A bill to strengthen companies' pre- and post-response measures to prevent the recurrence of cyber intrusion incidents such as the LG Uplus personal information leak, distributed denial-of-service (DDoS) attacks, and customer information leaks at Coupang and Kakao is being promoted.


On the 11th, Jeong Pil-mo, a member of the Democratic Party of Korea, announced that he had introduced a partial amendment bill to the "Act on the Protection of Information and Communications Infrastructure" and the "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (Information and Communications Network Act)" as the main proposer.

Jeong Pil-mo, Member of the Democratic Party of Korea [Photo by Jeong Pil-mo]

Jeong Pil-mo, Member of the Democratic Party of Korea [Photo by Jeong Pil-mo]

View original image

Recently, as internet connection disruption incidents such as the LG Uplus DDoS attack have occurred one after another, the need to strengthen security measures for major information and communications infrastructure such as internet networks has been raised. The current law only requires the heads of relevant central administrative agencies to establish protection guidelines for the protection measures of major information and communications infrastructure in their respective fields, but compliance with these protection guidelines by telecommunications companies is only stipulated as a recommendation.


Accordingly, Rep. Jeong's amendment to the "Act on the Protection of Information and Communications Infrastructure" allows the heads of relevant central administrative agencies to order the heads of major information and communications infrastructure management agencies to comply with protection guidelines, and newly establishes that the protection guidelines must be followed. Rep. Jeong said, "Since the damage to the public's life is enormous once a hacking incident occurs on the communication network, it is necessary to mandate protection measures for major information and communications infrastructure to strengthen preventive measures."


According to the current law, companies have no legal obligation to implement the government's established countermeasures for intrusion incidents. They are merely recommendations. As a result, there are criticisms that the effectiveness of recurrence prevention measures prepared by the Ministry of Science and ICT through public-private joint investigation teams is low.


The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have recommended necessary measures to companies that experienced intrusion incidents a total of 1,107 times over the past three years (427 in 2021, 607 in 2022, and 73 in 2023 (~February)), but they do not check whether these measures have actually been implemented. Rep. Jeong's amendment to the "Information and Communications Network Act" allows the Minister of Science and ICT to order companies that experienced intrusion incidents to implement necessary measures such as intrusion response, and obligates the companies to comply.


Hot Picks Today

"Stock Set to Double: This Company Smiles Every Time a Data Center Is Built [Click e-Stock]" "Stock Set to Double: This Company Smiles Every...

Rep. Jeong said, "It can be seen that the Ministry of Science and ICT is not fulfilling its responsibility as the competent ministry by only preparing recurrence prevention measures and not taking follow-up actions," and added, "Through this amendment bill, we have established a legal basis for the government to effectively respond to prevent the recurrence of cyber intrusion incidents."


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing