For the past three years, I’ve been working in KrCERT/CC, a division of the Korea Internet & Security Agency (KISA). KISA is the only Internet and information security promotion organization in Korea. Its aim is to improve the global competitiveness of Korea’s Internet industry as the task of our time.
Since day one, my primary focus has been facilitating APISC Security Training Courses. Since 2005 KrCERT/CC have help to deliver these courses as part of their effort to establish trust and good collaboration with other national teams.
My predecessor, Mr. Hongsoon Jung, used to emphasize the importance of cooperation in cybersecurity – it is in our name, ‘Cooperation Center’ or CC. At the time, I didn’t fully understand the emphasis he put on the word. However, the more I work with APISC Security Training Courses, the more I understand the benefits of cooperation.
APSIC Security Training Course’s main objective is to prepare CERTS in the Asia Pacific region for cyber threats, many of which originate in Asia-Pacific region.
This objective hasn’t changed in the past 10 years. However, it wasn’t until a recent conversation I had with APNIC’s security expert Adli Wahid, who participated as a trainer at a recent course, that I realized the training serves another equally important objective – ‘Human Networking’.
Cybersecurity is a complex issue with many different players involved. What’s important is the ‘trust’ between those players. We are more likely to trust a person we have met at least once than someone we’ve never seen before – it’s human nature.
We, KrCERT/CC, establish trust with global computer security incident response teams through the 5-day training course. Trainers share their experiences and best practices, and work together with participants to figure out solutions for their teams.
Over the 5-days we spend a lot of time together during and outside of the classroom to build trust among the group. During the training we share our own respective experiences through group discussions. Trainers, trainees and organizers will also eat lunch and dinner together, and participate in social trips in the evening. Organizers work tirelessly to help participants enjoy their experience in the workshop and in Korea.
Eventually, we all start to get to know each others organizations, each others roles and responsibilities and each others character and personality.
In the last day of the training course, we have a PGP key singing party, where we share our PGP keys based on the trust we have built through our human networking. A participant from the last year expressed his evaluation like this. “How I met many CSIRT staff from Asia at once and how I got closer with them at once!”. He was not from Asia.
All of this helps make our training courses successful and rewarding.
The benefits from the course may not always be visible, and for good reason. We train participants to help train and improve their own teams. By doing this we can decrease potential cyber threats to their countries as well as to our country. If there is an incident, then we can trust one another to jointly respond to the threat.
Eunju Pak, is Deputy Researcher General at KRCERT/CC, KISA. Prior to this she worked for KISA’s Spam Response Team.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.