Republic of Korea Last Updated: April 2021

CYBERSECURITY POLICY

Strategy Documents

National Cybersecurity Strategy

National Security Office

Devised in line with the National Security Strategy to integrate all capabilities against cyber threats
Vision: Create a free and safe cyberspace to support national security, promote economic prosperity, and contribute to international peace
Goals
Ensure stable operations of the state: Strengthen the security and resilience of the nation's core infrastructure to enable continuous
operation despite any cyber threats
Respond to cyber attacks: Strengthen security capabilities to deter cyber threats, detect and block them quickly, and respond to any
incident promptly
Build a strong cybersecurity foundation: Nurture a fair and autonomous ecosystem where cybersecurity technology, human resources,
and industries are competitive
Basic Principles
Balance individual rights with cybersecurity: Strike a balance between protecting cyberspace and safeguarding the fundamental rights of
the people, e.g. privacy
Conduct security activities based on the rule of law: Carry out the government's cybersecurity policies and activities in a transparent
manner and in compliance with the domestic and international laws
Build an system of participation and cooperation: Encourage individuals, businesses, and the government to participate in cybersecurity
activities, and pursue close cooperation with the international community

Source Source 2
03 April 2019

National Cyber Security Masterplan

Korean Communications Commission

Five action plans:

1. Establishing joint response system of private, public and military sectors;

2. Strengthening the security of critical infrastructure and enhancing security;
3. Detecting and blocking cyber attacks at the national level;
4. Establishing deterrence through international cooperation; and
5. Building cyber security infrastructure.

Source
2 August 2011

2016 Defense White Paper

Ministry of National Defense

Mentions cyber in context of the DPRK threat;

Cybercrime is a major challenge to the financial sector;
Discusses cyber policies of the US, Japan, China, and Russia;
Emphasizes the need for continued cooperation between the ROK, US, and Japan.

Source Source 2
2016

Implementation Frameworks

National Cyber Safety Management Regulations (국가사이버안전관리규정)

Presidential Decree No. 316

Stipulates the organizational structure and operation of national cyber safety and strengthens the cooperation between the agencies performing cyber
 Republic of Korea Last Updated: April 2021

security work, thereby protecting the national information network from cyber attacks that threaten national security.

Source
2 September 2013

Security Verification Scheme

National Intelligence Service (NIS)

System that verifies the safety of information security systems used in government and public organizations in order to enhance the security level of the
national information communications network and respond to external cyber threats.

Source
1 October 2014

STRUCTURE

National Centre or Responsible Agency

National Cyber Security Center

National Intelligence Service (NIS)

Areas of responsibility:

Oversees national cyber security policy;

Prevents cyber crises and detects attacks;
Investigates cyber intrusions and analysis of information on threats (encompasses KN-CERT);
Provides public information service concerning cyber security.

Source
20 February 2004

Key Positions

Head
National Cyber Security Center
Source

Ambassador for International Security Affairs

Ministry of Foreign Affairs, Republic of Korea
Source Source 2

Coordinator for Counter-Terrorism & Cyber Security

Ministry of Foreign Affairs
Source

Dedicated Agencies and Departments

Korea Internet and Security Agency

 Republic of Korea Last Updated: April 2021

Ministry of Science and ICT

Main activities:

1. Guarantee a safe Internet environment for Koreans;

2. Personal information protection;
3. Internet and information security-related policy research;
4. Critical information communications infrastructure protection;
5. Electronic government service security improvement; and
6. Cyber-attack prevention and countermeasure enhancement.

Source
July 2009

Cyber Command (국군사이버사령부령)

Ministry of National Defense
Founded to respond to cyber threats
Source
2010

Cyber Bureau
National Police Agency

Includes Cyber Security Division, Cybercrime Investigation Division, and Digital Forensic Center
Minimize damages to people and companies by employing anticipative cyber crime prevention scheme
Improve expertise by continous research & gain control over cyber crime effectively

Source
1997 (as computer crime investigation team)

National CERT or CSIRT

Korea National Computer Emergency Response Team (KN-CERT)

National Cyber Security Center (NCSC)

Division of the NCSC.

Source
1 February 2004

Korea Internet Security Center (KrCERT/CC)

Korea Internet Security Center

National responsibility to effectively prevent and respond to any internet incidents in the private sector based on 24/7 monitoring of cyber threats
such as DDoS attacks and distribution of malicious codes.

Three-part mission:

24/7 monitoring and early detection/response to cyber attacks in the private sector;
Cooperation with domestic entities such as ISPs and anti-virus companies, as well as with foreign partners including FIRST, APCERT,
Microsoft, Symantec, etc.; and
Guarantee of a rapid response to major nationwide Internet incidents in order to prevent and minimize damage.

Source

LEGAL FRAMEWORK
 Republic of Korea Last Updated: April 2021

Legislation

Act on Promotion of Information and Communications Network Utilization and Information Protection

Directed to facilitating utilization of information and communications networks, protecting personal information of people using information and
communications services, and developing an environment in which people can utilize information and communications networks in a healthier
and safer way.

Source
22 March 2016 (amended)

Personal Information Protection Act

Protecting privacy of individuals from the unauthorized collection, leak, abuse or misuse of personal information.

Source
29 March 2011

Electronic Government Act No. 6439 of 2001

Aims to facilitate projects for materializing electronic government, improve the productivity, transparency, and democracy of administrative
agencies, and ultimately improve the quality of lives of citizens in the knowledge information age by providing for fundamental principles,
procedures, promotion methods, and other relevant matters for the electronic processing of administrative works.

Source
28 March 2001 (Act of); 22 May 2009 (Amended by Act No. 9705 of)

Act on the Protection of Information and Communications Infrastructure

The Committee for Protection of Information and Communications Infrastructure under the control of the Prime Minister

The Purpose of this Act is to operate critical information and communications infrastructure in a stable manner by formultaing and implementing measures
concerning the protection of sunch infrastructure, in preparation for intrusion by elctronic means, thereby contributing to the safety of the nation and the
stability of the life of people. In order to fulfill the purpose of the Act, it:

Establishes the Committee for Protection of Information and Communications Infrastructure to deliberate on matters concerning the protection of
critical information and communications infrastructure designated under Article 8 of the Act;
Provides a provision for designation of critical information and communications infrastructure and analysis of vulnerabilities thereof;
Provides a framework for response to intrusion incidents;
Mandates the Government to support the developmrent of technology necessary for protecting information and communications infrastructure in
collaboration with research institutes and private organizations;
Provides penalty provisions including imprisonment (in some cases) for any person in violation of Artiles 12, 27 and 11of the Act.

Source Source 2
21 February 2018

COOPERATION

UN Processes

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source
2004, 2009, 2014/2015, 2016/2017
 Republic of Korea Last Updated: April 2021

Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications
in the Context of International Security

Source
2014, 2015

Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source Source 2
2019/2020

Bilateral and Multilateral Cooperation

Continuation of Republic of Korea-Australia Cyber Policy Dialogue

Minister for Foreign Affairs

Agreement to continue dialogue on a regular basis, and on the necessity fo exploring further cooperative measures through the next dialogue;

In December 2019, the Ministers reaffirmed their joint commitment to support international efforts to ensure an open, free and secure
cyberspace, and to address common cyber threats. The ROK and Australia decided to continue to hold regular bilateral cyber policy dialogues.
Australian Federal Police and the Korean National Police Agency decided to continue to cooperate on investigations and knowledge-sharing
activities on cybercrime strategy and countermeasures.

Source
10 April 2014 (established); 13 October 2017; 10 December 2019

China-Japan-Korea CSIRT Annual Meeting for Cybersecurity Incident Response (Fifth)

Korea Internet Security Center (KrCERT/CC)

Review of the joint incident handling operations and prevention efforts concerning significant cross-border incidents relating to the three countries

Source
6-7 September 2017

Cyber-Secretariat, Foreign Ministers' Meeting of the Forum for East Asia-Latin America Cooperation (FEALAC)
Foreign Minister
In operation since 2011, host and operator
Source
31 August 2017

Memorandum of Understanding, Republic of Korea-Romania

Korea Internet Security Center (KcCERT/CC)

Cooperation framework in cyber security based on equality and mutual benefits, with a view to promoting cooperation in addressing threats
relevant to each country’s cyber space
Builds on 2012 memorandum of understanding

Source Source 2
31 July 2017

Memorandum of Understanding, Estonia-Republic of Korea

National Security Research Institute
 Republic of Korea Last Updated: April 2021

Cooperation agreement on developing training and cooperation in cyber security

Source
31 May 2017

Trilateral Cyber Policy Consultation, Japan, China, Republic of Korea (Third)

Ambassador for International Security
Discuss and exchange views on strategies and policies in the field of cyber affairs, and consult on discussions within regional and international frameworks
and future direction of trilateral cooperation on cyber issues.
Source
10 February 2017

Korea-China Cyber Security Forum (Second)

Ministry of Foreign Affairs
To discuss ways to strengthen public and private-sector partnerships in cyber security between Korea and China
Source
21 December 2016

Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member

Ministry of Science, ICT and Future Planning (MSIP); Korea Internet and Security Agency (KISA)
Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing.
Source
11 July 2016

Cyber Policy Consultation, Republic of Korea-United States (Fourth)

Ambassador for International Security Affairs
Cover the international cyber environment; cyber policies of the two countries; potential areas of cooperation; international norms in cyber space and
confidence-building measures; and ways to build capability for cyber security
Source
29 June 2016

Joint Statement of Intent, Republic of Korea-United States

Ministry of Science, ICT and Future Planning
Agreement "to explore areas of mutual value and benefit, which may lead to joint activities aimed at enhancing operational readiness to support
cybersecurity, and resilience,
Source
2 May 2016

Memorandum of Understanding, India-Republic of Korea

Korea Internet & Security Agency
Cooperation in the field of cyber security; also high-level agreement to hold Policy Consultations on Cyberspace
Source
17 January 2014

Global Forum on Cyber Expertise (GFCE), Member

A global platform for countries, international organizations, and private companies to exchange best practices and expertise on cyber capacity
building.

Source Source 2
16 April 2015 (Member since)
 Republic of Korea Last Updated: April 2021

Memorandum of Understanding (MoU), Malaysia-South Korea

Malaysia and South Korea signed a memorandum of understanding (MOU) to forge bilateral cooperation in the area of information and
communication technology (ICT).

Source
29 November 2019

Membership

International Telecommunications
Union (ITU)

United Nations (UN)