Join Chul: "Hacking Crimes Are Becoming Routine... Information Security Is Public Protection"

Following this year's SKT hacking incident and the recent KT micropayment fraud, hacking crimes have become increasingly common, heightening public anxiety. In response, a bill has been introduced to address gaps in the current law, aiming to prevent the spread of damage and enable swift countermeasures.

On September 11, Assemblyman Join Chul of the Democratic Party of Korea (Gwangju Seo-gu Gap) announced that he had sponsored two amendments to the Information and Communications Network Act. The key provisions include: ▲ expanding the scope of government investigations to cover general hacking incidents; ▲ imposing enforcement fines for failure to implement remedial measures following security breaches; ▲ granting the Chief Information Security Officer (CISO) authority over personnel and budget allocation; and ▲ requiring immediate notification to users in the event of a security breach.

Under the current law, when a hacking incident occurs, the Minister of Science and ICT may dispatch officials or a joint public-private investigation team to directly enter business premises, investigate the cause, and order measures to prevent further damage and recurrence. However, this process is limited to "serious security breaches," meaning general hacking incidents are often excluded from investigations. Furthermore, the criteria for determining what constitutes a "serious breach" are ambiguous, leading to reliance on voluntary reporting by companies.

The proposed amendment would allow the government to directly investigate causes and enforce remedial measures not only in cases of major hacking incidents but also when there are signs of hacking or a need for investigation. The effectiveness of the law would be further enhanced by imposing enforcement fines for failure to implement measures based on investigation findings.

Another amendment would require immediate notification to users in the event of a hacking incident and newly grant the CISO authority over personnel management and budget allocation, thereby strengthening corporate information security systems.

Currently, the law requires information and communications service providers to report security breaches immediately to the Korea Internet & Security Agency, but there is no obligation to notify the actual victims, resulting in frequent cases of secondary damage. The amendment introduces a "prompt notification" clause to enhance user protection.

Additionally, the current law designates employees of information and communications service providers as CISOs, assigning them comprehensive responsibilities such as establishing and implementing security plans, conducting regular audits, identifying and assessing risks, preparing countermeasures, and planning related education and drills. The amendment strengthens these responsibilities and authority by adding "information security personnel management" and "budget allocation" to the CISO's role.

Assemblyman Join Chul stated, "In an era where cyber threats have become a daily reality, information security is not merely a technical issue but a matter of national survival. Citizens must be able to quickly recognize when they have been affected, information security officers must have real authority and responsibility for proactive prevention, and the government must secure the authority to investigate even general incidents to respond swiftly. We will continue to improve the system to ensure this."

Meanwhile, Assemblyman Join Chul has been actively pursuing legislative initiatives related to cyber incident response, including the Act to Improve the Incident Response System, the Act to Strengthen the Effectiveness of the ISMS Certification System, the Act to Strengthen Information Security Responsibilities, and the Act to Protect Digitally Vulnerable Groups, making these issues a central part of his legislative agenda.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.