The South Korean government announced major changes to the nation’s cybersecurity regulations on Thursday. The changes encompass some of the most promising industries, such as satellite information and cloud computing, and have been developed to promote the related industries. In addition, the government stated that it will revise its certificate policy for cybersecurity products, which has caused severe controversies among the industry’s vendors.
The Ministry of Science and ICT published a press release on August 18, which included a list of four major changes that will be made in the cybersecurity industry. Above all, the national restrictions for satellite information will be eased in two ways: a video resolution and a distribution method. The resolution requirement for using national satellite information will be changed from 4 millimeters to 1.5 millimeters, making it easier for interested parties to utilize it. Under the current regulation, satellite information providers must apply security processing to the images if someone wants to get access to the information. Furthermore, the satellite videos which do not include security-sensitive facilities will be allowed to be transmitted through the Internet. Before the announcement, only transportation through hard drives was allowed.
Secondly, the government plans to break its cybersecurity certificate policy regarding cloud computing into three layers: the least security-sensitive to the most. “In an effort to expand cloud computing in the public institutions, [the ministry] will abort the unvaried certificate policy and introduce a grade system to the cloud computing that divides each institution’s system by its importance,” said the ministry in a press release. “For cloud computing systems which deal with sensitive information, the security bars should be raised. It is reasonable to lift bars for other systems, which are relatively less vulnerable to external threats.” The ministry added that they will develop these agendas in detail while cooperating with the related parties, such as the Government Committee on Digital Platform.
Thirdly, the improvements to the so-called Common Criteria Certification will also be implemented. The ministry said that it will open a fast-track program in order to adopt cutting-edge technologies within the public sector. Previously, some of the newest information technologies could not find a way to make it into the public market because there were no security standards for them. Once the fast-track program starts off, a company can take a vulnerability check-up from information security companies the committee on the fast-track review. Also, the National Intelligence Service will correspondingly amend its security compatibility assessment policy, so that the public institutions will be able to use cybersecurity products which have passed through the program.
Meanwhile, the CC certification, enforced by the South Korean government, has faced strong criticism by the cybersecurity companies in the country because it is more rigid than the international CC certification. For example, the certification renewal period required for a cybersecurity product in South Korea is one third or half as long as the international standards. To make matters worse, cybersecurity firms have to pay tens of millions of won just to take the test for renewal, in addition to paying for the international CC certification.
Finally, security testing will be applied to wireless video transmitters. Until now, wireless video transmitters were unable to be installed in public institutions because there were no security standards for them. Therefore, the ministry and the Telecommunications Technology Association have developed 41 testing categories regarding the transmitters. Starting from August 22, the wireless video transmitter companies can take the tests at TTA.
The government expects that these changes will reinforce the national security posture and expedite the industrial growth of cybersecurity. “The revision is a result of accepting the security industry’s requests,” said Lee Jong-ho, the Minister of Science and ICT. “It will promote innovation in the private sector and safety in digital platform governance.