South Korea unveils draft law to combat cyber threats

By Kuksung Nam, The Readable
Nov. 10, 2022 10:16PM KST

The South Korean intelligence agency unveiled a draft law on Tuesday to better defend the country against cyber threats from entities such as North Korea. This is the second attempt by the South Korean government to toughen cybersecurity law, which had stirred controversy within the country due to fear that such an attempt might lead to stifling people’s freedom.

The proposed legislation aims to counter escalating cyberattacks that have become crucial threats to national security by creating a centralized institution within the South Korean government. The draft law allows the government to form the “Presidential Committee of National Cybersecurity” to effectively implement cybersecurity polices and services in the country, a project promised by the South Korean president Yoon Suk-yeol.

According to the draft law, the National Security Advisor will serve as the chair of the presidential committee. The commissioners will be appointed by the president from within the heads of public institutions, including the director of the South Korean intelligence agency and the chairman of the Personal Information Protection Commission.

This is the first time that the PIPC has been specifically stated as a board member of the presidential committee. The organization, which was formed in 2020, is an administrative agency aimed at protecting people’s personal information. According to the detailed information of the draft law and the PIPC, the privacy watchdog has requested participation. “The information shared in the cybersecurity field also includes people’s personal information,” explained an official of the PIPC to The Readable for the reason behind the proposal.

Individuals who have been recommended by the National Assembly’s intelligence committee and who have expertise in the field of cybersecurity will also be nominated by the president as commissioners.

In addition, the proposed legislation allows the government to create a central response agency at the national level which will investigate cyberattacks and take preemptive measures against potential threats. According to the draft law, the new agency will be organized and managed by the National Intelligence Service.

In a document that provides detailed information about the proposed law, there have been multiple suggestions regarding who will oversee the central agency. The document stated that the NIS not only clearly states that cybersecurity is the agency’s duty under the law, but also that it is the only government organization that could carry out practical tasks related to cyber threats.

The South Korean government has struggled to enact the cybersecurity law. Critics denounced the proposed legislation of the South Korean government in 2016, saying that the new law gave too much authority to the intelligence agency and expressed concerns that this might lead to a surveillance state. According to the proposed legislation, the NIS would have been placed in charge of implementing the basic cybersecurity plan every three years and the intelligence agency would have been given the power to investigate cyberattacks crucial to national security.

Although the new draft has not restated those controversial articles, it is not clear whether the second attempt of the South Korean government will get approval from the National Assembly.

“The crucial problem with the cybersecurity law is that it allows the intelligence agency to collect information about not just foreign actors but also about the people who are living in South Korea,” said Oh Byoung-il, the president of the non-profit organization Korean Progressive Network Jinbonet, to The Readable. “This could lead to surveillance [of South Koreans].”

The South Korean non-profit organization is planning to look into the new draft law and announce a joint statement by December 19, which is the official date that the government accepts opinions about the proposed legislation.

The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.