Bill Proposes an Expanded Role for the NIS
Experts point out that the National Cyber Security Act, which is pending in the National Assembly, will undermine the information and communication technology industry of South Korea when enacted.
At present, the National Cyber Security Center of the National Intelligence Service (NIS) is in charge of the security of domestic public institutions and the Ministry of Science and ICT and the Personal Information Protection Commission play the same role with regard to private-sector security and personal information protection, respectively. The pending act is to expand the role of the NIS so that it can cover the private sector as well.
The Korea Internet Corporations Association expressed its objection to the act on Feb. 6, saying that the act will allow the NIS to look into private company servers at will. “According to the act, the NIS can do so based on a high court chief judge’s permission in the event of a cyber security threat,” the association explained, adding, “The problem is that the presence or absence of the threat will be determined by the NIS as a clandestine agency.”
These days, hackers tend to focus on employee PCs and the like rather than servers at key facilities. In other words, it is difficult to define a hacking incident as a threat to cyber security or one on a personal level at the beginning of the incident. Still, the act allows the NIS to collect various types of information and data from communication service providers.
In addition, according to the act, Internet, communication and financial companies must report their security survey results to the NIS every year and their security control systems must be always connected to the NIS so that the NIS can check communication details such as sources and packets.
“The cloud computing industry of South Korea will be strangled once the NIS is allowed to monitor private enterprises’ data centers,” the association said, adding, “Then, more and more companies will adopt foreign cloud services and Amazon Web Services, Google, Microsoft and so on will dominate the domestic market.”
The act also has provisions that allow the NIS to test, analyze and inspect information communication equipment, software and services. This means, for example, the NIS can control base station equipment of Samsung Electronics and the United States, the United Kingdom and Australia may stop using its equipment like they did before with regard to Huawei, which is under the control of the Ministry of State Security of China according to them.