Recent cyber-attacks witnessed in the Republic of Korea on March 20th and subsequently on 25 June 2013, which affected financial institutions and newspapers, have highlighted the need for a well organized response to cyber-attacks. Cyber-at- tacks (and their response) cross the boundaries of public and private sector. Depending on the likely motivation attacks may require a response from: the police; regulatory authorities or, in the most serious cases, military and intelligence. The sharing of information between such entities is increasingly seen as important.
Concerns about cyber-security are widely held. In its 2012 survey of senior decisionmakers in the public and private sector the ...view middle of the document...
Alongside the seeming increasing urgency of attacks and evolving cyber-risks, the South Korean government has been making efforts to expand its policy framework and capabilities. The National Cyber Security Management Regulation (Presidential Directive No. 141) as the main policy instrument guiding official South Korean response, sets out roles and responsibilities of various organisations. It is supported by the National Intelligence Agency Act and various other regulations on security.
Discussions over a proposed new bill that is intended to encompass many different aspects of cyber security are understood to be underway in the South Korean Parliament which will mean that South Korea joins an increasingly long list of countries with such broad omnibus national level frameworks: either in formal legislation or through cyber-security strategies and action plans. It remains to be seen, however, the extent to which information sharing is reflected as a key element in this draft legislation.
Presidential Directive 141 created the National Cyber Security Response Center (NCSC) which is the central government point for identifying, preventing and responding
to cyber-attacks.9 Other organisations of note include the national Cyber Security Strategy Council and a National Cyber Security Countermeasure Committee (play- ing a role as a crisis management committee). In order to further allow for more efficient communications, efforts are also underway to develop information dissemination systems and joint action teams between civilian, government and military stakeholders.10
Concerning information exchange between public and private sectors, the 2008 Act on Information and Communications Infrastructure Protection provides a frame- work for Critical Infrastructure (CI) owners and operators in regulated sectors to create effective information security arrangements.
The Information efforts of the Ministry of Science, ICT and Future Planning...