The Korea Herald


Assembly debates ways to shield state agencies from North Korean cyberattacks

Bill proposed to make cybersecurity compliance mandatory for constitutional bodies

By Kim Arin

Published : July 3, 2024 - 20:09

    • Link copied

People Power Party Rep. Park Choong-kwon speaks at a forum held at the National Assembly on Wednesday. (courtesy of Rep. Park Choong-kwon’s office) People Power Party Rep. Park Choong-kwon speaks at a forum held at the National Assembly on Wednesday. (courtesy of Rep. Park Choong-kwon’s office)

Cybersecurity compliance should be made mandatory for constitutional institutions like governmental agencies in South Korea, lawmakers and experts said Wednesday.

At a National Assembly forum held on the day, ruling People Power Party Rep. Park Choong-kwon said constitutional institutions should be required to observe security practices in light of the recent North Korean cyberattacks against South Korean courts.

According to findings by the Korean National Police Agency in May, hackers for North Korea’s Reconnaissance General Bureau planted malicious code into the networks of South Korean courts, stealing up to 1,014 gigabytes of data over two years up to January.

When the Supreme Court’s administrative office became aware of the breach last year, it did not inform the National Intelligence Service or investigative agencies of the breaches immediately and resorted to consulting a private cybersecurity company instead.

Not long after cyberattacks against the courts became known, an official social media account owned by the Ministry of Health and Welfare was breached by a North Korean hacker group.

Park said that when he was a student at the Kim Jong-un National Defense University in Pyongyang, the first thing they taught in computer engineering class was hacking skills.

“The Kim Jong-un administration is intent on cultivating an army of North Korean hackers to use stolen private data for criminal activities to generate illicit funds,” he said. “The stolen information can be used to spread disinformation and fake news to cause a divide in our society.”

Under existing laws, agencies in charge of cybersecurity affairs like the National Intelligence Service cannot initiate an inspection of constitutional institutions -- governmental bodies established by the Constitution -- even in a suspected instance of an attack.

“North Korean cyberattacks have gotten to a point where the top institutions that uphold democracy in our country are exposed to infiltrations,” Park said. “To catch up with advanced threats, we have to step up our efforts in protecting our public agencies.”

The ruling party proposed a bill for making cybersecurity checks more widely accessible to constitutional institutions.

Kim So-jeong, a researcher at the Institute for National Security Strategy, called on the Assembly to create a legal basis for implementing security measures in the government as well as other public bodies through legislation.

She pointed out that in the US, state agencies could face reduced federal funding or other penalties for failing to meet security requirements under the Federal Information Security Management Act.

“The US Congress has continued to play a role in enforcing how security measures are enforced in the government,” she said.

She said that other countries also looked to South Korea for clues about responses to cyber threats from North Korea.

“The embassies in South Korea were increasingly reporting North Korean cyberattacks targeting its citizens, and one of the questions that they have was what the best practice is for responding to such threats,” she said.

“There are a lot of efforts in the international community to address these threats in cyberspace, and South Korea is very much involved. South Korea could have a leading presence in the cyber domain.”

As police tend to focus on the postattack response rather than prevention, close cooperation with agencies in charge of prevention and protection was crucial, according to Kim San-ho of the Korean National Police Agency’s National Security Bureau.

“When we identify an attack, we begin an investigation and work with authorities of other concerned agencies to minimize the damage. But it goes without saying that proactive prevention is way better than recovery,” he said. “In order to prevent future incidents, strengthening cooperation among agencies is key.”