Seoul – The Korea Internet & Security Agency (KISA) has identified generative AI as a primary cybersecurity concern for the coming year, anticipating a rise in related security incidents due to the technology’s increasing prevalence. This announcement came during KISA’s Cybersecurity Performance Presentation held at the War Memorial of Korea in Seoul.

KISA President Lee Sang-jung emphasized the dual nature of technological advancements, acknowledging the convenience brought by technologies like AI and quantum computing while highlighting the concurrent increase in sophisticated cyber threats. He affirmed KISA’s commitment to prioritizing social security and online policy research to ensure a digitally safe nation.

The presentation covered various cybersecurity aspects through seven sessions categorized under five key areas: Security Policy, Incident Response, Personal Information, Security Industry, and Digital Safety.

A significant focus was placed on establishing robust AI security standards. Hwang Bo-sung, head of KISA’s Policy Research Office, stressed the urgency of developing AI security benchmarks, a vulnerability information sharing system, and countermeasures like ISMS-AI by 2025. He also highlighted the evolving security paradigm, shifting from reactive responses to proactive prevention, while advocating for legal frameworks enabling direct intervention on products and services with identified vulnerabilities.

Kim Seong-hun, from the Policy Research Team, outlined plans for developing comprehensive AI security guidelines. He noted the increasing use of AI system exploits for malicious purposes, including service disruptions and data manipulation. To address this, KISA will establish an AI security forum to foster collaboration between public and private sector experts and provide support for the adoption of the new guidelines.

Another key topic was zero trust security. Ha Byung-wook, leading the New Technology Response Team, defined zero trust as a security approach that prevents lateral movement within networks by compartmentalizing internal systems. He noted South Korea's significant activity in zero trust research and implementation globally, second only to the United States. However, he pointed out a current low level of awareness and adoption among domestic companies. To remedy this, KISA recently released Zero Trust Guideline 2.0, designed to aid organizations in assessing their zero trust maturity.

Data crimes, including phishing and hacking, remain a significant concern. Im Jin-soo, head of the Threat Response Division, highlighted the organization’s focus on combating digital livelihood crimes. KISA has shifted its incident response approach from post-incident analysis to proactive tracking and prevention of hacker activities. Efforts are also being made to curb illegal spam and malware distribution through measures such as sanctions on text message brokers. An “AI Security Red Team” will also be formed to specifically address AI service threats.

Furthermore, KISA is actively supporting the strengthening of personal information protection within public institutions and facilitating the global expansion of domestic security companies.

The KISA Cybersecurity Performance Presentation underscores the increasing importance of proactive cybersecurity measures in the face of evolving technological threats, particularly those related to the rise of generative AI.

[Copyright (c) Global Economic Times. All Rights Reserved.]