Republic of Korea
Share
Expand All
Last Updated: April 2021
Cybersecurity Policy

Relevant Strategy Documents, and Implementation Frameworks

Strategy Documents

Official documents designed to outline State positions, policies, and strategies to address cybersecurity and cybersecurity-related matters.

National Cybersecurity Strategy
National Security Office
  • Devised in line with the National Security Strategy to integrate all capabilities against cyber threats
  • Vision: Create a free and safe cyberspace to support national security, promote economic prosperity, and contribute to international peace
  • Goals
    • Ensure stable operations of the state: Strengthen the security and resilience of the nation's core infrastructure to enable continuous operation despite any cyber threats
    • Respond to cyber attacks: Strengthen security capabilities to deter cyber threats, detect and block them quickly, and respond to any incident promptly
    • Build a strong cybersecurity foundation: Nurture a fair and autonomous ecosystem where cybersecurity technology, human resources, and industries are competitive
  • Basic Principles
    • Balance individual rights with cybersecurity: Strike a balance between protecting cyberspace and safeguarding the fundamental rights of the people, e.g. privacy
    • Conduct security activities based on the rule of law: Carry out the government's cybersecurity policies and activities in a transparent manner and in compliance with the domestic and international laws
    • Build an system of participation and cooperation: Encourage individuals, businesses, and the government to participate in cybersecurity activities, and pursue close cooperation with the international community
03 April 2019
National Cyber Security Masterplan
Korean Communications Commission

Five action plans:

  1. Establishing joint response system of private, public and military sectors;
  2. Strengthening the security of critical infrastructure and enhancing security;
  3. Detecting and blocking cyber attacks at the national level;
  4. Establishing deterrence through international cooperation; and
  5. Building cyber security infrastructure.
2 August 2011
2016 Defense White Paper
Ministry of National Defense
  • Mentions cyber in context of the DPRK threat;
  • Cybercrime is a major challenge to the financial sector;
  • Discusses cyber policies of the US, Japan, China, and Russia;
  • Emphasizes the need for continued cooperation between the ROK, US, and Japan.
2016
Implementation Frameworks

Execution plans adopted by States to achieve their national cyber policy objectives. This includes guideline documents as well as standards frameworks at the State level.

National Cyber Safety Management Regulations (국가사이버안전관리규정)
Presidential Decree No. 316

Stipulates the organizational structure and operation of national cyber safety and strengthens the cooperation between the agencies performing cyber security work, thereby protecting the national information network from cyber attacks that threaten national security.

2 September 2013
Security Verification Scheme
National Intelligence Service (NIS)

System that verifies the safety of information security systems used in government and public organizations in order to enhance the security level of the national information communications network and respond to external cyber threats.

1 October 2014
Structure

Relevant National Centre or Responsible Agency, Key Positions, Dedicated Agencies and Departments, CERT or CSIRT.

National Centre or Responsible Agency

The primary nodal entity responsible for formulating and/or implementing the cyber policy of the State.

National Cyber Security Center
National Intelligence Service (NIS)

Areas of responsibility:

  • Oversees national cyber security policy;
  • Prevents cyber crises and detects attacks;
  • Investigates cyber intrusions and analysis of information on threats (encompasses KN-CERT);
  • Provides public information service concerning cyber security.
20 February 2004
Key Positions

Key positions pertinent to the cyber policy of the State (or aspects thereof) and its implementation.

Head
National Cyber Security Center
Ambassador for International Security Affairs
Ministry of Foreign Affairs, Republic of Korea
Coordinator for Counter-Terrorism & Cyber Security
Ministry of Foreign Affairs
Dedicated Agencies and Departments

The agencies, ministries, departments, and other entities (and their subdivisions) tasked with responsibilities relating to the support and implementation of the cyber policy of the State.

Korea Internet and Security Agency
Ministry of Science and ICT

Main activities:

  1. Guarantee a safe Internet environment for Koreans;
  2. Personal information protection;
  3. Internet and information security-related policy research;
  4. Critical information communications infrastructure protection;
  5. Electronic government service security improvement; and
  6. Cyber-attack prevention and countermeasure enhancement.
July 2009
Cyber Command (국군사이버사령부령)
Ministry of National Defense
Founded to respond to cyber threats
2010
Cyber Bureau
National Police Agency
  • Includes Cyber Security Division, Cybercrime Investigation Division, and Digital Forensic Center
  • Minimize damages to people and companies by employing anticipative cyber crime prevention scheme
  • Improve expertise by continous research & gain control over cyber crime effectively
1997 (as computer crime investigation team)
National CERT or CSIRT

The designated response team responsible for responding to cybersecurity threats and incidents at the State level.

Korea National Computer Emergency Response Team (KN-CERT)
National Cyber Security Center (NCSC)
  • Division of the NCSC.
1 February 2004
Korea Internet Security Center (KrCERT/CC)
Korea Internet Security Center
  • National responsibility to effectively prevent and respond to any internet incidents in the private sector based on 24/7 monitoring of cyber threats such as DDoS attacks and distribution of malicious codes.
  • Three-part mission:

    • 24/7 monitoring and early detection/response to cyber attacks in the private sector;
    • Cooperation with domestic entities such as ISPs and anti-virus companies, as well as with foreign partners including FIRST, APCERT, Microsoft, Symantec, etc.; and
    • Guarantee of a rapid response to major nationwide Internet incidents in order to prevent and minimize damage.
Legal Framework

Relevant Legislation, and Views on International Law.

Legislation

Legal instruments in force relating to the national cyber policy of the State.

Act on Promotion of Information and Communications Network Utilization and Information Protection
  • Directed to facilitating utilization of information and communications networks, protecting personal information of people using information and communications services, and developing an environment in which people can utilize information and communications networks in a healthier and safer way.
22 March 2016 (amended)
Personal Information Protection Act
  • Protecting privacy of individuals from the unauthorized collection, leak, abuse or misuse of personal information.
29 March 2011
Electronic Government Act No. 6439 of 2001
  • Aims to facilitate projects for materializing electronic government, improve the productivity, transparency, and democracy of administrative agencies, and ultimately improve the quality of lives of citizens in the knowledge information age by providing for fundamental principles, procedures, promotion methods, and other relevant matters for the electronic processing of administrative works.
28 March 2001 (Act of); 22 May 2009 (Amended by Act No. 9705 of)
Act on the Protection of Information and Communications Infrastructure
The Committee for Protection of Information and Communications Infrastructure under the control of the Prime Minister

The Purpose of this Act is to operate critical information and communications infrastructure in a stable manner by formultaing and implementing measures concerning the protection of sunch infrastructure, in preparation for intrusion by elctronic means, thereby contributing to the safety of the nation and the stability of the life of people. In order to fulfill the purpose of the Act, it:

  • Establishes the Committee for Protection of Information and Communications Infrastructure to deliberate on matters concerning the protection of critical information and communications infrastructure designated under Article 8 of the Act;
  • Provides a provision for designation of critical information and communications infrastructure and analysis of vulnerabilities thereof;
  • Provides a framework for response to intrusion incidents;
  • Mandates the Government to support the developmrent of technology necessary for protecting information and communications infrastructure in collaboration with research institutes and private organizations;
  • Provides penalty provisions including imprisonment (in some cases) for any person in violation of Artiles 12, 27 and 11of the Act.

 

21 February 2018
Cooperation

Relevant Multilateral Agreements, UN Processes, Bilateral and Multilateral Cooperation, Select Activities, and Membership.

UN Processes

Key dialogues and policy processes related to cyber policy matters, under the United Nations framework.

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security
2004, 2009, 2014/2015, 2016/2017
Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications in the Context of International Security
2014, 2015
Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security
2019/2020
Bilateral and Multilateral Cooperation

Legally binding and non-legally binding agreements, dialogues, exercises, etc., related to cyber policy matters that the State has entered into with another State and/or States.

Continuation of Republic of Korea-Australia Cyber Policy Dialogue
Minister for Foreign Affairs
  • Agreement to continue dialogue on a regular basis, and on the necessity fo exploring further cooperative measures through the next dialogue;
  • In December 2019, the Ministers reaffirmed their joint commitment to support international efforts to ensure an open, free and secure cyberspace, and to address common cyber threats. The ROK and Australia decided to continue to hold regular bilateral cyber policy dialogues. Australian Federal Police and the Korean National Police Agency decided to continue to cooperate on investigations and knowledge-sharing activities on cybercrime strategy and countermeasures.

10 April 2014 (established); 13 October 2017; 10 December 2019
China-Japan-Korea CSIRT Annual Meeting for Cybersecurity Incident Response (Fifth)
Korea Internet Security Center (KrCERT/CC)

Review of the joint incident handling operations and prevention efforts concerning significant cross-border incidents relating to the three countries

6-7 September 2017
Cyber-Secretariat, Foreign Ministers' Meeting of the Forum for East Asia-Latin America Cooperation (FEALAC)
Foreign Minister
In operation since 2011, host and operator
31 August 2017
Memorandum of Understanding, Republic of Korea-Romania
Korea Internet Security Center (KcCERT/CC)
  • Cooperation framework in cyber security based on equality and mutual benefits, with a view to promoting cooperation in addressing threats relevant to each country’s cyber space
  • Builds on 2012 memorandum of understanding
31 July 2017
Memorandum of Understanding, Estonia-Republic of Korea
National Security Research Institute
Cooperation agreement on developing training and cooperation in cyber security
31 May 2017
Trilateral Cyber Policy Consultation, Japan, China, Republic of Korea (Third)
Ambassador for International Security
Discuss and exchange views on strategies and policies in the field of cyber affairs, and consult on discussions within regional and international frameworks and future direction of trilateral cooperation on cyber issues.
10 February 2017
Korea-China Cyber Security Forum (Second)
Ministry of Foreign Affairs
To discuss ways to strengthen public and private-sector partnerships in cyber security between Korea and China
21 December 2016
Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member
Ministry of Science, ICT and Future Planning (MSIP); Korea Internet and Security Agency (KISA)
Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing.
11 July 2016
Cyber Policy Consultation, Republic of Korea-United States (Fourth)
Ambassador for International Security Affairs
Cover the international cyber environment; cyber policies of the two countries; potential areas of cooperation; international norms in cyber space and confidence-building measures; and ways to build capability for cyber security
29 June 2016
Joint Statement of Intent, Republic of Korea-United States
Ministry of Science, ICT and Future Planning
Agreement "to explore areas of mutual value and benefit, which may lead to joint activities aimed at enhancing operational readiness to support cybersecurity, and resilience,
2 May 2016
Memorandum of Understanding, India-Republic of Korea
Korea Internet & Security Agency
Cooperation in the field of cyber security; also high-level agreement to hold Policy Consultations on Cyberspace
17 January 2014
Global Forum on Cyber Expertise (GFCE), Member
  • A global platform for countries, international organizations, and private companies to exchange best practices and expertise on cyber capacity building.
16 April 2015 (Member since)
Memorandum of Understanding (MoU), Malaysia-South Korea
  •  Malaysia and South Korea signed a memorandum of understanding (MOU) to forge bilateral cooperation in the area of information and communication technology (ICT).
29 November 2019
Membership

Membership to intergovernmental organizations.

This interactive map is for illustration purposes only. The boundaries and designations shown do not imply official endorsement by the UNIDIR. For a more accurate and up-to-date world map, please consult the UN Geospatial Information Section website.