- Jeevesh Kumar Maurya
Data and Durability: Analysing Cybersecurity Policies in South Korea
The advent of information technology is a revolution and has been changing the world with its extensive and efficacious nature. It has led to interconnected economies and societies. South Korea is one of the leading drivers of this digital growth. However, this also makes the country vulnerable to cyber threats, especially due to the political issues with neighbouring North Korea. South Korea has been a highly digitised country with most government services available as e- governance models. Adding to that, the private sector too has been a leading player in the world of technology. Over the years, South Korea has put in efforts in various directions to safeguard itself by developing comprehensive cybersecurity policies for both the government and private players.
The programme for improving the digital infrastructure and inculcating it in government and economy’s systems began in the 1980s. Government services were encouraged to be shifted to digital platforms for better transparency and ease of access. The Korean government began towards the direction of a comprehensive and nationwide cybersecurity in the late 2000s and published a national cybersecurity strategy in 2009. Various multilateral efforts were also made resulting in “The Seoul Declaration, 2008” (OECD) and “The Seoul Framework and Guidelines for an Open and Secure Cyberspace, 2013” among others.
Cybersecurity Governance & the National Cybersecurity Strategy
The Korean stance on cybersecurity eventually shifted from just countermeasures to instituting government machinery. Three major agencies are involved in this namely:
• National Cybersecurity Center (NCSC): It is an agency under the National Intelligence Service and acts as the cybersecurity governing body for the government sector. Amendment was brought into the National Intelligence Service Act for the same.
• Cyber Command: It is established under the Ministry of National Defence and provides cybersecurity governance to the defence sector.
• Ministry of Science and ICT: It deals with the cybersecurity matters of the private sector.
Since 2015, all three agencies have been inducted in the National Security Council which reports directly to the President. The government played an indispensable role in bringing these changes further in the private sector. The cybersecurity framework enables the government to do the same. For instance, the NCSC operates a National Cyber Threat Information sharing system. Another important regulation is the Critical Information Infrastructure Act of 2001, which established an empowered committee to coordinate with the protection of critical information infrastructure. This act has resulted in the designation of commercial banks, transportation services, nuclear power plants systems and other essential networks as “Critical Information Infrastructure”.
The National Cybersecurity Strategy was published in 2019 by the National Security Office. This document is considered one of the most important policy documents on this matter as it clearly defines six strategic pillars for attaining the goal of national cybersecurity:
• Secured National Critical Infrastructure
• Enhanced Cyber-Attack Defence Capabilities
• Trust and Cooperation based Governance
• Cybersecurity Industry Growth
• Fostering a Cybersecurity Culture
• Strengthened International Cooperation
These strategic pillars were followed by the National Cybersecurity Basic Plan which is segregated into policy tasks and technological tasks. The policy tasks include tasks like international collaborations, norm setting, critical information infrastructure protection, crisis management and information sharing; while the technological tasks include setting up of adequate technology.
It is important to note that South Korea has formulated a systematic approach of cybersecurity by designating different agencies to some sectors and also categorically explaining the tasks they have to complete. Each agency has to maintain an implementation report as well of the tasks assigned by the national plan.
The revision of the National Intelligence Service Act has provided autonomy to the NCSC to use its resources strategically. For instance, the National Security Research Institute was designated as a research-and-development (R&D) specialised institution for cybersecurity affairs to expand its work to develop the strategies, policies, and technologies necessary to improve cybersecurity.
Pandemic’s Effect and the New Deal
The Covid-19 pandemic has induced telecommuting and online services which increased Korea’s dependence on Information & Communications Technology exponentially. To overcome the pandemic led recession in the economy the government of South Korea has brought a “Korean New Deal” which applies to both the public and private sectors. It consists of three projects – Digital New Deal, Green New Deal and Strong Safety Net.
The digital new deal has the aim of bringing a paradigm shift in the digital sphere. The reforms include bringing 5G technology and cloud computing by 2025 along with shifting of public administration systems into a public cloud centre. All these steps would also require adequate security measures. Advancing cybersecurity is thus added as a subproject of it and has provisions of providing investments for installing cyber defence mechanisms in small and medium enterprises; government support shall also be provided for software and website inspections. The government is promoting the application of new technologies such as blockchain and fostering promising AI-based security companies.
Korea Global Cyber Security Capability Assessment and Applicability
Korea has developed a tool to make basic data available for cyber-related decision-making - Korea Global Cybersecurity Capability Assessment. Its main purpose was to assess the cybersecurity mechanisms in the country and further suggest measures in order to strengthen the mechanism of cybersecurity. However, the scope of work of this body has expanded over time and currently it also helps in information sharing, awareness raising and fostering global cooperation. The assessment is conducted through expert surveys, with seventeen assessment criteria in five categories: policy, legislation, organisation, technology, and education/training.
By Jeevesh Kumar Maurya