A South Korean lawmaker sharply criticized the Ministry of Trade, Industry and Energy and its affiliated public institutions for a lack of cybersecurity awareness.
“Although the cybersecurity posture of the affiliated public institutions turns out to be alarming every year, the department and its institutions do not make the effort to improve,” said Eom Tae-young, a member of the National Assembly of South Korea, in a press release.
Eom disclosed the number of security vulnerabilities that were detected in an annual information security inspection of the Ministry’s public institutions, which was held in 2020 and 2021 individually. The Ministry of Trade, Industry and Energy inspects its affiliated institutions every year under the national information security guidelines of the National Intelligence Service.
In 2020, 40 public institutions were under inspection and 705 security flaws were detected. In 2021, 738 security flaws were pointed out within 39 public institutions.
Among the Ministry’s institutions, three institutions that are related to trade showed an increase in the number of security vulnerabilities between 2020 and 2021. In 2020, 51 security vulnerabilities were discovered in the Korea Trade Insurance Corporation, the Korea Security Agency of Trade and Industry, and the Korea Trade-Investment Promotion Agency. This number rose by 59% the following year.
The Ministry did not disclose the number of security flaws of each institution because it said in a statement that such information could cause serious harm to national security if revealed publicly. The Ministry also mentioned the Official Information Disclosure Act and the national information security guidelines, which define the types of information that may not be disclosed to the public.
However, the lawmaker stressed that the Ministry is simply using the law as an excuse to avoid disclosing further information about the results of the inspection “[The Ministry] should make plans for the budget and workforce that could improve the security system as soon as possible,” said Eom.
According to the press release, more than 60% of institutions which had been inspected in 2021 said that the lack of human resources and financial budgets were the main reasons for the security vulnerabilities. The Readable reached out to the institutions for comment, but did not hear back immediately.