By Dain Oh, The Readable
Jul. 21, 2023 8:10PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.
Hello! This is Dain Oh in South Korea. On July 11, South Korean President Yoon Suk-yeol met with Jens Stoltenberg, Secretary General of the North Atlantic Treaty Organization (NATO), in the Lithuanian capital of Vilnius. Agreed to by the two leaders, the Individually Tailored Partnership Program (ITPP) between NATO and the Republic of Korea highlighted the elevated posture of cybersecurity in the realm of international security.
Cyber defense was one of the key areas of cooperation that both parties mentioned. “South Korea last year became the first Asian country to join the NATO Cooperative Cyber Defense Center of Excellence and participates in the large-scale cyber exercise Locked Shields,” said Yoon during the NATO summit, while promising to open an international cyber training center to “stimulate cybersecurity cooperation with NATO.” According to the Presidential Office, South Korea will invest over 30 million dollars (40 billion won) by 2027 to build a center where the public and private sectors from around the globe can collaborate with armed forces across the 89,000 square feet of property, solely dedicated to enhancing cybersecurity.
In this briefing, I have selected five news articles, including a story on cyber military drills between South Korea and the Five Eyes. Kuksung Nam has reported on four stories this week, and there is not a single story that you want to miss. Have a great weekend!
1. South Korea begins cyber military drills with US and Five Eyes
The South Korean military is moving ahead with its efforts to strengthen partnerships with its ally nations in cyber defense, participating in virtual training led by the United States.
South Korea’s Cyber Operations Command announced its participation in the U.S. led multinational cyber drill called “Cyber Flag” on Monday. According to a press release, the virtual training, which takes place from July 17 to July 28, will focus on enhancing international defense against cyber threats and boosting abilities in analyzing and integrating information. The participating nations include Singapore and the members of the Five Eyes intelligence alliance, such as the United Kingdom, Australia, Canada, and New Zealand. To read the full story, click here.
2. Intelligence agency discovers malicious code in Chinese-made device
The South Korean intelligence agency disclosed on Wednesday that last month they discovered malware embedded inside a measuring instrument made in China. In a press conference, the National Intelligence Service (NIS) stated that the vulnerable device was one of the supplies provided to government organizations. This is the first time that the country’s intelligence agency detected Chinese products compromised with malicious code.
The NIS is looking into potential security flaws in similar Chinese-made equipment, including surveillance cameras and network devices. After the intelligence agency finished probing into 30% of the total products that they planned to investigate, they discovered an additional vulnerability inside another device. To read the full story, click here.
3. Lawmakers target shadowy brokers to curb technology theft
South Korean lawmakers are taking a step toward protecting the nation’s confidential military information by proposing legislative changes that could impose penalties for technology theft brokers.
A group of South Korean lawmakers proposed changes in the Defense Technology Security Act on July 17. According to lawmaker Ahn Gyu-back on Tuesday, the proposal aims to tighten the rules for brokers’ activities, such as luring others to leak defense secrets or introducing and arranging meetings for data sellers and buyers. These middlemen could evade punishment under the current law which focuses on regulating those who steal, abuse, or expose military technology by using illegal methods. To read the full story, click here.
4. Daycare center will face punishment for deliberately removing surveillance footage
South Korea’s National Assembly approved a bill on Tuesday that bans daycare centers from purposely tampering with surveillance footage installed in its buildings. In a press release, the Ministry of Health and Welfare (MOHW) stated that the legislation will close the loophole because there weren’t rules to punish those who deliberately ruin CCTV footage taken inside day care centers.
The law also states specific penalties, allowing law breakers to be sentenced to a maximum five years in prison or be given a fine of up to 50 million won (almost $40,000). According to an official of the MOHW, the law will be enacted as early as this year after deliberations from the Cabinet meeting. To read the full story, click here.
5. Opinion: Why should continuous authentication be at the heart of your zero trust architecture?
Traditional perimeter-centric network security is based around a well-defined network boundary where all enterprise resources such as devices, file servers, applications, etc. were inside the network and users’ access to the network was strictly controlled.
I like to compare traditional perimeter-centric network security to old forts since they have quite a lot in common. Just like traditional perimeter-centric network security, forts had a well defended perimeter wall, and access to the fort was strictly controlled via a draw bridge over a moat. To read the full story, click here.
The cover image of this article was designed by Areum Hwang and Sangseon Kim.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.