Assemblyman Yoon Kwan-seok: "Inefficient Financial Sector Network Separation Regulations, Need to Enhance Corporate Autonomy and Responsibility"

by Song Seungseop

Published 23 Oct.2021 17:52(KST)

Yoon Kwan-seok, Member of the Democratic Party of Korea. Photo by Yoon Dong-joo

[Asia Economy Reporter Song Seung-seop] There is a growing argument that the financial sector’s ‘network separation’ should be implemented based on corporate autonomy rather than financial authorities’ regulations. The intention is to change the system to increase corporate responsibility in the event of security incidents.

According to the financial sector on the 23rd, Yoon Kwan-seok, a member of the Democratic Party of Korea, conveyed this opinion to the Financial Supervisory Service chief during a recent National Assembly Political Affairs Committee audit.

Network separation refers to dividing a financial company’s communication lines into an internal network for business use and an external network for internet use. The purpose is to prevent cyber threats and information leaks. The regulation was introduced across the entire financial sector after an analysis showed that when major domestic broadcasters and financial companies’ computer networks were paralyzed and infected with malware in 2013, the damage was severe due to the lack of network separation.

Network separation is classified into ‘physical network separation,’ where computers are used separately, and ‘logical network separation,’ where different networks are used on a single computer. According to current electronic financial supervision regulations, the financial sector must implement physical network separation.

Physical network separation reduces the possibility of virus infiltration but increases cost burdens due to equipment installation and security management. Efficiency also decreases because data is separated from the development stage. In the fintech industry, developers’ data and analysis/development tools are separated, requiring approval for each source code import and export.

Rep. Yoon stated, “The current technology development and financial service environment are vastly different from when the network separation regulation was introduced,” adding, “It is necessary to reassess whether the network separation introduced nine years ago is still sufficiently effective.”

He also emphasized, “Overseas, data-centric security policies already enable confidential information and data to be stored separately, allowing efficient data utilization and higher applicability of various new technologies,” and “Rather than relying on direct regulation by financial authorities, we should guarantee corporate autonomy and move toward increasing corporate responsibility in the event of security incidents.”