How much damage do you think is caused by informational security problems in Korea? Korean statisticians carry out official surveys on traffic accidents, whereas they don't perform surveys on damage incurred by security problems. As a matter of fact, it will be difficult for statisticians to exactly identify how much damage takes place nationwide. It's because a worker in a company won't report a security problem to his seniors if the damage is trivial, for example. Sometimes they don't even notice what has happened to the data that they keep. Therefore, it'll be much more difficult to measure a nation's total damage brought about by security accidents.
The amount of damage of the world is estimated annually by reliable, renowned institutions. According to the announcement of an institution 'T', the size of damage caused by security accidents -especially by malicious codes- reached 55 billion dollars in 2003 worldwide.
Richard Clark, former Special Advisor to the President for Cyber Security of the U.S.A, announced in the 6th Association of anti Virus Asia Researchers (AVAR) Conference in Sydney, Australia that the worldwide damage was estimated to at around 45 billion dollars in 2002 and 130 billion dollars in 2003.
The budget for the Information Technology industry of the Korean government accounts for 1.2 percent out of the total global budget for the IT sector. Assuming that Korea's information security is average in the world, you may estimate that damage caused by security accidents will occupy 1.2 percent out of the total amount of the global damage. However, few will believe this percentage. In fact, when the Internet experienced viral problems last year through out the world, the number of computers infected in Korea accounted for 12 percent out of the total number of computers infected all over the world. Accordingly, you may guess the amount of damage in Korea will account for approximately 12 percent out of the total amount of the global damage.
As the global damage by malicious codes amounted to 55 billion dollars in 2003, Korea's damage could be estimated by multiplying 12 percent, the infection rate at that time, by 55 billion dollars. The damage would mark 6.6 billion dollars or 7 trillion 850 billion won at 1190 won-dollar exchange rate.
The damage caused by Typhoon Maemi last year recorded 4 trillion won. Without our recognition, the huge amount of damage by cyber security problems, which doubled the amount of damage incurred during the typhoon, was blown away.
As for information security problems, some incidents remain unnoticed unless they are national and serious. Security accidents, which are similar to traffic ones, tend to take place across the nation on a small scale all the year round.
If Korean statisticians didn't carry out surveys on traffic accidents, few Koreans would notice that Korea registered one of the highest fatality rates brought about from traffic accidents. Although security accidents greatly weaken Korea's national competitiveness few care about the importance of securing informational security due to the non-existence of official statistics in Korea.
I think Korea should give priority to quantifying the size of security accidents of the whole nation. Especially, it's necessary for the government to measure damages by size of computing resources. The government policy should be made and evaluated, based on these fundamental data.
I propose that surveys should be carried out not by the executive administration or its affiliated agencies but by affiliated agencies of the National Assembly, the Board of Audit and Inspection of Korea or the press. I think, it will be desirable for the executive administration to make the government's policy and for the other organizations to evaluate the government's execution.
The Internet is rapidly becoming more important infrastructure in Korea than the telephone wire. Koreans must take the fullest advantage of the Internet and overcome its dysfunctions at the same time. This will be one of the biggest challenges for us in the 21st century.
* Source: November 2nd, 2004