The South Korean government is establishing a nationwide cybersecurity framework to address the increasing cyber threats associated with the rise of generative artificial intelligence (AI). With the potential for high-performance AI to automate vulnerability discovery and attacks, the government aims to create an AI-based security system in collaboration with the private sector.
On May 29, the Ministry of Science and ICT (MSIT) announced the 'Private Sector Cybersecurity Promotion Plan to Counter AI-Based Cyber Threats' during the 9th Science and Technology Ministers' Meeting.
Concerns have grown regarding security organizations as vulnerability discovery becomes routine with high-performance AI. In response, the MSIT plans to establish a governance and cooperation framework to publicly address AI vulnerabilities.
The government will facilitate rapid sharing and dissemination of information regarding AI vulnerabilities and threats, led by the National Security Office at the Blue House. An emergency response system will be established to enable joint responses to incidents, with a central situation room within the MSIT and separate situation rooms in relevant ministries for the private sector.
The government plans to set up a Vulnerability Management Center within the Korea Internet & Security Agency (KISA) to centralize vulnerability and patch management. This center will collect and analyze vulnerability and patch information from both domestic and international sources through the National Vulnerability Database (KNVD) and share it promptly with Chief Information Security Officers (CISOs), private cooperation channels (C-TAS, ISAC), and relevant ministries.
Additionally, the MSIT intends to pilot the use of high-performance AI models, acquired through international cooperation, for vulnerability analysis and patch generation and validation.
On May 26, the MSIT held a meeting with OpenAI to discuss responses to AI security threats and measures to ensure AI safety and trust. The government has decided to participate in OpenAI's Government and Agency Trust-Based Access Program (GTAC).
Based on this, the government will gradually implement an AI-based automation system for collecting open-source vulnerabilities, automatic analysis and classification, and patch generation and validation. In the corporate support sector, the government is considering analyzing source code that does not include personal data, with the consent of the companies, to identify vulnerabilities and provide AI-based remediation measures.
For major companies, the government will promote enhanced security preparedness through asset management, vulnerability assessments, and patch responses. Approximately 1,200 companies and institutions, including those in critical information infrastructure, ISMS-mandated companies, and large enterprises in finance, healthcare, energy, as well as major hospitals and private universities, will undergo sector-specific compliance checks.
Support for small and medium-sized enterprises (SMEs) will also be strengthened. The government plans to distribute a web-based tool that allows SMEs to assess their IT assets and security levels, along with providing security investment guidelines and remediation measures. To address open-source vulnerabilities that could be exploited by AI, the government will promote support for Software Bill of Materials (SBOM) generation and analysis technologies. Additionally, it will offer attack surface assessments, expert consultations, and support for vulnerability assessment infrastructure based on high-performance AI models.
The government will also enhance its AI-based cyber threat response system. It plans to continuously monitor approximately 350 million global domains and establish a system to detect and block malicious activities and suspicious domains from the initial stages. In the event of an incident related to AI services, the 'Incident Investigation Advisory Committee' will be activated immediately to conduct swift investigations and prevent the spread of damage.
The government is also pursuing expanded international cooperation. Starting with OpenAI's GTAC, it aims to enhance participation in AI security projects from global tech giants and foster information-sharing collaborations. Efforts will also be made to establish AI-based threat response and information-sharing systems with cybersecurity agencies in allied countries.
Furthermore, the government will prepare and distribute guidelines for responding to vulnerabilities from discovery to patching for manufacturers, companies, institutions, and the general public, while promoting activities to increase security investments. Plans are also underway to hold relay meetings with CEOs from key industries.
Starting in 2027, the government aims to transition the domestic cybersecurity framework to be based on independent AI technology and to actively pursue projects to secure AI security sovereignty.
Deputy Prime Minister and Minister of Science and ICT Lee Baek-hoon emphasized, "As the pace of AI development in the field of cybersecurity is rapid, it is essential for our country to establish a security system and global cooperation suitable for the AI era. Through this plan, we will establish an emergency response system to address the large-scale public disclosure of AI vulnerabilities and accelerate the establishment of AI security sovereignty based on our technology and models."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.