[Asia Economy Reporter Oh Su-yeon] The government is promoting the public adoption of new technologies and services by improving security regulations. The resolution of satellite images will be relaxed from 4m to 1.5m, and a three-tier security certification level will be applied to cloud services.
The Ministry of Science and ICT announced on the 18th at the 5th National Agenda Inspection and Coordination Meeting the "Information Security Regulation Improvement Progress and Plan," after consultations with related ministries such as the National Intelligence Service, industry, and experts.
They will actively promote improvements to existing security guidelines that hinder the spread of innovative services and the development of related industries, including satellite information security, cloud computing service and information security product certification systems, and the implementation of wireless video transmission equipment testing and certification services.
As the domestic and international satellite image utilization industry grows, there have been continuous requests from the industry to improve existing satellite image security regulations that have hindered the distribution of domestic satellite images.
To enable rapid distribution of satellite images taken by national satellites, the resolution standard for satellite images requiring prior security processing such as camouflage will be significantly relaxed from the current 4m to 1.5m. This means that instead of barely identifying the shape of a car, the type can now be identified.
Previously, when distributing satellite images taken over Korea, there was an inconvenience of having to store the satellite images on physical storage media for security reasons. Going forward, online distribution will be allowed for satellite images that include uncorrected coordinates and do not contain facilities requiring security processing.
Reflecting these changes, an industry meeting will be held by next month to provide guidance on regulatory improvements. Opinions will be collected, and related guidelines such as satellite information security management regulations will be revised.
This will enable the rapid distribution of high-resolution, high-quality satellite images and convenient online supply of satellite images to users, thereby revitalizing the domestic satellite information utilization industry and securing competitiveness in areas such as logistics information management.
To enable government agencies and others to efficiently use private clouds, the existing uniform security certification system will be changed to a three-tier classification (high, medium, low) based on the importance of the system to be used as a cloud, and a "Cloud Security Certification Grading System" will be introduced that applies differentiated security certification standards by grade to ensure cyber security is not compromised.
For clouds handling sensitive information, security will be enhanced, while the burden will be eased for clouds handling relatively low-risk public data, making the system more reasonable.
Detailed measures will be prepared through collaboration among the Digital Platform Government Committee and related agencies after collecting stakeholder opinions. The Digital Platform Government Committee will continue to monitor field application and identify additional improvements to maximize the effects of regulatory improvements.
To quickly supply new technologies and convergence products without existing security certification (CC) standards to the public market, the introduction of a rapid confirmation system is being pursued.
Until now, only about 20 types of information security products with evaluation standards could be introduced in the public sector, and new technologies and convergence products without standards faced difficulties responding to rapidly changing cyber threats due to the long time required for standard development and evaluation.
Applicant companies must undergo vulnerability checks and source code security weakness diagnostics from information security professional service companies, take corrective actions based on the results, and pass a security review by the Rapid Confirmation Review Committee.
Rapid confirmation products can be extended every two years, and once security certification standards (for national use or general security requirements) are established, formal certification must be obtained.
The National Intelligence Service plans to improve the security compliance verification system so that demand agencies, excluding sensitive institutions such as diplomacy and defense, can adopt products that have received rapid confirmation.
After an administrative notice for revising the Information Security System Evaluation and Certification Guidelines (Ministry of Science and ICT announcement) in August, the goal is to implement the rapid confirmation system in the fourth quarter. The rapid confirmation process is expected to take 2 to 3 months. The National Intelligence Service will also revise the national information security basic guidelines according to this regulatory improvement plan. Before the system is implemented, briefing sessions will be held for domestic information security companies to explain how to apply for rapid confirmation and the operating procedures.
While fixed and wired CCTV had security certification standards allowing their introduction into public institutions, wireless video transmission equipment such as wearable cams lacked security certification standards, making it difficult to introduce them into public institutions.
The Ministry of Science and ICT and the Korea Information and Communications Technology Association have prepared 41 security certification test items. Starting from the 22nd, wireless video transmission equipment can be introduced into the public sector by undergoing security certification tests at the Korea Information and Communications Technology Association.
Through this testing and certification service, wireless video transmission equipment is expected to be applied in various fields, further advancing public services such as disaster and safety management.
Details about the wireless video transmission equipment testing and certification service will be provided on the website of the Korea Information and Communications Technology Association, the testing and certification agency, and related companies will be notified via email.
Minister Lee Jong-ho of the Ministry of Science and ICT stated, "This security-related regulatory improvement reflects long-standing requests from the industry and was prepared by incorporating industry opinions. Through this regulatory improvement, we expect to promote the development of innovative new technologies in the private sector, leading to innovation in public services and the realization of a safe digital platform government." He added, "Going forward, the Ministry of Science and ICT will continue to collect additional opinions from the industry and stakeholders and strive to ensure continuous regulatory improvements that foster innovation in markets and companies."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
