the global trend of mandatory submission of Software Bill of Materials (SBOM), subscription-based services that manage open-source vulnerabilities are expected to begin generating significant revenue starting next year.

To address the weakness of software companies whose performance is concentrated in the fourth quarter, CEO Bae is expanding the adoption of subscription-based services that generate monthly revenue. He stated, "The company is successfully transitioning from a traditional on-premises model to a subscription-based service model. With our prepared technological capabilities, we expect to achieve even steeper performance growth next year amid the major trends of changes in national security policies and the advent of the AI era."

According to Softcamp’s third-quarter report released on November 13, consolidated sales amounted to 15.74 billion won, with an operating profit of 325 million won, marking a return to profitability. This is a clear improvement compared to the operating loss of 2.5 billion won during the same period last year. The transition to subscription-based cloud services and the supply of new security solutions, based on its traditional document security solution (DRM), have driven improved profitability.

CEO Bae explained, "The R&D investments we endured over the past two to three years to secure new technologies such as RBI are now finally yielding tangible results."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.