Ministry of Science and ICT's Revised Information and Communications Network Act to Take Effect on the 14th
Initial Report Must Be Made Within 24 Hours of Incident Recognition
Measures for prompt response and prevention of recurrence in the event of a cyber intrusion incident have been established.
The Ministry of Science and ICT announced that the revised Act on Promotion of Information and Communications Network Utilization and Information Protection (Information and Communications Network Act) will be enforced starting from the 14th.
Under the current cyber intrusion incident response system, there has been no clear standard regarding the timing of reporting, resulting in issues of non-reporting or delayed reporting.
Additionally, while measures to prevent recurrence must be properly implemented, the fact that these measures were classified as "recommendations" weakened the effectiveness of follow-up responses.
To address this, the new Information and Communications Network Act has reorganized the reporting system and stipulated the basis for enforcement orders on recurrence prevention measures, as well as methods for inspecting compliance.
First, information and communications service providers where an intrusion incident occurs are required to make an initial report within 24 hours after recognizing the incident, detailing the damage, cause, and response status. For any additional information confirmed after the initial report, a supplementary report must be submitted within 24 hours from the time of confirmation.
The Ministry of Science and ICT has established grounds to change the current "recommendation" to an "order" for necessary measures such as recurrence prevention for internet sites and other information and communications service providers where intrusion incidents occur.
Furthermore, it is stipulated that the information and communications service providers’ compliance with such orders will be inspected, and if corrective actions are necessary, a correction order will be issued. Failure to comply with the correction order will result in a fine of up to 30 million KRW.
Ryu Jae-myung, Director of the Network Policy Office at the Ministry of Science and ICT, stated, "We will strive to properly establish the cyber intrusion incident reporting and follow-up response system so that companies can receive various information security technology supports."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
