Seominseok, the Head of the Digital Product Security Team at KISA, is presenting. /Courtesy of KISA

The Korea Internet & Security Agency (KISA) noted that while information technology (IT) incidents are limited to data leaks and system outages specific to the service, operational technology (OT) incidents can lead to production equipment outages, threatening both financial loss and human casualties. To address this, KISA is providing solutions to enhance security in smart factories and is laying the groundwork for strengthening security in the new digital industry.

Seo Min-seok, Head of Team at KISA's Digital Product Security Team, said on the 26th, “The operational technology (OT) industry is expanding its connection to information technology (IT) through digital transformation (DX), such as the Fourth Industrial Revolution and smart factories.” However, he added, “IT and OT are not designed with mutual connection in mind, making it difficult for IT solutions to be compatible, and most OT systems typically consist of legacy devices that are difficult to regularly patch or update for security.”

OT industry security incidents can cause significant damage. In 2017, the Danish shipping company faced approximately 300 billion won in damages due to a ransomware attack that crippled the company's IT systems, halting logistics transportation. In 2020, a similar incident occurred in Germany when a university hospital’s IT system became paralyzed due to a ransomware attack, resulting in patient fatalities.

Seo expressed concern about the low security awareness among domestic corporations. He stated, “According to the Ministry of Science and ICT, as of last year, 75.8% of corporations that utilized a budget related to information security reported spending ‘less than 5 million won.’” He added, “Additionally, among companies that experienced information breaches, 77.7% responded that they had ‘not taken any significant actions.’” He continued, “While the digitalization of the OT industry is ongoing, security-related limitations remain unaddressed,” highlighting that “especially smaller corporations tend to have a lack of dedicated security personnel or a lack of regular checks on control networks, making them structurally vulnerable to security risks.”

In response, KISA is implementing various measures to strengthen security in the OT industry. Seo stated, “KISA developed and distributed a security model for smart factory OT in 2020.” He explained, “This model presents solutions for attack vectors, attack pathways, and security requirements that arise in the IT and OT areas of smart factories, reflecting domestic and international standards.” He also mentioned, “We visit smart factory construction companies or local small-and-medium-sized manufacturers to check vulnerabilities, and we offer consulting after these checks, with the demand for such inspections increasing from 4 cases in 2020 to 20 cases last year.”

KISA is engaging in various activities to enhance security in the new digital product industry. Seo emphasized, “We are establishing a digital industry security council composed of public, private, and research experts to collect opinions from each industrial sector, discover policy tasks, and ensure policy effectiveness through connections with other departments.” He further noted, “We are designing security models that consider the characteristics of different industries and global regulations, such as autonomous vehicles, digital healthcare, robotics, smart ships, and space, to prepare for security issues related to new industry sectors.”

※ This article has been translated by AI. Share your feedback here.