[NetSec-KR 2022 Keynote] 디지털 대전환 시대, 사이버보안은 왜 주목받지 못할까? - 고려대 정보보호대학원 김승주 교수

김승주의 암호세상 | Crypto World

22 Apr 202245:13

Summary

TLDRThe speaker, Professor Kim Sung-Joo, discusses the evolution of cybersecurity and its increasing importance across various sectors. He highlights the paradigm shift from traditional computer security to a broader concept of 'Information Assurance', emphasizing the need for secure software development processes. The talk also touches on the challenges and responsibilities in educating the next generation of cybersecurity experts and the economic implications of cybersecurity measures. The presentation underscores the significance of domain knowledge in cybersecurity and the importance of risk management in the field.

Takeaways

😀 The presentation by Professor Kim Seong-Joo emphasizes the overlooked importance of cybersecurity in the past, despite its critical role in modern times.
🎓 Professor Kim's academic background from Sungkyunkwan University and his contributions to the field, including his role in the Korea Internet & Security Agency, highlight his expertise in cybersecurity.
📢 The script discusses the varying public interest in cybersecurity versus blockchain topics, indicating a need for broader awareness and education on the importance of cybersecurity.
🗓 Historically, cybersecurity has not been a high priority in government agendas, as illustrated by the lack of cybersecurity experts in government transition teams and the repeated neglect of IT investments.
🔒 The concept of 'Information Assurance' emerged from the understanding that information is a crucial asset, especially after witnessing its strategic use in warfare, such as during the Gulf War.
🛡 The shift from mere protection of computer systems to ensuring the reliability, trustworthiness, and availability of information systems is a significant paradigm change in cybersecurity.
🤝 The script suggests a need for collaboration between software engineering and cybersecurity experts to develop secure systems, reflecting a convergence of these fields.
🚀 The expansion of cybersecurity considerations to other industries, such as automotive with connected cars and aviation, indicates the broad impact and importance of cybersecurity in all sectors.
🌐 The script mentions the development of secure development lifecycle processes like Microsoft's Security Development Lifecycle (SDL), which has proven to reduce vulnerabilities in software.
📈 The importance of cybersecurity is increasingly recognized in regulatory frameworks, such as the automotive industry's requirements for cybersecurity in vehicle production and updates.
💡 The script calls for a reevaluation of educational curricula, policy-making, and the role of domain expertise in cybersecurity to meet the challenges of an interconnected and technology-driven world.

Q & A

What is the main theme of Professor Kim Sung-Joo's presentation?
-The main theme of Professor Kim Sung-Joo's presentation is the lack of attention cyber security received during a similar era, and why it was overlooked.
What academic background does Professor Kim Sung-Joo have?
-Professor Kim Sung-Joo received his Ph.D. in Engineering from Sungkyunkwan University's Department of Information and Computer Engineering.
What roles has Professor Kim Sung-Joo held in relation to internet security in South Korea?
-Professor Kim Sung-Joo has served as a member of the Presidential Committee for the Fourth Industrial Revolution under the President of South Korea and has been involved with the Korea Internet & Security Agency.
Why does the speaker believe cyber security did not receive much attention in the past?
-The speaker suggests that cyber security was not given much attention due to a lack of understanding of its importance, and possibly because other issues were prioritized over it.
What is the significance of the term 'Information Assurance' in the context of the presentation?
-The term 'Information Assurance' signifies a paradigm shift in the approach to security, emphasizing not just the protection of information but also its availability, integrity, and confidentiality.
What is the role of 'Information Assurance' in the current era of cyber security?
-In the current era, 'Information Assurance' is crucial as it encompasses a broader view of security that includes the reliability, availability, and trustworthiness of information systems.
What is the connection between the Gulf War and the evolution of cyber security as discussed in the presentation?
-The Gulf War highlighted the importance of information in warfare, leading to a realization of the need for robust information systems that could withstand attacks and function in adverse conditions, thus influencing the evolution of cyber security.
What is the concept of 'Security by Design' in the context of cyber security?
-'Security by Design' is the practice of incorporating security into the design and development process of products and systems from the outset, rather than as an afterthought.
Why is the integration of security from the design phase considered important in developing secure systems?
-Integrating security from the design phase ensures that potential vulnerabilities are addressed early on, reducing the likelihood of security breaches and the impact of potential attacks.
What is the role of 'Secure Coding' in the development of secure software?
-'Secure Coding' is the practice of writing code that is resistant to attacks and minimizes the number of vulnerabilities that could be exploited by malicious actors.
How does the speaker suggest improving the understanding and implementation of cyber security?
-The speaker suggests that improving the understanding and implementation of cyber security requires a multifaceted approach, including education, policy-making, and the development of professionals who understand both software engineering and cyber security.