Online security

New cybersecurity law risks undermining national ICT sector

The National Cybersecurity Law, if passed by the National Assembly, will undermine South Korea’s information and communication technology industry.

Experts point out that the National Cybersecurity Law, which is pending in the National Assembly, will undermine South Korea’s information and communications technology industry when enacted.

At present, the National Cyber ​​Security Center of the National Intelligence Service (NIS) is responsible for the security of national public institutions and the Ministry of Science and ICT and the Personal Information Protection Commission play the same role in this regard. regarding private sector security. and the protection of personal information, respectively. The pending law is to expand the role of the SNI so that it can also cover the private sector.

The Korea Association of Internet Companies voiced its objection to the law on Feb. 6, saying the law will allow the NIS to examine the servers of private companies at will. “By law, the NIS can do this on the basis of permission from a Chief Justice of the High Court in the event of a cybersecurity threat,” the association explained, adding, “The problem is that the presence or absence of the threat will be determined by the NIS as a clandestine agency.

Hackers these days tend to focus on employee PCs and the like rather than servers at key facilities. In other words, it is difficult to define a hacking incident as a threat to cybersecurity or on a personal level at the start of the incident. Nevertheless, the law permits the NIS to collect various types of information and data from communications service providers.

In addition, by law, Internet, communications, and financial companies must report the results of their security screenings to NIS annually and their security screening systems must always be connected to NIS so that NIS can verify security details. communication such as sources and packages. .

“South Korea’s cloud computing industry will be strangled once the NIS is allowed to monitor data centers of private companies,” the association said, adding, “Next, more and more companies will adopt foreign cloud services and Amazon Web Services, Google, Microsoft and so on will dominate the domestic market.

The law also contains provisions that allow the NIS to test, analyze, and inspect information communications equipment, software, and services. This means, for example, that the NIS can control Samsung Electronics’ base station equipment, and the US, UK and Australia can stop using its equipment as they have. previously regarding Huawei, which is under the control of China’s Ministry of State Security according to them.